CLI Configuration

To define rules for an exempt rulebase:

1. Associate an exempt rulebase with the policy that has the corresponding IPS rulebase. The following statement associates the exempt rulebase with a previously configured policy P1 that contains the corresponding IPS rulebase:

   user@host# set security idp idp-policy P1 rulebase-exempt

3. Add a rule to the rulebase. The following statement adds rule R1 to the rulebase:

   user@host# set security idp idp-policy P1 rulebase-exempt rule R1

4. Specify the attacks that you want to exempt from attack detection. The following configuration statement specifies that any traffic in your company's internal network is exempt from the FTP:USER:ROOT attack:

   user@host# set security idp idp-policy P1 rulebase-exempt R1 match from-zone trust to-zone any source-address internal-devices destination-address any attacks predefined-attacks “FTP:USER:ROOT”

5. Activate the policy. The following statement specifies policy P1 as the active policy on the device:

   user@host# set security idp active-policy P1

6. If you are finished configuring the router, commit the configuration.
7. From configuration mode in the CLI, enter the show security idp command to verify the configuration. For more information, see the JUNOS Software CLI Reference.