CLI Configuration

To configure terminal rules:

1. Define a rule and add it to a rulebase in a policy. The following statement creates a policy P1, defines rule R2, and specifies source address internal and destination address any as the match condition for the rule:

   user@host# set security idp idp-policy P1 rulebase-ips rule R2 match source-address internal destination-address any

2. Set the terminal flag for the rule. The following statement specifies R2 as a terminal rule:

   user@host# set security idp idp-policy P1 rulebase-ips rule R2 terminal

3. Continue to define other rules, if required. The following statements define rule R5 and specifies the destination address WEBSERVER and predefined attack object group Critical - HTTP as the match condition for the rule:

   user@host# set security idp idp-policy P1 rulebase-ips rule R5 match destination-address WEBSERVER attacks predefined-attack-groups “Critical - HTTP”

   user@host# fset security idp idp-policy P1 rulebase-ips rule R5 then action drop-connection

4. Set the terminal flag for the rule. The following statement specifies R5 as a terminal rule:

   user@host# set security idp idp-policy P1 rulebase-ips rule R5 terminal

5. If you are finished configuring the router, commit the configuration.
6. From configuration mode in the CLI, enter the show security idp command to verify the configuration. For more information, see the JUNOS Software CLI Reference.