- rulebase-ips {
-
- rule
rule-name {
- description text ;
-
- match {
-
- attacks {
- custom-attacks [ attack-name
];
- predefined-attack-groups
[ attack-name ];
- predefined-attacks [ attack-name
];
- }
- destination-address [ address-name
];
- destination-except [ address-name
];
- from-zone zone-name ;
- source-address [ address-name
];
- source-except [ address-name
];
- to-zone
zone-name ;
- }
- terminal;
-
- then {
-
- action {
- (close-client | close-client-and-server
| close-server |
- drop-connection | drop-packet
| ignore-connection |
- mark-diffserv value | no-action | recommended);
- }
-
- ip-action {
- (ip-block | ip-close | ip-notify);
- log;
- target (destination-address
| service | source-address |
- source-zone | zone-service);
- timeout seconds;
- }
-
- notification {
-
- log-attacks {
- alert;(
- }
- }
- severity (critical | info
| major | minor | warning);
- }
- }
- }
- [edit security idp idp-policy policy-name]
Statement introduced in Release 9.2 of JUNOS software.
Configure the IPS rulebase to detect attacks based on stateful signature and protocol anomalies.
This statement is supported on SRX-series devices.
The remaining statements are explained separately.
For configuration instructions and examples, see the JUNOS Software Security Configuration Guide.
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.