Understanding IDP IPS Rulebases
The intrusion prevention system (IPS) rulebase protects your network from attacks by using attack objects to detect known and unknown attacks. It detects attacks based on stateful signature and protocol anomalies. Table 44 summarizes the options that you can configure in the IPS-rulebase rules.
Table 44: IPS Rulebase Components
Term | Definition |
---|---|
Match condition | Specify the type of network traffic you want the device to monitor for attacks. For more information about match conditions, see Understanding IDP Rule Match Conditions. |
Attack objects/groups | Specify the attacks you want the device to match in the monitored network traffic. Each attack is defined as an attack object, which represents a known pattern of attack. For more information about attack objects, see Understanding IDP Rule Objects. |
Terminal flag | Specify a terminal rule. The device stops matching rules for a session when a terminal rule is matched. For more information about terminal rules, see Understanding IDP Terminal Rules . |
Action | Specify the action you want the system to take when the monitored traffic matches the attack objects specified in the rules. If an attack triggers multiple rule actions, then the most severe action among those rules is executed. For more information about actions, see Understanding IDP Policy Rules. |
IP Action | Enables you to protect the network from future intrusions while permitting legitimate traffic. You can configure one of the following IP action options in the IPS rulebase—notify, drop, or close. For more information about IP actions, see Understanding IDP Policy Rules. |
Notification | Defines how information is to be logged when action is performed. You can choose to log an attack, create log records with the attack information, and send information to the log server. For more information, see Understanding IDP Policy Rules. |
Related Topics
- JUNOS Software Feature Support Reference for SRX Series and J Series Devices
- Understanding IDP Policy Rules
- Understanding IDP Policy Rulebases
- Understanding IDP Exempt Rulebases
- Understanding IDP Terminal Rules
- Understanding Predefined IDP Policy Templates
- Example: Defining Rules for an IDP IPS Rulebase (CLI)