direction (Security Dynamic Attack Group)
Syntax
direction {
expression (and | or);
values [any client-to-server exclude-any exclude-client-to-server exclude-server-to-client server-to-client];
}
Hierarchy Level
[edit security idp dynamic-attack-group dynamic-attack-group-name filters]
Description
Specify a direction filter to add predefined attacks to the dynamic group based on the direction specified in the attacks.
Options
expression—Boolean
operators:
and— If both the member name patterns match, the expression matches.or— If either of the member name patterns match, the expression matches.
values—Name of the direction filter. You can select from the following
directions:
any—Monitors traffic from client to server and server to client.client-to-server—Monitors traffic from client to server (most attacks occur overclient-to-serverconnections) only.exclude-any—Allows traffic from client to server and server to client.exclude-client-to-server—Allows traffic from client to server only.exclude-server-to-client—Allows traffic from server to client only.server-to-client—Monitors traffic from server to client only.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release
9.3. The expression option added in Junos OS Release 11.4.