rule (Security IPS Rulebase)
Syntax
rule rule-name {
description text;
match (Security IDP Policy) {
application (application-name | any | default);
attacks (Security IPS Rulebase) {
custom-attack-groups [attack-group-name];
custom-attacks [attack-name];
dynamic-attack-groups [attack-group-name];
predefined-attack-groups [attack-group-name];
predefined-attacks [attack-name];
}
destination-address (Security IDP Policy) ([address-name] | any | any-ipv4 | any-ipv6);
destination-except [address-name];
from-zone (zone-name | any );
source-address ([address-name] | any | any-ipv4 | any-ipv6);
source-except [address-name];
to-zone (zone-name | any);
}
terminal;
then {
action {
class-of-service {
dscp-code-point number;
forwarding-class forwarding-class;
}
(close-client | close-client-and-server | close-server |drop-connection | drop-packet | ignore-connection | mark-diffserv value | no-action | recommended);
}
ip-action (Security IDP Rulebase IPS) {
(ip-block | ip-close | ip-notify);
log;
log-create;
refresh-timeout;
target (destination-address | service | source-address | source-zone | source-zone-address | zone-service);
timeout seconds;
}
notification {
log-attacks {
alert;
}
packet-log (Security IDP Policy) {
post-attack number;
post-attack-timeout seconds;
pre-attack number;
}
}
severity (critical | info | major | minor | warning);
}
}
Hierarchy Level
[edit security idp idp-policy policy-name rulebase-ips]
Description
Specify IPS rule to create, modify, delete, and reorder the rules in a rulebase.
Options
rule-name—Name of the IPS rulebase rule.
The remaining statements are explained separately. See CLI Explorer.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 9.2.
Starting in Junos OS Release 18.2R1, IDP policy is available within unified security policy. When IDP policy is available within the unified security policy then the IDP polciy configurations are simplified. Configuring source or destination address, source and destination-except, from and to zone, or application is not required with unified policy, as the match happens in the security policy itself.
Additional tags under filters of dynamic attack groups are added in Junos OS Release 18.2R1 for dynamic attacks grouping of IDP signatures.