rulebase-exempt
Syntax
rulebase-exempt {
rule rule-name {
description text;
match (Security IDP Policy) {
attacks (Security IPS Rulebase) {
custom-attack-groups [attack-group-name];
custom-attacks [attack-name];
dynamic-attack-groups [attack-group-name];
predefined-attack-groups [attack-group-name];
predefined-attacks [attack-name];
}
destination-address (Security IDP Policy)([address-name] | any | any-ipv4 | any-ipv6);
destination-except [address-name];
from-zone (zone-name | any );
source-address ([address-name] | any | any-ipv4 | any-ipv6);
source-except [address-name];
to-zone (zone-name | any);
}
}
}
Hierarchy Level
[edit security idp idp-policy policy-name]
Description
Configure the exempt rulebase to skip detection of a set of attacks in certain traffic.
You must configure the IPS rulebase before configuring the exempt rulebase.
Options
The remaining statements are explained separately. See CLI Explorer.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 9.2.
Starting in Junos OS Release 18.2R1, IDP policy is available within unified security policy. IDP policy configurations are simplified and made available under the unified policy as one of the policy. Configuring source or destination address, source and destination-except, from and to zone, or application is not required with unified policy, as the match happens in the security policy itself.