then (Security IDP Policy)
Syntax
then {
action (Security Rulebase IPS) {
class-of-service {
dscp-code-point number;
forwarding-class forwarding-class;
}
(close-client | close-client-and-server | close-server |drop-connection | drop-packet | ignore-connection | mark-diffserv value | no-action | recommended);
}
ip-action (Security IDP Rulebase IPS) {
(ip-block | ip-close | ip-notify);
log;
log-create;
refresh-timeout;
target (destination-address | service | source-address | source-zone | source-zone-address | zone-service);
timeout seconds;
}
notification {
log-attacks {
alert;
}
packet-log (Security IDP Policy) {
post-attack number;
post-attack-timeout seconds;
pre-attack number;
}
}
severity (critical | info | major | minor | warning);
}
Hierarchy Level
[edit security idp idp-policy policy-name rulebase-ips rule rule-name]
Description
Specify the action to be performed when traffic matches the defined criteria.
Options
The remaining statements are explained separately. See CLI Explorer.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 9.2.