Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Edit, Clone, and Delete an IPS Signature Dynamic Group

You must have the tenant administrator role or a customized role assigned with the appropriate IPS tasks to modify customized IPS signature dynamic groups.

Edit an IPS Signature Dynamic Group

You can edit only customized IPS signature dynamic groups, and not predefined (system-generated) dynamic groups.

To edit a customized IPS signature dynamic group:

  1. Select SRX > Security Subscriptions > IPS > IPS Signatures.

    The IPS Signatures page opens.

  2. Select a customized IPS signature dynamic group, and click the edit (pencil) icon.

    The Edit IPS Signature Dynamic Group page opens.

  3. Modify the IPS signature dynamic group fields. See Create an IPS Signature Dynamic Group.
    Note:

    You cannot modify the IPS signature dynamic group name.
  4. (Optional) Click Preview Filtered Signatures to check if the signatures that match the dynamic group are consistent with the specified filter criteria.

    The IPS Signatures page opens displaying the list of IPS signatures matching the filters. If the signatures do not match, you can tweak the filter criteria. Click Close to go back to the previous page.

  5. Click OK to save your changes.

    The IPS Signatures page opens with a message indicating that the IPS signature dynamic group was successfully updated.

    If the IPS signature dynamic group was used in an IPS rule or exempt rule that is deployed on the device through the firewall policy, then the firewall policy is marked for deployment. You must deploy the firewall policy for the changes to take effect on the device.

Clone IPS Signature Dynamic Groups

Cloning enables you to easily create an IPS signature dynamic group based on an existing one. You can clone predefined or customized IPS signature dynamic groups and modify the parameters.

To clone an IPS signature dynamic group:

  1. Select SRX > Security Subscriptions > IPS > IPS Signatures.

    The IPS Signatures page opens.

  2. Select an IPS signature dynamic group, and select More > Clone.

    The Clone IPS Signature Dynamic Group page opens.

  3. Modify the IPS signature dynamic group fields. See Create an IPS Signature Dynamic Group.
  4. (Optional) Click Preview Filtered Signatures to check if the signatures that match the dynamic group are consistent with the specified filter criteria.

    The IPS Signatures page opens displaying the list of IPS signatures matching the filters. If the signatures do not match, you can tweak the filter criteria. Click Close to go back to the previous page.

  5. Click OK to save your changes.

    The IPS Signatures page opens with a message that the IPS signature dynamic group was successfully created.

    You can use the cloned IPS signature dynamic group in an IPS rule or an exempt rule. You can then reference the IPS profile containing the rule in a firewall policy, which you can deploy on the device.

Delete IPS Signature Dynamic Groups

Note:

You can delete only customized (user-created) IPS signature dynamic groups that are not used in an IPS or exempt rule. You cannot delete predefined (system-generated) IPS signature dynamic groups.

To delete the customized IPS signature dynamic groups:

  1. Select SRX > Security Subscriptions > IPS > IPS Signatures.

    The IPS Signatures page opens.

  2. Select one or more customized IPS signature dynamic groups, and click the delete (trash can) icon.

    A warning message asking you to confirm the deletion is displayed.

  3. Click Yes.

    The IPS Signatures page opens with a message indicating the status of the delete operation.