Version 7.2 187 Mediant 800B Gateway & E-SBC
User's Manual 13. Security
The figure above shows a configuration example where the IDS Policy "SIP Trunk" is
applied to SIP Interfaces 1 and 2, and to all source IP addresses outside of subnet
10.1.0.0/16 and IP address 10.2.2.2.
3. Configure a rule according to the parameters described in the table below.
4. Click Apply, and then save your settings to flash memory.
Table 13-5: IDS Matches Table Parameter Descriptions
Parameter Description
Index
[IDSMatch_Index]
Defines an index number for the new table record.
SIP Interface ID
sip-interface
[IDSMatch_SIPInterface]
Defines the SIP Interface(s) to which you want to assign the IDS
Policy. This indicates the SIP Interfaces that are being attacked.
The valid value is the ID of the SIP Interface. The following syntax is
supported:
A comma-separated list of SIP Interface IDs (e.g., 1,3,4)
A hyphen "-" indicates a range of SIP Interfaces (e.g., 3,4-7 means
IDs 3, and 4 through 7)
A prefix of an exclamation mark "!" means negation of the set (e.g.,
!3,4-7 means all indexes excluding 3, and excluding 4 through 7)
Proxy Set ID
proxy-set
[IDSMatch_ProxySet]
Defines the Proxy Set(s) to which the IDS Policy is assigned. This
indicates the Proxy Sets from where the attacks are coming from. The
following syntax is supported:
A comma-separated list of Proxy Set IDs (e.g., 1,3,4)
A hyphen "-" indicates a range of Proxy Sets (e.g., 3,4-7 means
IDs 3, and 4 through 7)
A prefix of an exclamation mark "!" means negation of the set (e.g.,
!3,4-7 means all indexes excluding 3, and excluding 4 through 7)
Note:
Only the IP address of the Proxy Set is considered (not port).
If a Proxy Set has multiple IP addresses, the device considers the
Proxy Set as one entity and includes all its IP addresses in the
same IDS count.
Subnet
subnet
[IDSMatch_Subnet]
Defines the subnet to which the IDS Policy is assigned. This indicates
the subnets from where the attacks are coming from. The following
syntax can be used:
Basic syntax is a subnet in CIDR notation (e.g., 10.1.0.0/16 means
all sources with IP address in the range 10.1.0.0–10.1.255.255)
An IP address can be specified without the prefix length to refer to
the specific IP address.
Each subnet can be negated by prefixing it with "!", which means
all IP addresses outside that subnet.
Multiple subnets can be specified by separating them with "&"
(and) or "|" (or) operations. For example:
10.1.0.0/16 | 10.2.2.2: includes subnet 10.1.0.0/16 and IP
address 10.2.2.2.
!10.1.0.0/16 & !10.2.2.2: includes all addresses except those
of subnet 10.1.0.0/16 and IP address 10.2.2.2. Note that the
exclamation mark "!" appears before each subnet.
10.1.0.0/16 & !10.1.1.1: includes subnet 10.1.0.0/16, except IP
To Next Page
Loading...
