ESR series service routers.ESR-Series. User manual
The following commands can be used to view information about downloaded content for IPS/IDS:
show security ips content-provider
esr-20# show security ips content-provider
Server: content-provider
Last MD5 of received files: c60bd0f10716d3f48e18f24828337135
Next update: 30 October 2020 00:37:06
With this command you can find out if the content provider has downloaded rules from the EDM server (based
on the presence of the md5 checksum) and when the next update is scheduled for the device.
show security ips counters
esr-20# show security ips counters
TCP flows processed : 191
Alerts generated : 0
Blocked by ips engine : 7
Accepted by ips engine : 51483
It shows the traffic that passed through IPS/IDS and the actions that were applied to the traffic, as well as the
number of times IPS/IDS rules were fired.
13.8 Content filtering service configuration
The content filtering service is designed to restrict access to HTTP sites based on their content. For each site
is determined by its belonging to a particular category. Kaspersky Lab database is used as a database of site
categories. ESR sends HTTPS requests to Kaspersky Lab's server at https://ksn-vt.kaspersky-labs.com to
determine the category of sites.
The operation of the content filtering service is based on the Intrusion Prevention System (IPS) and is
configured as user IPS rules.
13.8.1 Basic configuration algorithm
Step Description Command Keys
1 Define DNS server IP address
used for DNS names resolution.
esr(config)# domain name-
server <IP>
<IP> – IP address of DNS server being
used, defined as AAA.BBB.CCC.DDD
where each part takes values of
[0..255].
2 Enable DNS name resolution on
the device.
esr(config)# domain lookup
enable
3 Create IPS/IDS security policy. esr(config)# security ips policy
<NAME>
<NAME> – security policy name, set
by the string of up to 32 characters.
The function is activated only under the license.
To Next Page
Loading...