ESR series service routers.ESR-Series. User manual
13.6 IPS/IDS configuration
IPS/IDS (Intrusion Prevention System/Intrusion Detection System) – a network and computer security software
system that detects intrusions or security breaches and automatically protecting from them.
The system is based on signature traffic analysis. Signatures for IPS/IDS systems are commonly called rules.
ESR devices allow you to download current rules from open sources on the Internet or from a corporate server.
Using the CLI, you can also create your own specific rules.
By default, ESR devices have a basic set of rules from EmergingThreats designed for testing and verifying
system health.
13.6.1 Base configuration algorithm
Step Description Command Keys
1 Create IPS/IDS security policy. esr(config)# security ips policy
<NAME>
<NAME> – security policy name, set
by the string of up to 32 characters
2 Specify policy description
(optional).
esr(config-ips-policy)#
description <DESCRIPTION>
<DESCRIPTION> – description, set by
the string of up to 255 characters.
3 Specify the IP address profile that
IPS/IDS will protect.
esr(config-ips-policy)# protect
network-group <OBJ-GROUP-
NETWORK_NAME>
<OBJ-GROUP-NETWORK-NAME> –
protected IP addresses profile name,
set by the string of up to 32
characters.
4 Specify the profile of IP addresses
that are external for IPS/IDS
(optional).
esr(config-ips-policy)# external
network-group <OBJ-GROUP-
NETWORK_NAME>
<OBJ-GROUP-NETWORK-NAME> –
external IP addresses profile name,
set by the string of up to 32
characters.
5 Switch to the IPS/IDS configuration
mode.
esr(config)# security ips
6 Assign IPS/IDS security policy. esr(config-ips)# policy <NAME> <NAME> – security policy name, set
by the string of up to 32 characters
7 Use all ESR resources for IPS/IDS
(optional).
esr(config-ips)# perfomance
max
By default, half of the available
processor cores are allocated for
IPS/IDS.
The function is activated only under the license.
To Next Page
Loading...