ELTEX ESR-3100 - IPSIDS Configuration Example with Rules Autoupdate

To Next Page

To Previous Page

ESR series service routers.ESR-Series. User manual

484

https://

rules.emergingthreats.net/

open/suricata/rules/emerging-

worm.rules

These rules describe signs of network worm activity.

13.6.4 IPS/IDS configuration example with rules autoupdate

Objective:

Organize LAN protection with autoupdate rules from open sources.

192.168.1.0/24 – LAN

Solution:

Create a profile of protected LAN addresses:

esr(config)# object-group network LAN

esr(config-object-group-network)# ip prefix 192.168.1.0/24

esr(config-object-group-network)# exit

Configure the DNS client on the ESR to allow the names of the IPS/IDS rule update sources:

esr(config)# domain lookup enable

esr(config)# domain name-server 8.8.8.8

Create IPS/IDS security policy:

esr(config)# security ips policy OFFICE

esr(config-ips-policy)# description "My Policy"

esr(config-ips-policy)# protect network-group LAN

Allow IPS/IDS operation on the bridge 1 LAN interface:

esr(config)# bridge 1

esr(config-bridge)# service-ips inline

Configure IPS/IDS parameters:

esr(config)# security ips

esr(config-ips)# logging remote-server 192.168.10.1

esr(config-ips)# logging update-interval 15

esr(config-ips)# policy OFFICE

esr(config-ips)# enable

Related product manuals