ESR series service routers.ESR-Series. User manual
Step Description Command Keys
30 Define the message that IPS/
IDS will record to the log when
this rule will trigger.
esr(config-ips-category-rule)#
meta log-message <MESSAGE>
<MESSAGE> – text message specified
by a string of up to 129 characters.
31 Assign a content filter category
profile
esr(config-ips-category-rule)# ip
http content-filter <NAME>
<NAME> – name of the content
filtering profile, specified as a string of
up to 31 characters.
any – rule will trigger for http sites of
any category.
32 Activate a rule. esr(config-ips-category-rule)#
enable
13.8.2 Content filtering rules configuration example
Objective:
Deny access to http sites related to the categories of adult-content, casino, online-betting, online-lotteries from
the local network 192.168.1.0/24
Solution:
Interfaces and firewall rules must be configured on the device beforehand.
Create a profile of protected LAN addresses:
esr(config)# object-group network LAN
esr(config-object-group-network)# ip prefix 192.168.1.0/24
esr(config-object-group-network)# exit
Configure the DNS client on the ESR to allow the names of the IPS/IDS rule update sources:
esr(config)# domain lookup enable
esr(config)# domain name-server 8.8.8.8
Create IPS/IDS security policy:
esr(config)# security ips policy OFFICE
esr(config-ips-policy)# description "My Policy"
esr(config-ips-policy)# protect network-group LAN
To Next Page
Loading...
Need help?
General
