ESR series service routers.ESR-Series. User manual
Allow IPS/IDS operation on the bridge gigabitethernet 1/0/2 interface:
esr(config)# interface gigabitethernet 1/0/2
esr(config-if-gi)# service-ips inline
Configure IPS/IDS parameters:
esr(config)# security ips
esr(config-ips)# policy OFFICE
esr(config-ips)# enable
The device will be used only as a security gateway, for this allocate the IPS/IDS service all available resources:
esr(config-ips)# perfomance max
Create a content filtering profile for the selected categories:
esr(config)# object-group content-filter Black
esr(config-object-group-content-filter)# vendor kaspersky-lab
esr(config-object-group-cf-kaspersky)# category adult-content
esr(config-object-group-cf-kaspersky)# category casino
esr(config-object-group-cf-kaspersky)# category online-betting
esr(config-object-group-cf-kaspersky)# category online-lotteries
Create a set of user rules:
esr(config)# security ips-category user-defined USER
Create the rule:
esr(config-ips-category)# rule 10
esr(config-ips-category-rule)# description "Content-Filter Block"
The packets will be dropped:
esr(config-ips-category-rule)# action drop
Configure attack message:
esr(config-ips-category-rule)# meta log-message «Corporate policy violation»
Specify protocol type for the rule:
esr(config-ips-category-rule)# protocol http
For http requests, the operating system uses a random value as the TCP sender port, so you must specify any:
esr(config-ips-category-rule)# source-port any
To Next Page
Loading...