ELTEX ESR Series - Page 413

To Next Page

To Previous Page

ESR-Series. User manual

413

Configure the DNS client on the ESR to allow the names of the IPS/IDS rule update sources:

esr(config)# domain lookup enable

esr(config)# domain name-server 8.8.8.8

Create IPS/IDS security policy:

esr(config)# security ips policy OFFICE

esr(config-ips-policy)# description "My Policy"

esr(config-ips-policy)# protect network-group LAN

Allow IPS/IDS operation on the bridge 1 LAN interface:

esr(config)# bridge 1

esr(config-bridge)# service-ips enable

Configure IPS/IDS parameters:

esr(config)# security ips

esr(config-ips)# logging storage-patch usb://DATA

esr(config-ips)# policy OFFICE

esr(config-ips)# enable

The device will be used only as a security gateway, for this allocate the IPS/IDS service all available resources:

esr(config-ips)# perfomance max

Configure auto-update rules from EmergingThreats.net, etnetera.cz and Abuse.ch sites

esr(config-ips)# auto-upgrade

esr(config-auto-upgrade)# user-server ET-Open

esr(config-ips-upgrade-user-server)# description «emerging threats open rules»

esr(config-ips-upgrade-user-server)# url https://rules.emergingthreats.net/open/suricata-4.0/

rules/

esr(config-ips-upgrade-user-server)# exit

esr(config-auto-upgrade)# user-server Aggressive

esr(config-ips-upgrade-user-server)# description «Etnetera aggressive IP blacklist»

esr(config-ips-upgrade-user-server)# url https://security.etnetera.cz/feeds/

etn_aggressive.rules

esr(config-ips-upgrade-user-server)# upgrade interval 4

esr(config-ips-upgrade-user-server)# exit

esr(config-auto-upgrade)# user-server SSL-BlackList

esr(config-ips-upgrade-user-server)# description «Abuse.ch SSL Blacklist»

esr(config-ips-upgrade-user-server)# url https://sslbl.abuse.ch/blacklist/sslblacklist.rules

esr(config-ips-upgrade-user-server)# upgrade interval 4

esr(config-ips-upgrade-user-server)# exit

esr(config-auto-upgrade)# user-server C2-Botnet

esr(config-ips-upgrade-user-server)# description «Abuse.ch Botnet C2 IP Blacklist»

esr(config-ips-upgrade-user-server)# url https://sslbl.abuse.ch/blacklist/sslipblacklist.rules

esr(config-ips-upgrade-user-server)# upgrade interval 4

esr(config-ips-upgrade-user-server)# exit

Related product manuals