•
•
Step Description Command Keys
7 Set sender IP addresses for which the
rule should work.
esr(config-ips-category-rule)#
source-address
{ip <ADDR> | ip-prefix <ADDR/LEN>
|
object-group <OBJ_GR_NAME> |
policy-object-group
{ protect | external } | any }
<ADDR> – sender IP address,
defined as AAA.BBB.CCC.DDD
where each part takes values of
[0..255];
<ADDR/LEN> – sender IP
subnet, defined as
AAA.BBB.CCC.DDD/EE where
each part AAA-DDD takes
values of [0..255] and LEN
takes values of [1..32].
<OBJ_GR_NAME> – name of IP
addresses profile that contains
sender IP address, set by the
string of up to 31 characters.
protect – sets sender
addresses, protect
addresses defined in
IPS/IDS policy;
external – sets external
addresses defined in
IPS/IDS policy as sender
addresses.
When specifying the 'any' value,
the rule will be triggered for any
source IP address.
8 Set the profile of source TCP/UDP
ports for which the rule should work.
For protocol icmp value, source-port
can only be any.
esr(config-ips-category-rule)#
source-port {any | <PORT> | object-
group <OBJ-GR-NAME> }
<PORT> – number of sender
TCP/UDP port, takes values of
[1..65535].
<OBJ_GR_NAME> – sender
TCP/UDP ports profile name,
set by the string of up to 31
characters.
When specifying the “any”
value, the rule will work for any
sender TCP/UDP port.
To Next Page
Loading...
Need help?
General
