•
•
Step Description Command Keys
23 Set the IP protocol to HTTP. esr(config-ips-category-rule)#
protocol http
24 Set sender IP addresses for which the
rule should work.
esr(config-ips-category-rule)#
source-address
{ip <ADDR> | ip-prefix <ADDR/LEN>
| object-group <OBJ_GR_NAME> |
policy-object-group { protect |
external } | any }
<ADDR> – sender IP address,
defined as AAA.BBB.CCC.DDD
where each part takes values of
[0..255];
<ADDR/LEN> – sender IP
subnet, defined as
AAA.BBB.CCC.DDD/EE where
each part AAA-DDD takes
values of [0..255] and LEN
takes values of [1..32].
<OBJ_GR_NAME> – name of IP
addresses profile that contains
sender IP address, set by the
string of up to 31 characters.
protect – sets sender
addresses, protect
addresses defined in
IPS/IDS policy;
external – sets external
addresses defined in
IPS/IDS policy as sender
addresses.
When specifying the 'any' value,
the rule will be triggered for any
source IP address.
25 Set the profile of source TCP ports for
which the rule should work.
esr(config-ips-category-rule)#
source-port {any | <PORT> | object-
group <OBJ-GR-NAME> }
<PORT> – number of sender
TCP/UDP port, takes values of
[1..65535].
<OBJ_GR_NAME> – sender
TCP/UDP ports profile name,
set by the string of up to 31
characters.
When specifying the “any”
value, the rule will work for any
sender TCP/UDP port.
To Next Page
Loading...
Need help?
General
