Chapter 42 IDP Commands
ZyWALL Series CLI Reference Guide
354
Use these commands to edit rate based signatures profiles. It is recommended you use the web
configurator to create/edit profiles. You must use the
configure terminal commands to enter the
configuration mode before you can use the configuration commands.
42.3.3.1 IDP Rate-Based Signature Example
This example shows how to configure a rate-based signature settings.
Table 195 Editing Rate Based Signatures Profiles
COMMAND DESCRIPTION
idp signature default_profile
Enters configuration mode for the rate based signatures
default profiles.
signature sid seconds
Sets the length of time in seconds the event should
occur from a client the counts number of times to trigger
an action.
For example, counts is set to 5, and seconds is set to 60. If
the Zyxel Device detects 5 or more occurrences of
malicious traffic in less than 60 seconds, then action is
triggered.
signature sid counts
Sets the number of security events that need to occur
within the defined seconds to trigger an action.
signature sid block_period
Sets the time period the attacker’s IP will be blocked.
signature sid action {drop | reject-
sender | reject-receiver | reject-
both}
Sets an action for a rate based signature.
no signature sid action
Deactivates an action for a rate based signature.
Router# configure terminal
Router(config)# idp signature default_profile
Router(config-idp-signature-profile-default_profile)# signature 130009
action activate block_period counts log
seconds
Router(config-idp-signature-profile-default_profile)# signature 130009
seconds
<1..120>
Router(config-idp-signature-profile-default_profile)# signature 130009
seconds 60
Router(config-idp-signature-profile-default_profile)# signature 130009
counts
<1..300>
Router(config-idp-signature-profile-default_profile)# signature 130009
counts 250
Router(config-idp-signature-profile-default_profile)# signature 130009
block_period
<0..86400>
Router(config-idp-signature-profile-default_profile)# signature 130009
block_period 500
Router(config-idp-signature-profile-default_profile)# signature 130009
action
drop reject-both reject-receiver reject-sender
Router(config-idp-signature-profile-default_profile)# signature 130009
action drop
To Next Page
Loading...
