Chapter 3 IPS Filtering
Table
Column | Description |
|
|
|
|
TCP Reset | Indicates whether the option to reset a TCP connection is enabled. With TCP |
| reset enabled, the device can reset the TCP connection for the source or |
| destination IP when the Block action executes. This option can be configured on |
| Block action sets. |
|
|
Quarantine | Indicates whether the option to Quarantine an IP address is enabled. |
|
|
Packet Trace | Whether or not packet tracing is enabled |
|
|
Contact(s) | Where notifications will be sent if a Notification Contact is configured on the |
| action set. |
|
|
Function(s) | The functions available to manage the Action Set: |
| • Delete a custom action set. |
| You cannot delete a default Action Set or an Action Set that is currently |
| assigned to a filter. |
| • Edit the Action Set configuration. (You cannot edit the Recommended Action |
| Set) |
|
|
Configure an Action Set
STEP 1
STEP 2
From the LSM menu, select IPS > Action Sets. The IPS Profile - Actions Sets page displays.
On the Action Sets page, click the Create Action Set button, or click the pencil for the Action Set you want to edit.
STEP 3 On the Create/Edit Action Set page, type or edit the Action Set Name.
STEP 4 For Actions, select a flow control action setting:
•Permit — Allows traffic
•Rate Limit — Limits the speed of traffic. Select a Rate.
•Block
TCP Reset — Used with the Block action, resets the source, destination, or both IPs of an attack. This option resets blocked TCP flows.
Quarantine — Used with the Block action, blocks an IP (source or destination) that triggers the filter. See “Configure a Quarantine Action Set” on page 51.
STEP 5 Optionally, click the Packet Trace check box:
STEP A Select the Priority from the
STEP B Select the Verbosity from the
If you choose partial verbosity, choose how many bytes of the packet to capture (between
48 X Family LSM User’s Guide V 2.5.1