Action Sets
STEP 6 Choose one or more Contacts by checking the box next to the appropriate Contact Name. If there are no contacts displayed, you must Create an Email or SNMP Notification Contact first.
Note If using Quarantine on a managing SMS, you must add the SMS notification contact to the action sets for filters. Only filters with the SMS contact enabled on actions sets are accessible through the SMS for quarantine.
STEP 7 Click Create.
Rate Limit Action Set
A Rate Limit action set defines a maximum bandwidth that can be used by traffic that matches filters assigned to that action set. Incoming traffic in excess of this bandwidth is dropped. If two or more filters use the same rate limiting action set, then all packets matching these filters share the bandwidth. For example, if filters 164 (ICMP Echo Request) and 161 (ICMP Redirect Undefined Code) use the same 10 Mbps action set, then both “Echo Requests” and “Redirect Undefined Codes” filters share the 10 Mbps “pipe” as opposed to each filter getting a dedicated 10Mbps pipe.
The supported rates are subject to restrictions based on the device model. Any of these listed rates can be used as long as it does not exceed 25% percent of the total bandwidth of the product.
The following table lists supported rates.
Device | Supported Rates |
|
|
|
|
X5 | 50, 100, 150, 200, 300, 400, 500, 600, 700, and 900 Kbps |
|
|
X506 | 50, 100, 150, 200, 250, 300, 350, 400, 450, 500, 600, 700, 800, 900 and |
| 1000 Kbps |
| 1.5, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 20, 25, 30, 35, 40, 50, 62, |
| and 83 Mbps |
|
|
Quarantine Action Set
Quarantine Action Sets are Block action sets configured to block or redirect traffic from the host IP address for the filtered traffic. By enabling quarantine with a Block action set, you reduce the exposure of your network to internal and external threats.
When a filter with a quarantine option triggers, the device installs two blocks: one for the flow (as is normally done with Block actions) and another for the quarantined IP address. In addition to installing the two blocks, the device quarantines the IP address based on the instructions in the action set. For example, the user can display a Quarantine web page to notify the user of the problem and optionally provide instructions for fixing it, or the action may redirect all traffic from the quarantined IP address to a quarantine server that provides instructions to correct the problem.
You can review the list of currently quarantined IP addresses from the Quarantined Streams page (Events > Managed Streams > Quarantined Streams). You can also force an address into quarantine, or release a quarantined address. For additional information, see “Quarantined Addresses” on page 113.
X Family LSM User’s Guide V 2.5.1 | 49 |
|
|