| Home Prev |  InCenter 2.2.5 On-Premises Administration Guide
|
Next |
|---|
The steps for setting up IDP are as follows:
Create an IDPRule object to specify which traffic is to be processed by IDP.
Add one or more IDPRuleAction objects to the rule which specify:
The IDP signatures to be used when scanning the traffic targeted by the rule. This can be done by specifying one or more signature categories and/or specifying a list of signatures. If both a category and a list is specified then a logical OR is used in combining them.
The action to take when a signature triggers. As described previously, this can be one of of Protect (the default), Audit or Ignore.
Example 21.1. Setting up IDP for HTTP Server Protection
The following example details the steps needed to set up IDP for a simple scenario where an HTTP server is exposed to the Internet on the DMZ network with a public IPv4 address. The public Internet can be reached through the firewall on the WAN interface as illustrated below.
An IDPRule object called srv_rule will be created with the Service set to http. The SourceInterface and SourceNetwork defines where traffic is coming from, in this example the external network. The DestinationInterface and DestinationNetwork define where traffic is directed to, in this case the server.
Command-Line Interface
Change the CLI context to be the node. Assume the node name is my-node1:
admin@InCenter:/> cc StandaloneNode my-node1
admin@InCenter:/my-node1>Create an IDP rule:
admin@InCenter:/my-node1> add IDPRule
SourceInterface=wan
SourceNetwork=wannet
DestinationInterface=dmz
DestinationNetwork=http_server_ip
Service=http
Name=srv_ruleNote that the Name property is optional but recommended for clarity.
Change the CLI context to be the rule:
admin@InCenter:/my-node1> cc IDPRule 1
admin@InCenter:/my-node1/IDPRule/1> Add the action as a child:
admin@InCenter:/my-node1/IDPRule/1> add IDPRuleAction
Action=Protect
Signatures=72828,72829,58183,52543Note that the default action is Protect but it is included above for clarity.
