Setting up idp, Setting up idp for a mail server – Amer Networks E5Web GUI User Manual

6.5.7. Setting Up IDP

The steps for setting up IDP are as follows:

•

Create an IDP Rule object which identifies the traffic to be processed.

•

Add one or more IDP RUle Action objects to the rule which specify:

i.

The IDP signatures to be used when scanning the traffic targeted by the rule.

ii.

The action to take when a signature triggers.

IDP Blacklisting

The Protect option includes the option that the particular host or network that triggers the IDP
Rule can be added to a Blacklist of offending traffic sources. This means that all subsequent traffic
coming from a blacklisted source with be automatically dropped by cOS Core. For more details of
how blacklisting functions see Section 6.7, “Blacklisting Hosts and Networks”.

Tip

Any IP address that exists in the cOS Core whitelist cannot be blacklisted. For this reason
it is recommended that the IP address of the management workstation and the Clavister
Security Gateway itself is added to the whitelist when using IDP.

Example 6.21. Setting up IDP for a Mail Server

The following example details the steps needed to set up IDP for a simple scenario where a mail
server is exposed to the Internet on the DMZ network with a public IPv4 address. The public
Internet can be reached through the gateway on the WAN interface as illustrated below.

An IDP rule called IDPMailSrvRule will be created, and the Service object to use is the SMTP
service. The Source Interface and Source Network defines where traffic is coming from, in this
example the external network. The Destination Interface and Destination Network define where
traffic is directed to, in this case the mail server. The Destination Network should therefore be set
to the object defining the mail server.

Command-Line Interface

Create an IDP Rule:

Chapter 6: Security Mechanisms

477