Amer Networks E5Web GUI User Manual

Page 478

Device:/> add IDPRule Service=smtp

SourceInterface=wan
SourceNetwork=wan_net
DestinationInterface=dmz
DestinationNetwork=ip_mailserver
Name=IDPMailSrvRule

Specify the Rule Action:

Device:/> cc IDPRule IDPMailSrvRule

Device:/IDPMailSrvRule> add IDPRuleAction

Action=Protect
IDPServity=All
Signatures=IPS_MAIL_SMTP

InControl

Follow the same steps used for the Web Interface below.

Web Interface

Create an IDP Rule:

This IDP rule is called IDPMailSrvRule, and applies to the SMTP service. Source Interface and Source
Network define where traffic is coming from, in this example, the external network. The
Destination Interface and Destination Network define where traffic is directed to, in this case the
mail server. Destination Network should therefore be set to the object defining the mail server.

Go to: Policies > Intrusion Prevention > IDP Rules > Add > IDP Rule

Now enter:

•

Name: IDPMailSrvRule

•

Service: smtp

•

Also inspect dropped packets: In case all traffic matching this rule should be scanned
(this also means traffic that the main rule set would drop), the Protect against
insertion/evasion attacks checkbox should be checked, which is the case in this
example.

•

Source Interface: wan

•

Source Network: wan_net

•

Destination Interface: dmz

•

Destination Network: ip_mailserver

•

Click OK

Specify the Action:

An action now needs to be defined for the rule which specifies what signatures the IDP should
use when scanning data triggering rule and what cOS Core should do when a possible intrusion
is detected. In this example, intrusion attempts will cause the connection to be dropped so the
Action property is set to Protect.

The Signatures option is set to IPS_MAIL_SMTP in order to use signatures that describe attacks

Chapter 6: Security Mechanisms

478

This manual is related to the following products:

E7Web GUI W3 W5 Web GUI X8 Web GUI