Owner's Manual

ManualsBrandsDell ManualsSoftwareDell OpenManage Network Manager Version 4.4

431

432

433

434

435

436

437

438

439

440

437

Active

—Check this to activate the rule.

Match Direction

—

input/output

. These specify the side of the interface where the rule applies.

Editing / Creating an IDS Rule

The rule terms appear listed on the left. Use the

Add/Edit/Delete/Export

buttons in this portion of

the screen to manage them. The editor for terms appears in the right panel. Configure the match

criteria tab as in Match Criteria tab on page 425. In the

Action

tab, here are the fields you can

configure:

The

Action

tab in the term editor.

Figure 13-16. IDS Rule Action Editor

Here are the fields you can alter:

Aggregation

—When checked, aggregates traffic labelled with a specific source or destination

prefix before passing the event to IDS processing.

Destination Prefix: 1-32— the prefix value for the destination IP aggregates.

Source Prefix: 1-32— the prefix value for the source IP aggregates.

Logging

—When enabled (checked), this lets you set the number of events per second (in the

Threshold

field) that have to appear before logging occurs.

Syslog

—Makes syslogging occur when events are logged.

Syn-cookie

—When enabled, this allows Syn-cookie defensive mechanisms.

MSS—Maximum Sequence Selection value used in TCP delayed binding. Range: 128-

8192. Default: 1500

Threshold—Syn-cookie defence, the number of SYN attacks per second.

Force-Cache

—Check to enable.

Ignore Cache

—Check to enable.