No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Fat AP and Cloud AP V200R010C00 Command Reference

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
exception ips-signature-id

exception ips-signature-id

Function

The exception ips-signature-id command adds an IPS signature as an exception.

The undo exception command deletes an IPS signature from signature exception.

Format

exception ips-signature-id ips-signature-id [ action { alert | allow | block } ]

undo exception { ips-signature-id ips-signature-id | all }

Parameters

Parameter Description Value
ips-signature-id

Specifies the ID of an IPS signature.

The value is an integer ranging from 1 to 16777215.

action

Specifies the action.

-

alert

Indicates that the device generates an alarm when a packet matches an exception IPS signature.

-

allow

Indicates that the device permits a packet when a packet matches an exception IPS signature.

The default action for the exception signature is allow.

block

Indicates that the device denies a packet when a packet matches an exception IPS signature.

-

all

Indicates all signatures.

-

Views

Intrusion prevention profile view

Default Level

2: Configuration level

Usage Guidelines

This command configures different actions for certain signatures. The security policy preferentially implements the action for the exception signature.

During the IPS signature database update, if the configured exception signature does not exist in the IPS signature database, the corresponding configurations are reserved but do not take effect. When the current configurations are queried, the following message is displayed: Invalid configuration. The specified signature (signature-id) does not exist in the current library. Please check and delete it.

Example

# In intrusion prevention profile profile1, add the IPS signature with ID 2012 to the exception signature, set the action to alert.

<Huawei> system-view
[Huawei] profile type ips name profile1
[Huawei-profile-ips-profile1] exception ips-signature-id 2012 action alert
Translation
Download
Updated: 2019-11-21

Document ID: EDOC1100064352

Views: 208046

Downloads: 122

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next