#config ips sensor
edit "protect_http_server"
set comment "Protect against HTTP server-side vulnerabilities."
# config entries
edit 7
set rule 43814
set status enable
set action block
next
edit 8
set rule 47583
set status enable
set action pass
set rate-count 200
set rate-duration 5
next
edit 1
set location server
set protocol HTTP
next
edit 4
set application IIS
next
edit 5
set os Windows
next
edit 6
set protocol HTTPS
next
edit 9
set protocol HTTP
next
end
next
edit "protect_email_server"
set comment "Protect against email server-side vulnerabilities."
# config entries
edit 1
set location server
set protocol SMTP POP3 IMAP
next
end
next
edit "protect_client"
set comment "Protect against client-side vulnerabilities."
# config entries
edit 1
set location client
next
end
next
edit "high_security"
set comment "Blocks all Critical/High/Medium and some Low severity vulnerabilities"
set block-malicious-url enable
# config entries
edit 1
set severity medium high critical
set status enable
set action block
next
edit 2
set severity low
next
end
next
edit "IPS_NTP"
set comment "NTP"
# config entries
edit 1
set rule 10094 11853 12072 15051 17557 18046 25572 27915 37285 37576 37578 38074 39859 40201 41642 41679 43446 43523 43859 45736 45946 46254
next
end
next
edit "REMOTE_DESKTOP"
set comment "Remote Desktop TCP_3389"
# config entries
edit 1
set rule 33106
set status enable
set action block
set rate-count 200
set rate-duration 10
set quarantine attacker
set quarantine-expiry 1h30m
next
edit 2
set rule 11242 17666 17669 28662 29592 32860 35094
next
end
next
edit "Protect-VOIP-IPS"
# config entries
edit 5
set rule 46575
set status enable
set action block
set rate-count 1000
set rate-duration 10
next
edit 6
set rule 47088
set status enable
set action pass
set rate-count 500
set rate-duration 1
next
edit 3
set os Linux
set status enable
set action pass
next
edit 4
set protocol SIP RTSP RTP RTCP
set status enable
set action pass
next
end
next
end