Configuring IPS for the USG2000 and USG5000

Configure IPS on the USG2000 or USG5000.
The procedure is as follows:
1. Configure global IPSec parameters.
system-view //Access the system view.
ips enable //Enable the IPS function.
system-view //Access the system view.
ips mode { protective | warning } //Configure the IPS operating mode.
2. Configure the IPS signature, upgrade the predefined signature, or configure a custom signature. The procedure for configuring a custom signature is as follows:
ips signature signature-id //Create a custom IPS signature and access the IPS signature view.
a. name name //Configure the name of the custom IPS signature.
b. protocol protocol-name [ [ severity { informational | notification | warning | error | critical } ] | [ direction { to-server | to-client | any } ] | [ source-ip { any | ip-address mask } ] | [ source-port { any | port-number | high | low } ] | [ destination-ip { any | ip-address mask } ] | [ destination-port { any | port-num | high | low } ] | [ offset { { packet | stream } offset-value | any } ] | [ max-stream-len { stream-len | any } ] ] * //Configure the protocol, severity, and direction of the custom IPS signature.
c. regex regex //Configure the description of behavioral characteristics of attacks.
3. Configure the IPS policy.
ips policy policy-name //Access the IPS policy view.
signature-set signature-set-name //Create a signature set and access the signature set view.
direction enable //Enable the function of filtering signatures in the signature set based on signature directions.
direction { { to-server | to-client | any } * | all } //Add signatures of the specified direction to the signature set.
severity enable //Enable the function of filtering signatures in the signature set based on signature severities.
severity { above | below } { informational | notification | warning | error |critical }
//Add signatures of the specified severity to the signature set.
reliability enable //Enable the function of filtering signatures in the signature set based on signature reliability.
reliability { above | below } { low | medium | high }
//Add signatures of the specified reliability to the signature set.
protocol enable //Enable the function of filtering signatures in the signature set based on protocols.
protocol { protocol-name &<1-10> | all } //Add signatures of the specified protocol to the signature set.
protocol enable //Enable the function of filtering signatures in the signature set based on categories.
category mode { or | and } //Configure the matching mode for categories in the signature set.
category { category-name &<1-10> | all } //Add signatures of the specified category to the signature set.
signature-set [ enable ] action { alert | block } //Configure the enabling status and response mode of the signature set.
signature-set move signature-set-name1 { before | after } signature-set-name2
//Modify the priority of the signature set.
ips policy policy-name //Create an IPS policy named policy-name.
override-signature signature-id enable action { block | alert }
//Enable signature overriding and configure the response mode.
4. Apply the IPS policy.
policy zone zone-name //Access the intra-zone firewall policy view.
policy interzone zone-name1 vpn-instance vpn-instance-name zone-name2 { inbound | outbound },
//Access the inter-zone firewall policy view.
policy policy-id //Create a firewall policy and access the policy ID view.
action permit //Configure the action of the firewall policy to permit.
policy ips ips-policy //Apply the IPS policy.

Scroll to top