TMS zl Management and Configuration Guide ST.1.2.100916

A-80

Command-Line Reference

Global Configuration Context

To enable or disable a specific signature, enter the following command:

Syntax: ips signatures <signature family> <signature ID> < enable | disable >

Replace <signature family> with the name of the signature family for which you

want to enable or disable the checks.

Replace <signature ID> with the signature ID of the threat for which you want

to enable or disable checks.

To enable or disable a signature according to threat level, enter the following

command:

Syntax: ips signatures threat-level < critical | severe | minor | warning | information >

< enable | disable >

Note When you download new signatures, all signatures will be enabled, even if

they belong to threat-levels or families (or both) that you have already dis-

abled. To disable the now signatures, you must again disable the signatures

according to family or threat level.

To set the update interval for signatures or update your signatures immedi-

ately, enter the following command:

Syntax: ips signatures update < interval < 4-hours | 12-hours | 24-hours | 48-hours |

1-week | 2-weeks > | now >

For example, if you want to update your signatures now, enter the following

command:

hostswitch(tms-module-<slot ID>)# ips signatures update

now

ips threat-level

This command is available only when the TMS zl Module is in routing mode.

In routing mode, when the TMS zl Module detects a threat, it can terminate

the session, block the packets, or allow the packets depending on the threat

level. For example, you can terminate sessions for threats classified as critical

while allowing packets associated with threats classified as information.

To configure IPS threat mitigation according to threat level, enter the

following:

Syntax: ips threat-level < critical | severe | minor | warning | information > < terminate

| block | allow >