User's Manual
Chapter 22 IDP Commands
NXC CLI Reference Guide
148
22.3.2.1 Example of IDP Zone to Zone Rule Commands
The following example creates IDP zone to zone rule one. The rule applies the LAN_IDP
profile to all traffic going to the LAN zone.
22.3.3 Editing/Creating IDP Signature Profiles
Use these commands to create a new IDP signature profile or edit an existing one. It is
recommended you use the web configurator to create/edit profiles. If you do not specify a base
profile, the default base profile is none.
You CANNOT change the base profile later!
The following table describes the values required for many IDP signature profile commands.
Other values are discussed with the corresponding commands.
This table lists the IDP signature profile commands.
Router# configure terminal
Router(config)# idp signature rule 1
Router(config-idp-signature-1)#
Router(config-idp-signature-1)# exit
Router(config)#
Router(config-idp-signature-1)# from-zone any
Router(config-idp-signature-1)# to-zone LAN
Router(config-idp-signature-1)# bind LAN_IDP
Router(config-idp-signature-1)# activate
Router(config)#show idp signature rules
Signature rules
idp rule: 1
from zone: any
to zone: LAN
profile: LAN_IDP
activate: yes
Table 82 Input Values for IDP Signature Profile Commands
LABEL DESCRIPTION
sid The signature ID (identification) number that uniquely identifies a NXC signature.
Table 83 Editing/Creating IDP Signature Profiles
COMMAND DESCRIPTION
idp signature newpro [base {all | lan | wan | dmz
| none}]
Creates a new IDP signature profile called
newpro. newpro uses the base profile you
specify. Enters sub-command mode. All the
following commands relate to the new profile.
Use
exit to quit sub-command mode.
[no] signature sid activate Activates or deactivates an IDP signature.
signature sid log [alert] Sets log or alert options for an IDP signature
no signature sid log Deactivates log options for an IDP signature