Chapter 21 IDP
NXC5200 User’s Guide
322
The NXC checks all signatures and continues searching even after a match is
found. If two or more rules have conflicting actions for the same packet, then the
NXC applies the more restrictive action (reject-both, reject-receiver or reject-
sender, drop, none in this order). If a packet matches a rule for reject-receiver
and it also matches a rule for reject-sender, then the NXC will reject-both.
Figure 144
Configuration > Anti-X > IDP > Custom Signatures
The following table describes the fields in this screen.
Table 120
Configuration > Anti-X > IDP > Custom Signatures
LABEL
DESCRIPTION
Custom
Signature
Rules
Use this part of the screen to create, edit, delete or export (save to your
computer) custom signatures.
Add
Click this to create a new entry.
Edit
Select an entry and click this to be able to modify it.
Remove
Select an entry and click this to delete it.
Activate
To turn on an entry, select it and click Activate.
Export
To save an entry or entries as a file on your computer, select them and
click Export. Click Save in the file download dialog box and then select a
location and name for the file.
Custom signatures must end with the ‘rules’ file name extension, for
example, MySig.rules.
#
This is the entry’s index number in the list.
SID
SID is the signature ID that uniquely identifies a signature. Click the SID
header to sort signatures in ascending or descending order. It is
automatically created when you click the Add icon to create a new
signature. You can edit the ID, but it cannot already exist and it must be
in the 9000000 to 9999999 range.
Name
This is the name of your custom signature. Duplicate names can exist,
but it is advisable to use unique signature names that give some hint as
to intent of the signature and the type of attack it is supposed to prevent.