The display profile type ips command displays the configuration of an intrusion prevention profile.
display profile type ips [ name name [ signature-set-name signature-set-name | exception-signature-id exception-signature-id ] ]
| Parameter | Description | Value |
|---|---|---|
name name |
Displays the information about the specified intrusion prevention profile. |
The value is a case-sensitive string. If the name does not contain any spaces, the length is 1 to 32 characters. If the name contains spaces, the length is 3 to 34 characters and the name must be enclosed with double quotation marks (""), for example, "user for test". The name cannot contain any question marks (?), commas (,), quotation marks ("), or hyphens (-). The value must be an existing intrusion prevention profile. |
signature-set-name signature-set-name |
Specifies the name of a signature filter. |
The value is a case-sensitive string. If the name does not contain any spaces, the length is 1 to 32 characters. If the name contains spaces, the length is 3 to 34 characters and the name must be enclosed with double quotation marks (""), for example, "user for test". The name cannot contain any question marks (?), commas (,), quotation marks ("), or hyphens (-). The value must be the name of an existing signature filter. |
exception-signature-id exception-signature-id |
Specifies the ID of an exception signature. |
The value is an integer ranging from 1 to 16777215. The value must be the ID of an existing exception signature. |
The device has multiple default security profiles for different application scenarios as follows. The default security profiles can be displayed, cloned, or referenced in security policies, but cannot be modified or deleted.
Name |
Target |
Severity |
Operating System |
Application Program |
Protocol |
Category |
Action |
Application Scenario |
|---|---|---|---|---|---|---|---|---|
video_surveillance |
All |
Low, Medium, High |
Unix-like, Windows, Android, iOS, Other |
All |
DNS, HTTP, FTP, TELNET, SSH, RTSP, SSL, UDP, TCP |
All |
Default |
The intrusion prevention profile applies when the device is deployed in video surveillance scenarios. |
strict |
All |
Low, Medium, High |
Unix-like, Windows, Android, iOS, Other |
All |
All |
All |
Block |
The intrusion prevention profile applies to the scenarios in which the device is required to block all matched packets. |
web_server |
All |
Low, Medium, High |
Unix-like, Windows, Android, iOS, Other |
All |
DNS, HTTP, FTP |
All |
Default |
The intrusion prevention profile applies to the scenarios in which the device is deployed in front of a web server. |
file_server |
All |
Low, Medium, High |
Unix-like, Windows, Android, iOS, Other |
All |
DNS, SMB, NETBIOS, NFS, SUNRPC, MSRPC, FILE, TELNET |
All |
Default |
The intrusion prevention profile applies to the scenarios in which the device is deployed in front of a file server. |
dns_server |
All |
Low, Medium, High |
Unix-like, Windows, Android, iOS, Other |
All |
DNS |
All |
Default |
The intrusion prevention profile applies to the scenarios in which the device is deployed in front of a DNS server. |
mail_server |
All |
Low, Medium, High |
Unix-like, Windows, Android, iOS, Other |
All |
DNS, IMAP4, SMTP, POP3 |
All |
Default |
The intrusion prevention profile applies to the scenarios in which the device is deployed in front of a mail server. |
inside_firewall |
All |
Low, Medium, High |
Unix-like, Windows, Android, iOS, Other |
All |
Except TELNET and TFTP |
All |
Default |
The intrusion prevention profile applies to the scenarios in which the device is deployed behind a firewall. |
dmz |
All |
Low, Medium, High |
Unix-like, Windows, Android, iOS, Other |
All |
Except NETBIOS, NFS, SMB, TELNET and TFTP |
All |
Default |
The intrusion prevention profile applies to the scenarios in which the device is deployed in front of a DMZ. |
outside_firewall |
All |
Low, Medium, High |
Unix-like, Windows, Android, iOS, Other |
All |
All |
Except Scanner |
Default |
The intrusion prevention profile applies to the scenarios in which the device is deployed in front of a firewall. |
ids |
All |
Low, Medium, High |
Unix-like, Windows, Android, iOS, Other |
All |
All |
All |
Alert |
The intrusion prevention profile applies to the scenarios in which the device is deployed off-line as an IDS. |
default |
All |
Low, Medium, High |
Unix-like, Windows, Android, iOS, Other |
All |
All |
All |
Default |
The intrusion prevention profile applies to the scenarios in which the device is deployed in-line as an IPS. |
# Display the information about profile template default.
<sysname> display profile type ips name default
IPS Profile Configurations:
----------------------------------------------------------------------
Name : default
Description : This profile applies to the general scenario when the device is deployed in IPS (inline) mode.
Referenced : 1
State : committed
AttackEvidenceCollection : disable
AssocCheck: : enable
SignatureSet : default
Target : both
Severity : low medium high
OS : unix-like windows android ios other
Protocol : all
Category : all
Action : default
Application : all
Exception:
ID Action Name
----------------------------------------------------------------------
DNS Protocol Check:
HTTP Protocol Check:
----------------------------------------------------------------------
# Display the information about intrusion prevention profile profile_ips_1.
<sysname> display profile type ips name profile_ips_1
IPS Profile Configurations:
----------------------------------------------------------------------
Name : profile_ips_1
Description :
Referenced : 0
State : committed
AttackEvidenceCollection : disable
CnC Filter : block
AssocCheck: : enable
SignatureSet : sig_set1
Target : both
Severity : low medium high information
OS : unix-like windows android ios other
Protocol : all
Category : all
Action : default
Application : all
Exception:
ID Action Name
----------------------------------------------------------------------
12380 allow HP Intelligent Management Center TFTP Server MODE Remote Code Execution
----------------------------------------------------------------------
DNS Protocol Check:
Malformed-Packet Action : block
Request-Type Default-Action : block
Request-Type Check List:
Start-Type End-Type Action
--------------------------------------------------------------------
5 alert
10 block
--------------------------------------------------------------------
HTTP Protocol Check:
Multi-Host Action : block
SSH Over HTTP Action : block
X-Online-Host Blacklist Action : block
X-Forwarded-For Whitelist Action: alert
Blacklist
ID Domain Name
--------------------------------------------------------------------
1 www.example.com
--------------------------------------------------------------------
Whitelist
ID IPv4 Address
--------------------------------------------------------------------
1 10.1.1.1
--------------------------------------------------------------------
----------------------------------------------------------------------
Item |
Description |
|---|---|
IPS Profile Configurations |
Configuration information about the intrusion prevention profile |
Name |
Name of the profile |
Description |
Description of the profile |
Referenced |
Number of references by a security policy |
State |
Status of a profile:
|
AttackEvidenceCollection |
State of attack evidence collection function:
|
CnC Filter |
Action for malicious domain name check:
|
AssocCheck |
Status of correlation detection function:
|
SignatureSet |
Signature filter name (All following information is about the signature filter.) |
Target |
Detection target of a signature filter |
Severity |
Severity of attacks matching the signature filter |
OS |
Operating system targeted by the attacks matching the signature filter |
Protocol |
Protocol of packets matching the signature filter |
Category |
Threat level of the signature filter |
Action |
Action for packets matching the signature filter |
Application |
Application of the signature filter |
Exception |
Exception signature |
ID |
Exception signature ID |
Action |
Action for the exception signature |
Name |
Name of the exception signature |
DNS Protocol Check |
DNS packet detection |
Malformed-Packet Action |
Processing action for a malformed DNS packet, which can be:
|
Request-Type Default-Action |
Default processing action for a DNS query request packet, which can be:
|
Request-Type Check List |
Detection list of DNS query request packets |
Start-Type |
Start value of the query type |
End-Type |
End value of the query type |
Action |
Processing action for a DNS query packet in the list, which can be:
|
HTTP Protocol Check |
HTTP packet detection |
Multi-Host Action |
Processing action for an HTTP packet with multiple Host fields, which can be:
|
SSH Over HTTP Action |
Processing action for an HTTP traffic involving SSH traffic, which can be:
|
X-Online-Host Blacklist Action |
Processing action for a packet whose X-Online-Host field matches the blacklist, which can be:
|
X-Forwarded-For Whitelist Action |
Processing action for a packet whose X-Forwarded-For field matches the whitelist, which can be:
|
Blacklist |
Blacklist |
ID |
ID of a blacklist |
Domain Name |
Domain name or IP address on a blacklist |
Whitelist |
Whitelist |
ID |
ID of a whitelist |
IPv4 Address |
IP address in a whitelist |
# Display information about signature filter sig_set1 in intrusion prevention profile profile_ips_1.
<sysname> display profile type ips name profile_ips_1 signature-set-name sig_set1
IPS Profile Signature Set Configurations:
--------------------------------------------------------------
SignatureSet : sig_set1
Target : both
Severity : low medium high information
OS : unix-like windows android ios other
Protocol : all
Category : all
Action : alert
Application : all
--------------------------------------------------------------
Table 2 shows the description of the display profile type ips name name signature-set-name signature-set-name command output.
# Display information about exception signature 12380 in intrusion prevention profile profile_ips_1.
<sysname> display profile type ips name profile_ips_1 exception-signature-id 12380
IPS Profile Exception Configurations:
----------------------------------------------------------------------
ID Action Name
----------------------------------------------------------------------
12380 allow HP Intelligent Management Center TFTP Server MODE Remote Code Execution
----------------------------------------------------------------------
Table 2 shows the description of the display profile type ips name name exception-signature-id exception-signature-id command output.