set threat-prevention ips network-exception position

In the R82.00.X releases, this command is available starting from the R82.00.00 version.

Description

Configure an existing exception rule to the IPS blade by position for a specific protection by protection ID (Code).

Syntax

set threat-prevention ips network-exception position <position> [ protection-code <protection-code> ] [ destination <destination> ] [ destination-negate {true | false} ] [ service <service> ] [service-negate {true | false} ] [ source <source> ] [ source-negate {true | false} ] [ comment "<comment>" ]

Parameters

Parameter	Description
comment	Configures the comment text for the IPS Network exception. A string that contains less than 257 characters, of this set: `a-z` (lower-case letters) `A-Z` (upper-case letters) `0-9` (digits) '`,`' (comma) '`.`' (period) '`-`' (minus) '`(`' (opening round bracket) '`)`' (closing round bracket) '`:`' (colon) '`@`' (at)
destination	Network object that is the target of the connection
destination-negate	If true, the destination is all traffic except what is defined in the destination field
position	The order of the rule in the Rule Base (a decimal number)
protection-code	Indicates if the exception rule will be matched on all IPS protections or a specific one
service	Type of network service that is under exception
service-negate	If true, the service is everything except what is defined in the service field
source	Network object or user group that initiates the connection
source-negate	If true, the service is everything except what is defined in the service field

Example Command

set threat-prevention ips network-exception position 2 protection-code 12345678 destination TEXT destination-negate true service TEXT service-negate true source TEXT source-negate true comment "This is a comment"