set threat-prevention exception

In the R82.00.X releases, this command is available starting from the R82.00.00 version.

Description

Configures an existing exception rule for the Threat Prevention malware exceptions.

Note - The source and destination can be a network objects view or an updatable object, but not both.

Syntax

set threat-prevention exception <position> [ destination <destination> | <destination-updatable-object name>] | <destination-updatable-object uid> ] [ destination-negate {true | false} ] [ service <service> ] [ service-negate {true | false} ] [ source <source> | <source-updatable-object name> | <source-updatable-object uid> ] [ source-negate {true | false} ] [ { protection-name <protection-name> | [ protection-code <protection-code> ] | [ blade <blade> ] } ] [ action <action> ] [ log <logging> ] [ comment "<comment>"]

Parameters

Parameter

Description

action

The action taken when there is a match on the rule

Options: ask, prevent, detect, inactive

blade

The blade to which the exception applies: Anti-Virus, Anti-Bot or both

Options: any, any-av, any-ab, any-ips

comment

Additional description for the exception

A string that contains less than 257 characters, of this set:

  • a-z (lower-case letters)

  • A-Z (upper-case letters)

  • 0-9 (digits)

  • ',' (comma)

  • '.' (period)

  • '-' (minus)

  • '(' (opening round bracket)

  • ')' (closing round bracket)

  • ':' (colon)

  • '@' (at)

destination

Network object that is the target of the connection

destination-updatable-object name

A valid name of an updatable object, to be used as the destination

destination-updatable-object uid

A valid UID of an updatable object, to be used as the destination

destination-negate

If true, the destination is all traffic except what is defined in the destination field

log

The logging method used when there is a match on the rule:

  • none - Do not generate a log

  • log - Generate a log

  • alert - Generate a log with alert

position

The order of the rule in comparison to other rules

Type: Decimal number

protection-code

Indicates if the exception rule will be matched a specific IPS protection

protection-name

Indicates if the exception rule will be matched a specific IPS protection

service

Type of network service that is under exception

service-negate

If true, the service is everything except what is defined in the service field

source

IP address, network object or user group that the exception applies to

source-updatable-object name

A valid name of an updatable object, to be used as the source

source-updatable-object uid

A valid UID of an updatable object, to be used as the source

source-negate

If true, the source is all traffic except what is defined in the source field

Example Command

set threat-prevention exception 2 destination TEXT destination-negate true service http service-negate true source TEXT source-negate true protection-name MyProtection action ask log none comment "This is a comment"

 

set threat-prevention exception 3 destination-updatable-object name Greece source-updatable-object name Poland