fw sam_policy
Description
Manages the Suspicious Activity Policy editor that works with these types of rules:
-
Suspicious Activity Monitoring (SAM) rules.
See sk112061: How to create and view Suspicious Activity Monitoring (SAM) Rules.
-
Rate Limiting rules.
See sk112454: How to configure Rate Limiting rules for DoS Mitigation.
Also, see these commands:
-
sam_alert
(see the R81 CLI Reference Guide)
|
Notes:
|
|
Important:
|
|
Best Practice - The SAM Policy rules consume some CPU resources on Security Gateway. Set an expiration for rules that gives you time to investigate, but does not affect performance. Keep only the required SAM Policy rules. If you confirm that an activity is risky, edit the Security Policy Collection of rules that control network traffic and enforce organization guidelines for data protection and access to resources with packet inspection., educate users, or otherwise handle the risk. |
Syntax for IPv4
|
|
Syntax for IPv6
|
|
Parameters
Parameter |
Description |
||
---|---|---|---|
|
Runs the command in debug mode. Use only if you troubleshoot the command itself.
|
||
|
Adds one Rate Limiting rule Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session. one at a time. See fw sam_policy add. |
||
|
Adds or deletes many Rate Limiting rules at a time. See fw sam_policy batch. |
||
|
Deletes one configured Rate Limiting rule one at a time. See fw sam_policy del. |
||
|
Shows all the configured Rate Limiting rules. See fw sam_policy get. |