set threat-prevention ips network-exception

Description

Configure an existing exception rule to the IPS blade by position for a specific protection by protection name.

Syntax

set threat-prevention ips network-exception position <position> protection-name <protection-name> [ destination <destination> ] [ destination-negate <destination-negate> ] [ service <service>] [ service-negate <service-negate> ] [ source <source> ] [ source-negate <source-negate> ] [ comment <comment> ]

Parameters

Parameter	Description
comment	Comment on the IPS Network exception Type: A string that contains less than 257 characters, of this set: 0-9, a-z or , . - : () @
destination	Network object that is the target of the connection
destination-negate	If true, the destination is all traffic except what is defined in the destination field Type: Boolean (true/false)
position	The order of the rule in the Rule Base Type: Decimal number
protection-name	Indicates if the exception rule will be matched on all IPS protections or a specific one
service	Type of network service that is under exception
service-negate	If true, the service is everything except what is defined in the service field Type: Boolean (true/false)
source	Network object or user group that initiates the connection
source-negate	If true, the service is everything except what is defined in the service field Type: Boolean (true/false)

Example

set threat-prevention ips network-exception position 2 protection-name word destination TEXT destination-negate true service TEXT service-negate true source TEXT source-negate true comment "This is a comment."