Intrusion Prevention Policy
An IPS (Intrusion Prevention System) policy in Cisco SD-WAN helps detect and prevent security threats by inspecting network traffic and blocking malicious activities.
A policy is defined by providing the settings that dictate the operational mode of the Snort engine and actions invoked by the matching of specific signatures (Snort rules).
Diagram
Classes
definitions (sdwan.security_policies)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| intrusion_prevention | List | [intrusion_prevention] | No |
intrusion_prevention (sdwan.security_policies.definitions)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[A-Za-z0-9\-_]{1,32}$ | No | |
| description | String | Yes | ||
| mode | Choice | security | Yes | |
| inspection_mode | Choice | protection, detection | Yes | |
| log_level | Choice | emergency, alert, critical, error, warning, notice, informational, debug | Yes | |
| signature_set | Choice | balanced, connectivity, security | Yes | |
| target_vpns | List | Integer[min: 0, max: 65530] | Yes |
Examples
sdwan:
security_policies:
definitions:
intrusion_prevention:
- name: IPS_Test_Policy
description: SaC_IPS_Test_Policy
mode: security
inspection_mode: protection
log_level: alert
signature_set: balanced
target_vpns:
- 10
- 20