Security Intrusion Prevention Profile
Configure Security Intrusion Prevention Profile.
Diagram
Section titled “Diagram”
Classes
Section titled “Classes”policy_object_profile (sdwan.feature_profiles)
Section titled “policy_object_profile (sdwan.feature_profiles)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| security_intrusion_prevention_profiles | List | [security_intrusion_prevention_profiles] | No |
security_intrusion_prevention_profiles (sdwan.feature_profiles.policy_object_profile)
Section titled “security_intrusion_prevention_profiles (sdwan.feature_profiles.policy_object_profile)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[^&<>! "]{1,32}$ | Yes | |
| alert_log_level | Choice | emergency, alert, critical, error, warning, notice, info, debug | No | error |
| custom_signature_set | Boolean | true, false | No | false |
| inspection_mode | Choice | detection, protection | Yes | |
| signature_allow_list | String | Regex: ^[^&<>! "]{1,32}$ | No | |
| signature_set | Choice | balanced, connectivity, security | Yes |
Examples
Section titled “Examples”Example-1: This example demonstrates how to configure a Security Intrusion Prevention Profile with alert_log_level, custom_signature_set, inspection_mode, signature_allow_list, and signature_set.
sdwan: feature_profiles: policy_object_profile: security_intrusion_prevention_profiles: - name: intrusion_prevention_full alert_log_level: critical custom_signature_set: false inspection_mode: detection signature_allow_list: security_ips_signature signature_set: balanced