Zone Service
The Zone Service section allows you to view and configure zone services. Click the Plus (+) sign to expand the various available zone service options. Additional configuration can be done by clicking “More...”
Existing zone service templates can be duplicated, by selecting existing mitigation level configured templates from the “Copy config from service and auto-mitigation level” drop-down list.
|
Zone Service |
Description |
|
Service Limits |
Configure GLID policy for destination IP. |
|
Per-Source Limits |
Configure GLID policy for source IP. |
|
HTTP Authentication HTTP Service |
Configure HTTP template attributes. |
|
UDP Authentication UDP Service |
Configure UDP template attributes. |
|
TCP Authentication TCP Service |
Configure TCP template attributes. |
|
DNS-TCP Service |
Configure DNS and TCP template attributes. |
|
DNS-UDP Authentication DNS-UDP Service |
Configure DNS and UDP template attributes. |
|
SSL-L4 Authentication SSL-L4 Service |
Configure SSL-L4 template attributes. |
|
Src IP Policies |
Configure source-based policy using a class list. |
|
SIP-TCP |
Configure SIP and TCP template attributes |
|
SIP-UDP |
Configure SIP and UDP template attributes |
|
Attack Pattern Filters |
The number of packets dropped because the packets matched the applied signature extraction filters. Click More... The Dynamic Attack Pattern Filters pop-up displays the following information:
|
To access the TPS Zone Mitigation Console page, navigate as follows:
- From Mitigation, click on Zone Mitigation Console from the main menu.
- In the Max Packets Per Device field, enter the maximum number of packets to capture from a device before it stops.
- In the Protocols field, select the check boxes for the protocols to capture or leave all unchecked to capture all protocols. For example, select the IP and TCP to capture IPv4 TCP packets.
- In the Berkeley Packet Filter field, enter, in Berkeley Packet Filter syntax, the expressions to filter packets, for example, “ip proto 47”.
- From the Device drop-down menu, select either “All” to capture packets from all the devices in an incident, or select a single device for capture.
- In the Timeout field, enter the maximum capture duration. If the maximum packet counter per device is reached first, the capture will automatically stop. This is a required field.
- In the Max Packet Length field, enter the maximum allowable size packet value.
- Select the Egress check box to enable capture of all packets forwarded to the destination entry.
- In the File Size field, enter the maximum file size value.
- Use the Regex Filter field to search for a pattern in the payload of a packet, for example “Host:*”.
- Select Start to begin packet debugging.
- When the process has begun, the Start button will be replaced by a Stop button. Select Stop to manually halt the process or wait until time is up for the full captured packet session. A table will display the last 9 captured packets in real-time. When the capture is stopped, a table index is displayed with all captured packets.
| NOTE: | The ongoing capture will not show index and timestamp of capture. Click on a Packet to select. Use the up and down arrows on the keyboard to select the previous or next packet. |
|
Zone Service |
Description |
|
Index |
Index sequence |
|
Time |
Timestamp of the packet |
|
CC |
Geo-location of source IP address |
|
Source |
Source IP address |
|
Port |
Source Port information |
|
CC |
Geo-location of destination IP address |
|
Destination |
Destination IP address |
|
Port |
Destination Port information |
|
Protocol |
Protocol involved (TCP, UDP, ICMP, ARP, Other) |
|
Length |
Length of packet |
|
Device |
Device involved with packet capture |
|
Drop Reason |
Reason for dropped packet |
|
Match |
String in payload that matches regex filter |
The Search bar can be used to search packets.