Implementing custom patterns on the acceptance testing firewall
Four steps are required to add custom signatures on a firewall:
In SCP (in command line or using a WinSCP utility), copy the CustomPatterns.in file into the /usr/Firewall/ConfigFiles folder of the acceptance testing firewall.
Run the command:
enpattern -t /usr/Firewall/ConfigFiles/CustomPatterns.in
If the signature definition file is invalid, one or several messages will appear indicating the types of errors detected.
After having fixed any anomalies detected in the custom pattern definition file, run the command:
This command will launch the compilation of all patterns (options -f and -a). The option -v enables the command's verbose mode.
The folder /usr/Firewall/Data/CustomPatterns/Download will then contain one file per context, containing all patterns specific to this context (e.g.: tcpudp_hostname).
On the acceptance testing firewall, run the command:
This command forces the intrusion prevention engine to take into account the custom patterns compiled earlier.