Implementing custom patterns on the acceptance testing firewall
Four steps are required to add custom signatures on a firewall:
Transferring the custom pattern file to the acceptance testing firewall
In SCP (in command line or using a WinSCP utility), copy the CustomPatterns.in file into the /usr/Firewall/ConfigFiles folder of the acceptance testing firewall.
Verifying the validity of the custom pattern definition file
Run the command:
enpattern -t /usr/Firewall/ConfigFiles/CustomPatterns.in
If the signature definition file is invalid, one or several messages will appear indicating the types of errors detected.
Compiling custom patterns
After having fixed any anomalies detected in the custom pattern definition file, run the command:
enpattern -fav
This command will launch the compilation of all patterns (options -f and -a). The option -v enables the command's verbose mode.
The folder /usr/Firewall/Data/CustomPatterns/Download will then contain one file per context, containing all patterns specific to this context (e.g.: tcpudp_hostname).
Enabling custom patterns in the intrusion prevention engine
On the acceptance testing firewall, run the command:
enasq
This command forces the intrusion prevention engine to take into account the custom patterns compiled earlier.