Editing custom patterns
The following steps are required in order to edit custom patterns:
Editing the CustomPatterns.in fileOn the development workstation:
- In the CustomPatterns.in file:
- Edit the section that defines the pattern,
- Increment the Revision field of the corresponding context.
- Transfer this file to the acceptance testing firewall to replace the existing CustomPatterns.in file.
- or -
On the acceptance testing firewall, run the CustomPatterns.in file:
- Edit the section that defines the pattern,
- Increment the Revision field of the corresponding context.
Validating and compiling custom patterns
On the acceptance testing firewall:
- Validate the custom pattern file:
enpattern -t /usr/Firewall/ConfigFiles/CustomPatterns.in.
- Compile the signatures:
enpattern -fav
- Enable the patterns in the intrusion prevention engine:
enasq
- In Application protection > Applications and protections, ensure that this pattern is present.
- Test the changes made to your custom pattern by using appropriate network traffic. Ensure that the alarm is raised as expected (Dashboard > Alarms widget).
On the Active Update server
Deploy the new custom pattern archive on your Active Update server.