Intrusion Rule Header Protocol

In each rule header, you must specify the protocol of the traffic the rule inspects. You can specify the following network protocols for analysis:

  • ICMP (Internet Control Message Protocol)

  • IP (Internet Protocol)

    Note

    The system ignores port definitions in an intrusion rule header when the protocol is set to ip.

  • TCP (Transmission Control Protocol)

  • UDP (User Datagram Protocol)

Use IP as the protocol type to examine all protocols assigned by IANA, including TCP, UDP, ICMP, IGMP, and many more.

Note

You cannot currently write rules that match patterns in the next header (for example, the TCP header) in an IP payload. Instead, content matches begin with the last decoded protocol. As a workaround, you can match patterns in TCP headers by using rule options.

Within the Intrusion Rules editor, you select the protocol type from the Protocol list.