Modifying Existing Rules

You can save system-provided rules and rules belonging to ancestor domains as new custom rules in the local rule category, which you can then modify.

Procedure

Step 1

Access the intrusion rules using either of the following methods:

  • Choose Policies > Access Control > Intrusion.

    Click Snort 2 Version next to the policy you want to edit and click Rules.

  • Choose Objects > Intrusion Rules.

Step 2

Locate the rule you want to modify. You have the following choices:

Step 3

Click Edit (edit icon) next to the rule or, in the case of search results, click the rule message.

If View (View button) appears instead, the configuration belongs to an ancestor domain, or you do not have permission to modify the configuration.

Step 4

Modify the rule as appropriate for the rule type.

Note

Do not modify the protocol for a shared object rule; doing so would render the rule ineffective.

Step 5

You have the following choices:

  • Click Save if you are editing a custom rule and want to overwrite the current version of that rule.
  • Click Save As New if you are editing a system-provided rule or any rule belonging to an ancestor domain, or if you are editing a custom rule and want to save the changes as a new rule.

What to do next

  • If you want to use the local modification of the rule instead of the system-provided rule, deactivate the system-provided rule by using the procedures at Intrusion Rule States and activate the local rule.

  • Deploy configuration changes.