IDS Parameters

The Intrusion Detection System (IDS) parameters are described in the table below.

IDS Parameters

Parameter

Description

'Intrusion Detection System (IDS)'

enable-ids

[EnableIDS]

Enables the IDS feature.

[0] Disable (default)
[1] Enable

'Alarm Clear Period'

alarm-clear-period

[IDSAlarmClearPeriod]

Defines the interval (in seconds) after which an IDS alarm is cleared from the Active Alarms table if no thresholds are crossed during this time. However, this "quiet" period must be at least twice the Threshold Window value. For example, if IDSAlarmClearPeriod is set to 20 sec and the Threshold Window is set to 15 sec, the IDSAlarmClearPeriod parameter is ignored and the alarm is cleared only after 30 seconds (2 x 15 sec).

The valid value is 0 to 86400. The default is 300.

'Excluded Response Codes'

excluded-responses

[IDSExcludedResponseCodes]

Defines the SIP response codes that are excluded form the IDS count for SIP dialog establishment failures.

The valid value is 400 through to 699. The maximum length is 100 characters. You can configure the parameter with multiple codes, where each code is separated by a comma (without spaces). The default is 408,422,423,480,481,486,487,500,501,502,503,504,505,600.

For more information, see Configuring SIP Response Codes to Exclude from IDS.

Note:

The parameter applies only to rejected responses received from the remote network; not rejected responses generated by the device (except for 404).
The response codes 401 and 407 are considered authentication failures and therefore, are not applicable to this parameter.