Protocol anomaly detection: Specifies a check level for the protocol validity check of the signature set.

• Strict: When the Check level is set to Strict, if any protocol anomaly has been detected during the parsing, system will take the action that is specified in the corresponding attack level against the attacking packets according to the security level of the anomaly.
• Loose: When the Check level is set to Loose, if any protocol anomaly has been detected during the parsing, system will only generate logs and invoke the engine to perform signature matching.

Action for brute-force: If the login attempts per minute fail for the times specified by the threshold, system will identify the attempts as an intrusion and take an action according to the configuration.

• Brute-force: Select the Enable check box to enable brute-force.
• Login threshold per min: Specifies a permitted authentication/login failure count per minute. The value range is 1 to 100000.
• Block by: Blocks the IP or service of the attacker whose login failure count exceeds the threshold.
• Block duration: Specifies a block duration for the attacker IP or service. The value range is 60 to 3600 seconds.

Protocol anomaly detection: Specifies a check level for the protocol validity check of the signature set.

• Strict: When the Check level is set to Strict, if any protocol anomaly has been detected during the parsing, system will take the action that is specified in the corresponding attack level against the attacking packets according to the security level of the anomaly.
• Loose: When the Check level is set to Loose, if any protocol anomaly has been detected during the parsing, system will only generate logs and invoke the engine to perform signature matching.

Banner protection: Select the Enable check box to enable protection against FTP server banners.

• Banner information: Type the new information into the box that will replace the original server banner information.

Max command line length: Specifies a max length (including carriage return) for the FTP command line. The value range is 5 to 1024 bytes.

• Security level: Specifies a security level for the events that exceed the max command line length. System will take action according to this level.

Max response line length: Specifies a max length for the FTP response line. The value range is 5 to 1024 bytes.

• Security level: Specifies a security level for the events that exceed the max response line length. System will take action according to this level.

Protocol anomaly detection: Specifies a check level for the protocol validity check of the signature set.

• Strict: When the Check level is set to Strict, if any protocol anomaly has been detected during the parsing, system will take the action that is specified in the corresponding attack level against the attacking packets according to the security level of the anomaly.
• Loose: When the Check level is set to Loose, if any protocol anomaly has been detected during the parsing, system will only generate logs and invoke the engine to perform signature matching.

Banner protection: Select the Enable check box to enable protection against HTTP server banners.

• Banner information: Type the new information into the box that will replace the original server banner information.

Max URI length: Specifies a max URI length for the HTTP protocol. The value range is 64 to 4096 bytes.

• Security level: Specifies a security level for the events that exceed the max URI length. System will take action according to this level.

Allowed methods: Specifies allowed HTTP method(s).

XSS check: Select the Enable check box to enable XSS check for the HTTP protocol.

SQL check: Select the Enable check box to enable SQL injection check for the HTTP protocol.

Command injection check: Select the Enable check box to enable command injection check for the HTTP protocol.

Action for brute-force: If the login attempts per minute fail for the times specified by the threshold, system will identify the attempts as an intrusion and take an action according to the configuration.

• Brute-force: Select the Enable check box to enable brute-force.
• Login threshold per min: Specifies a permitted authentication/login failure count per minute. The value range is 1 to 100000.
• Block by: Blocks the IP or service of the attacker whose login failure count exceeds the threshold.
• Block duration: Specifies a block duration for the attacker IP or service. The value range is 60 to 3600 seconds.

Protocol anomaly detection: Specifies a check level for the protocol validity check of the signature set.

• Strict: When the Check level is set to Strict, if any protocol anomaly has been detected during the parsing, system will take the action that is specified in the corresponding attack level against the attacking packets according to the security level of the anomaly.
• Loose: When the Check level is set to Loose, if any protocol anomaly has been detected during the parsing, system will only generate logs and invoke the engine to perform signature matching.

Banner protection: Select the Enable check box to enable protection against POP3 server banners.

• Banner information: Type the new information into the box that will replace the original server banner information.

Max command line length: Specifies a max length (including carriage return) for the POP3 command line. The value range is 5 to 1024 bytes.

• Security level: Specifies a security level for the events that exceed the max command line length. System will take action according to this level.

Max parameter length: Specifies a max length for the POP3 client command parameter. The value range is 8 to 256 bytes.

• Security level: Specifies a security level for the events that exceed the max parameter length. System will take action according to this level.

Max failure time: Specifies a max failure time (within one single POP3 session) for the POP3 server. The value range is 0 to 512 times.

• Security level: Specifies a security level for the events that exceed the max failure time. System will take action according to this level.

Action for brute-force: If the login attempts per minute fail for the times specified by the threshold, system will identify the attempts as an intrusion and take an action according to the configuration.

• Brute-force: Select the Enable check box to enable brute-force.
• Login threshold per min: Specifies a permitted authentication/login failure count per minute. The value range is 1 to 100000.
• Block by: Blocks the IP or service of the attacker whose login failure count exceeds the threshold.
• Block duration: Specifies a block duration for the attacker IP or service. The value range is 60 to 3600 seconds.

Protocol anomaly detection: Specifies a check level for the protocol validity check of the signature set.

• Strict: When the Check level is set to Strict, if any protocol anomaly has been detected during the parsing, system will take the action that is specified in the corresponding attack level against the attacking packets according to the security level of the anomaly.
• Loose: When the Check level is set to Loose, if any protocol anomaly has been detected during the parsing, system will only generate logs and invoke the engine to perform signature matching.

Banner protection: Select the Enable check box to enable protection against SMTP server banners.

• Banner information: Type the new information into the box that will replace the original server banner information.

Max command line length: Specifies a max length (including carriage return) for the SMTP command line. The value range is 5 to 1024 bytes.

• Security level: Specifies a security level for the events that exceed the max command line length. System will take action according to this level.

Max path length: Specifies a max length for the reverse-path and forward-path field in the SMTP client command. The value range is 16 to 512 bytes (including punctuation marks).

• Security level: Specifies a security level for the events that exceed the max path length. System will take action according to this level.

Max reply line length: Specifies a max reply line length for the SMTP server. The value range is 64 to 1024 bytes (including carriage return).

• Security level: Specifies a security level for the events that exceed the max reply line length. System will take action according to this level.

Max text line length: Specifies a max length for the E-mail text of the SMTP client. The value range is 64 to 2048 bytes (including carriage return).

• Security level: Specifies a security level for the events that exceed the max text line length. System will take action according to this level.

Max content type length: Specifies a max length for the Content-Type field. The value range is 64 to 1024 bytes

• Security level: Specifies a security level for the events that exceed the max Content-Type length. System will take action according to this level.

Max content filename length: Specifies a max length for the filename of E-mail attachment. The value range is 64 to 1024 bytes

• Security level: Specifies a security level for the events that exceed the max content filename length. System will take action according to this level.

Max failure time: Specifies a max failure time (within one single SMTP session) for the SMTP server. The value range is 0 to 512 times.

• Security level: Specifies a security level for the events that exceed the max failure time. System will take action according to this level.

Action for brute-force: If the login attempts per minute fail for the times specified by the threshold, system will identify the attempts as an intrusion and take an action according to the configuration.

• Brute-force: Select the Enable check box to enable brute-force.
• Login threshold per min: Specifies a permitted authentication/login failure count per minute. The value range is 1 to 100000.
• Block by: Blocks the IP or service of the attacker whose login failure count exceeds the threshold.
• Block duration: Specifies a block duration for the attacker IP or service. The value range is 60 to 3600 seconds.

Protocol anomaly detection: Specifies a check level for the protocol validity check of the signature set.

• Strict: When the Check level is set to Strict, if any protocol anomaly has been detected during the parsing, system will take the action that is specified in the corresponding attack level against the attacking packets according to the security level of the anomaly.
• Loose: When the Check level is set to Loose, if any protocol anomaly has been detected during the parsing, system will only generate logs and invoke the engine to perform signature matching.

Username/Password max length: Specifies a max length for the username and password used in Telnet. The value range is 64 to 1024 bytes

• Security level: Specifies a security level for the events that exceed the max username/password length. System will take action according to this level.

Max scan length: Specifies a max scan length. The value range is 0 to 65535 bytes.

Protocol anomaly detection: Specifies a check level for the protocol validity check of the signature set.

• Strict: When the Check level is set to Strict, if any protocol anomaly has been detected during the parsing, system will take the action that is specified in the corresponding attack level against the attacking packets according to the security level of the anomaly.
• Loose: When the Check level is set to Loose, if any protocol anomaly has been detected during the parsing, system will only generate logs and invoke the engine to perform signature matching.

Action for brute-force: If the login attempts per minute fail for the times specified by the threshold, system will identify the attempts as an intrusion and take an action according to the configuration.

• Brute-force: Select the Enable check box to enable brute-force.
• Login threshold per min: Specifies a permitted authentication/login failure count per minute. The value range is 1 to 100000.
• Block by: Blocks the IP or service of the attacker whose login failure count exceeds the threshold.
• Block duration: Specifies a block duration for the attacker IP or service. The value range is 60 to 3600 seconds.

Protocol anomaly detection: Specifies a check level for the protocol validity check of the signature set.

• Strict: When the Check level is set to Strict, if any protocol anomaly has been detected during the parsing, system will take the action that is specified in the corresponding attack level against the attacking packets according to the security level of the anomaly.
• Loose: When the Check level is set to Loose, if any protocol anomaly has been detected during the parsing, system will only generate logs and invoke the engine to perform signature matching.

Max bind length: Specifies a max length for MSRPC's binding packets. The value range is 16 to 65535 bytes.

• Security level: Specifies a security level for the events that exceed the max bind length. System will take action according to this level.

Max request length: Specifies a max length for MSRPC's request packets. The value range is 16 to 65535 bytes.

• Security level: Specifies a security level for the events that exceed the max request length. System will take action according to this level.