| Action Set Type | Description |
| Block | Blocks a packet from being transferred to the network. |
| Block + Notify | Blocks a packet from being transferred and notifies the SMS management console in the form of an event listing. |
| Block + Notify + Trace | Blocks a packet from being transferred, notifies the SMS management console in the form of an event listing, and logs all information about the packet according to the packet trace settings. |
| Permit + Notify | Permits a packet and notifies the SMS management console in the form of an event listing. |
| Permit + Notify + Trace | Permits a packet, notifies the SMS management console as an event listing, and logs all information about the packet according to the packet trace settings. |
| Trust | Allows the traffic stream to continue without comparing it with any other filter rules. |
Procedure:
- Log in to the SMS from a client.
- From the top navigation pane, click Profiles. The Profiles screen displays.
- From the navigation pane on the left, click the + sign next to the Profiles to expand the category.
- From the navigation pane on the left, select Shared Settings.
- To Create an action set, do one of the following:
- Select the Action Sets tab and click New.
- On the Menu Bar, select the File > New > Action Set menu item.
- Right-click an entry and click New.
- To create Edit an action set, do one of the following:
- Select the Action Sets tab, select an action, and Edit.
- Double-click the filter.
- Right-click the filter and choose Edit.
- The Create Action Set wizard displays.
- Enter a Name for the action set.
- Select a Flow Control:
- Permit: Select to permit traffic associated with this action set.
- Block: Select to block traffic. TCP Reset - Used with the Block action, resets the source, destination, or both IPs of an attack. This option resets blocked TCP flows.
- Quarantine: Used to quarantine a host IP (source or destination) address that triggers the filter.
- Rate Limit: Select to limit the traffic rate and enter an amount for the bandwidth. See Action Sets: Flow Control Rate Limit Configurations. Select a rate for the rate limit setting.
- Trust: Select to trust traffic associated with this action set.
- Click Next or select Notifications from the wizard navigation pane.
- To have the SMS receive an alert, select Management Console.
- To use an SMS Active Response action, select the SMS Response check box and then choose the Active Response policy from the drop-down list that is to be tied to this action set.
- To enable remote Syslog, select Remote Syslog for the action set. The Syslog server that is defined on the device is the Syslog server to use.
- Note: The Syslog may be defined from Devices > [Device Name] > Device Configuration > Edit > Remote Syslog.
- To add an email notification contact, Click Add in the Email area.
- Note: The device that is to receive a distribution with a profile using an action set with an email contact must have a mail server defined from Devices > [Device Name] > Device Configuration > Edit > Servers > Email Server Settings.
- To add an SNMP notification contact, click Add in the SNMP area.
- Note: For both Email and SNMP, you can select entries to add or click New to create new notification contacts.
- Note: SNMP notification contacts require SNMPv2, and will not work when SNMPv2 is disabled.
- Click Next or select Packet Trace from the wizard navigation pane. To return to a previous screen, click Previous.
- To enable the packet trace, select the Packet Trace check box and complete the following items:
- Select a Length: Full or Partial. If you select Partial, enter the number of bytes.
- Select the Priority: High, Medium, or Low.
- To return to a previous screen, click Previous. After entering information on the final screen, click Finish to save your entries.
Reference: SMS User Guide