Hi there,
I've got an issue regarding traffic matching. I have an IDP with some simple rules configured:
ANY to ANY - Terminate - Look for: VoIP Attacks - Action: DSCP 10
ANY to ANY - Terminate - Look for: HTTP Attacks - Action: DSCP 12
ANY to ANY - No Terminate - Look for: None - Action DSCP 1
I want to be able to mark all traffic that isn't VoIP or HTTP to be DSCP 1. My logs show traffic being matched by rule 3, with action DSCP 1, but the traffic is unmarked. VoIP and HTTP traffic however are being marked.
I suspect this has something to do with the "Look for: None" not triggering any action if no attacks are found. Is there another way of getting the IDP to mark DSCP on all traffic that isn't matched by a specific policy?