Changes In Default Behavior and Syntax

Specifying Service Fields for Custom Attack Definition in IDP

On SRX-series devices, while running commands in IDP, ensure that you provide the service field values in lowercase.

Example:

set security idp custom-attack temp severity info attack-type signature context packet direction any pattern .* protocol udp destination-port match equal value 1333

Here the protocol service field value udp is specified in lowercase.

IDP Policy Commits Fail When There Are Detector Settings and No Policies

When the SRX-series device has no IDP policy loaded and the new configuration includes detector settings, the policy commit fails and an error message is displayed. These error messages are also saved in a log file available at the following location

/var/log/idpd_error.timestamp

where timestamp is the date and time at which a particular error occurred.

To load the policy, you need to deactivate the sensor configuration and commit once; then you need to activate the sensor configuration and commit again to load the configured protocol decoder values.

Use Of Logical Interface Subnet IP Addresses as Source or Destination IP Addresses in Tunnel Configurations

To avoid a kernel crash, configurations are not allowed if the source or destination address of a tunnel specified in the configuration falls under the subnet of the same logical interface. If you try to commit such a configuration, the commit fails.

Use of Member Option in Custom Signature Definitions in IDP

When defining custom signatures, you cannot specify the member option. However, you can define this option when you create Chain or Compound attacks.