[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

Setting Terminal Rules in Rulebases

By default, rules in the IDP rulebase are not terminal. That means that IDP examines all rules in the rulebase and executes all matches. You can specify that a rule is terminal; if IDP encounters a match for the source, destination, and service specified in a terminal rule, it does not examine any subsequent rules for that connection.

Before You Begin
  1. For background information, read:
  2. Establish basic connectivity. For more information, see the Getting Started Guide for your device.
  3. Configure network interfaces. See the JUNOS Software Interfaces and Routing Configuration Guide.
  4. Enable IDP application services in a security policy. See Enabling IDP in a Security Policy.
  5. Create security zones. See Creating Security Zones.
  6. Define rules. See Defining Rules for an IPS Rulebase.

The configuration statements in this topic describe how to define terminal rules. You define a rule R2 to terminate the match algorithm if the source IP of the traffic originates from a known trusted network in your company. If this rule is matched, IDP disregards traffic from the trusted network and does not monitor the session for malicious data.

Then you configure another rule R5 to terminate the match algorithm when the destination is the Web server and the attack is a critical HTTP attack. The rule ensures that IDP drops the critical HTTP attacks against the Web server and does not continue to match the connection.

You can use either J-Web or the CLI configuration editor to configure an application set.

This topic contains:

[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]