IDP Policies

The JUNOS Software Intrusion Detection and Prevention (IDP) policy enables you to selectively enforce various attack detection and prevention techniques on network traffic passing through an IDP-enabled device. It allows you to define policy rules to match a section of traffic based on a zone, network, and application, and then take active or passive preventive actions on that traffic.

For information about which devices support the features documented in this chapter, see Support Overview for Security Features.

This chapter includes the following topics:

• IDP Policies Overview
• Understanding IDP Policy Rulebases
• Understanding IDP Policy Rules
• Understanding IDP Rule Match Conditions
• Understanding IDP Rule Objects
• Understanding IDP Rule Actions
• Understanding IDP Rule IP Actions
• Understanding IDP Rule Notifications
• Defining Rules for an IPS Rulebase
• Defining Rules for an Exempt Rulebase
• IDP Policies—Quick Configuration
• Inserting a Rule in the Rulebase
• Deactivating and Reactivating Rules in a Rulebase
• Understanding Application Sets
• Configuring Applications or Services for IDP
• Configuring Application Sets for IDP
• Enabling IDP in a Security Policy
• Understanding IDP Terminal Rules
• Setting Terminal Rules in Rulebases
• Understanding Custom Attack Objects
• Understanding Protocol Decoders
• Configuring Signature-Based Attacks
• Configuring Protocol Anomaly-Based Attacks
• Specifying IDP Test Conditions for a Specific Protocol
• Configuring DSCP in an IDP Policy