IDP Extended Package Configuration Overview
The Junos OS Intrusion Detection and Prevention (IDP) policy enables you to selectively enforce various attack detection and prevention techniques on network traffic passing through an IDP-enabled device. It allows you to define policy rules to match a section of traffic based on a zone, network, and application, and then take active or passive preventive actions on that traffic.
An IDP policy defines how your device handles the network traffic. It allows you to enforce various attack detection and prevention techniques on traffic traversing your network.
A policy is made up of rule bases, and each rule base contains a set of rules. You define rule parameters, such as traffic match conditions, action, and logging requirements, then add the rules to rule bases. After you create an IDP policy by adding rules in one or more rule bases, you can select that policy to be the active policy on your device.
To configure the IDP extended package (IPS-EP) perform the following steps:
- Enable IPS in a security policy. See Configuring IDP Policy Rules and IDP Rulebases.
- Configure IDP policy rules, IDP rule bases, and IDP rule actions. See Configuring IDP Policy Rules and IDP Rulebases .
- Configure IDP custom signatures. SeeUnderstanding IDP Signature-Based Attacks
- Update the IDP signature database. SeeIntrusion Detection and Prevention Feature Guide for Security Devices.
- When the IDP hits a resource limit, the default behavior
is to ignore the flow and let the flow pass without inspection. To
avoid this behavior, configure the drop-on-limit option.
This command ensures IDP attack inspection of all traffic and does not allow any traffic without inspection.Also, see IDP Sensor Configuration.user@host# set security idp sensor-configuration flow drop-on-limit