Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Creating IPS Policies

 

Use this page to define how your device handles network traffic and to define policy rules. It allows you to enforce various attack detection and prevention techniques on traffic traversing your network.

Before You Begin

To configure an IPS policy:

  1. Select Configure > IPS Policy > Policies.
  2. Click the + icon.
  3. Complete the configuration according to the guidelines provided in the Table 1.
  4. Click OK.

    A new IPS policy with your configurations is created. After you create an IPS policy, add rules in one or more rulebases and publish the policy. For more information on the IPS policy rules, see Creating IPS Policy Rules To enable the IPS policy, apply it to a domain, see Assigning Policies and Profiles to Domains.

Table 1: IPS Policy Settings

Settings

Guidelines

Name

Enter a unique string of alphanumeric characters, colons, periods, dashes, and underscores. No spaces are allowed and the maximum length is 255 characters.

Description

Enter a description for the IPS policy; maximum length is 2048 characters.

Policy Options

Configuration Mode

Select Advanced to create a policy that allows you to modify custom IPS rules independent of the predefined template. In addition, you can start with a predefined template that copies the predefined rules to your policy, and then edit or delete the rules as necessary.

Policy Templates

Select the predefined and custom policy templates from the Available column to include in the selected list for grouping all rules.

Type

Select an option either to update a specific firewall policy configuration to a large set of devices or to push a unique firewall policy configuration per device:

  • Group Policy—Use this option when you want to push a configuration to a group of devices. You can create rules for a group policy.

  • Device Policy—Use this option when you want to push a unique IPS policy configuration per device. You can create device rules for a device IPS policy.

Device Selection

Devices

If you selected device policy template type, then select a device on which the policy will be published.

If you selected group policy template type, then select the devices from the Available column to include in the selected list for the group policy that will be published.

You can assign devices with Junos OS Release until 18.1. You must assign devices with Junos OS Release 18.2 onward from firewall policies.

Note: Starting in Junos Space Security Director Release 20.1R1, logical system (LSYS) is supported on devices running Junos OS Release 18.3 and later.

Starting in Junos Space Security Director Release 21.2R1, tenant system (TSYS) is supported on devices running Junos OS Release 18.3 and later for SRX Series devices and Junos OS Release 20.1 and later for VSRX Series devices.

Policy Sequence

Placement

Select an option to display or place the policy you have created before or after the device-specific policies.

Sequence No.

Select this option to specify the policy sequence number. This number identifies the location of your policy in relation to the entire sequence.

Select Policy Sequence

Move and place the policy to your preferred sequence in the list. This helps you to organize your policy in the required sequence.

Related Documentation