IDP Policies Configuration Page Options
- Select Configure>Security>IPS>Policy in the J-Web
user interface.
The IDP Policy configuration page appears. Table 217 explains the contents of this page.
Note IDP policies that are created by root users in root-logical-system are not displayed in security profile advanced settings if you have logged in as a logical system user.
The IPS Signature Package version and IPS Policy Status—Displays the version of IPS signature database and its status, if it is published or not.
- Click the following:
Template—Downloads, installs, and loads a template. Enter information as specified in Table 218.
Note The Template option is available only for root users. It is not available for logical system users.
- Click the following:
Check Status—Checks download or install status. Enter information as specified in Table 219.
Note The Check Status option is available only for root users. It is not available for logical system users.
- Set Default—Sets the selected IPS policy from the policy list as the default policy. Once you set it as default, (default-policy) is displayed next to the policy name.
- Click one:
Add or +—Adds a new or duplicate IDP policy configuration. Enter information as specified in Table 220.
Edit or /—Edits the selected IDP policy configuration.
Delete or X—Deletes the selected IDP policy configuration.
- Click the following:
Clone—Clones or copies a policy. Select a record in the Policy List. Enter information as specified in Table 221.
- Click Activate to validate and activate the
configuration.
Note Starting Junos OS Release 18.2R1, Activate is unavailable.
- Click Deactivate to remove the IDP active policy
from the configuration.
Note Starting Junos OS Release 18.2R1, Deactivate is unavailable.
- Click one:
OK—Saves the configuration and returns to the main configuration page.
Commit Options>Commit—Commits the configuration and returns to the main configuration page.
Cancel—Cancels your entries and returns to the main configuration page.
Table 217: IDP Policy Configuration Page
Field | Function |
|---|---|
| Policy List Note: IDP policies that are created by root users in root-logical-system are not displayed in security profile advanced settings if you have logged in as a logical system user. | |
Status | Displays the status of the policy. |
Name | Displays the IDP policy name. |
Type | Displays the IDP policy type. |
IPS Rule Number | Displays the number of rule based IP profiles that are configured. |
Exempt Rule Number | Displays the number of rule based exempt profiles that are configured. |
Table 218: Template Details
| Field | Function | Action |
|---|---|---|
Template | Loads a predefined IDP template. The options available are:
| Click Template and select an option. |
Table 219: Check Status Details
| Field | Function | Action |
|---|---|---|
Check Status | Checks download or install status. The options available are:
| Click Check Status and select an option. |
Table 220: Add IDP Policy Configuration Details
| Field | Function | Action |
|---|---|---|
Policy Name | Specifies the name of the IDP policy. | Enter a policy name. |
Activate | Specifies whether or not the configured IDP policy is set as the active policy. | Select the check box. |
IPS Rule | Specifies the IPS rule created. The options available are:
| Select an option. |
| Basic | ||
Policy Name | Specifies the name of the IDP policy. | Displays the name of the IDP policy. |
Rule Name | Specifies the name of the IPS rulebase rule. | Enter a rule name. |
Rule Description | Specifies a description for the rule. | Enter the description for the rule. |
Action | Specifies the list of all the rule actions for IDP to take when the monitored traffic matches the attack objects specified in the rules. | Select a rule action from the list. |
Application | Specifies the list of one or multiple configured applications. | Select the applications to be matched. |
Attack Type | Specifies the attack type that you do not want the device to match in the monitored network traffic. The options available are:
| Select an option from the list and click the right arrow to match an attack object or attack group to the rule. |
Category | Specifies the category used for scrutinizing rules of sets. | Select a category from the list. |
Severity | Specifies the rule severity levels in logging to support better organization and presentation of log records on the log server. | Select a severity level from the list. |
Direction | Specifies the direction of network traffic you want the device to monitor for attacks. | Select a direction level from the list. |
Matched | Specifies the type of network traffic you want the device to monitor for attacks. | Select the traffic type and click the right arrow to move it to the matched list. |
| Advanced | ||
IP Action | Specifies the action that IDP takes against future connections that use the same IP address. | Select an IP action from the list. |
IP Target | Specifies the destination IP address. | Select an IP target from the list. |
Timeout | Specifies the number of seconds the IP action should remain effective before new sessions are initiated within that specified timeout value. | Enter the timeout value, in seconds. The maximum value is 65,535 seconds. |
Log IP Action | Specifies whether or not the log attacks are enabled to create a log record that appears in the log viewer. | Select the check box. |
Enable Attack Logging | Specifies whether or not the configuring attack logging alert is enabled. | Select the check box. |
Set Alert Flag | Specifies whether or not an alert flag is set. | Select the check box. |
Severity | Specifies the rule severity level. | Select an option from the list. |
Terminal | Specifies whether or not the terminal rule flag is set. | Select the check box. |
| Match | ||
From Zone | Specifies the match criteria for the source zone for each rule. | Select the match criteria from the list. |
To Zone | Specifies the match criteria for the destination zone for each rule. | Select the match criteria from the list. |
Source Address | Specifies the zone exceptions for the from-zone and source address for each rule. The options available are:
| Select the from-zone and source addresses/address sets from the list and do one of the following:
|
Destination Address | Specifies the zone exceptions for the to-zone and destination address for each rule. The options available are:
| Select the to-zone and destination addresses/address sets from the list and do one of the following:
|
Table 221: Clone Details
| Field | Function | Action |
|---|---|---|
Copy Policy | Displays the policy name that was created. | — |
New Policy | Specifies the new policy name. | Enter a new policy name. |