Related Documentation
- J Series
- Understanding IDP Policy Rules
- Understanding IDP Terminal Rules
- Understanding IDP Application Sets
- Understanding Custom Attack Objects
- Example: Enabling IDP in a Security Policy
- SRX Series
- Understanding IDP Policy Rules
- Understanding IDP Terminal Rules
- Understanding IDP Application Sets
- Understanding Custom Attack Objects
- Example: Enabling IDP in a Security Policy
- Additional Information
- Junos OS Feature Support Reference for SRX Series and J Series Devices
IDP Policies Overview
The Junos OS Intrusion Detection and Prevention (IDP) policy enables you to selectively enforce various attack detection and prevention techniques on network traffic passing through an IDP-enabled device. It allows you to define policy rules to match a section of traffic based on a zone, network, and application, and then take active or passive preventive actions on that traffic.
An IDP policy defines how your device handles the network traffic. It allows you to enforce various attack detection and prevention techniques on traffic traversing your network.
A policy is made up of rulebases and each rulebase contains a set of rules. You define rule parameters, such as traffic match conditions, action, and logging requirements, then add the rules to rule bases. After you create an IDP Policy by adding rules in one or more rulebases, you can select that policy to be the active policy on your device.
Junos OS allows you to configure multiple IDP policies, but a device can have only one active IDP policy at a time. You can install the same IDP policy on multiple devices, or you can install a unique IDP policy on each device in your network. A single policy can contain only one instance of any type of rulebase.
 | Note: IDP feature is enabled by default, no license is required. Custom attacks and custom attack groups in IDP policies can also be configured and installed even when a valid license and signature database are not installed on the device. |
You can perform the following tasks to manage IDP policies:
- Create new IDP policies starting from scratch. See Example: Defining Rules for an IDP IPS Rulebase.
- Create an IDP policy starting with one of the predefined templates provided by Juniper Networks (see Understanding Predefined IDP Policy Templates).
- Add or delete rules within a rulebase. You can use any
of the following IDP objects to create rules:
- Zone and network objects available in the base system
- Predefined service objects provided by Juniper Networks
- Custom application objects
- Predefined attack objects provided by Juniper Networks
- Create custom attack objects (see Example: Configuring IDP Signature-Based Attacks ).
- Update the signature database provided by Juniper Networks. This database contains all predefined objects.
- Maintain multiple IDP policies. Any one of the policies can be applied to the device.
Related Documentation
- J Series
- Understanding IDP Policy Rules
- Understanding IDP Terminal Rules
- Understanding IDP Application Sets
- Understanding Custom Attack Objects
- Example: Enabling IDP in a Security Policy
- SRX Series
- Understanding IDP Policy Rules
- Understanding IDP Terminal Rules
- Understanding IDP Application Sets
- Understanding Custom Attack Objects
- Example: Enabling IDP in a Security Policy
- Additional Information
- Junos OS Feature Support Reference for SRX Series and J Series Devices
