Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Example: Configuring an IDP Policy for a User Logical System

    The master administrator can either download predefined IDP policies to the device or configure custom IDP policies at the root level using custom or predefined attack objects. The master administrator is responsible for assigning an IDP policy to a user logical system. This example shows how to assign a predefined IDP policy to a user logical system.

    Requirements

    Before you begin:

    Overview

    The predefined IDP policy named Recommended contains attack objects recommended by Juniper Networks. All rules in the policy have their actions set to take the recommended action for each attack object. You add the Recommended IDP policy to the ls-design-profile, which is bound to the ls-product-design user logical system shown in Example: Creating User Logical Systems, Their Administrators, Their Users, and an Interconnect Logical System.

    Configuration

    CLI Quick Configuration

    To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

    set system security-profile ls-design-profile idp-policy Recommended

    Step-by-Step Procedure

    The following example requires you to navigate various levels in the configuration hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration Mode in the Junos OS CLI User Guide PDF Document.

    To add a predefined IDP policy to a security profile for a user logical system:

    1. Log in to the master logical system as the master administrator and enter configuration mode.
      [edit]admin@host> configureadmin@host#
    2. Add the IDP policy to the security profile.
      [edit system security-profile]admin@host# set ls-design-profile idp-policy Recommended

    Results

    From configuration mode, confirm your configuration by entering the show security idp and show system security-profile ls-design-profile commands. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.

    [edit]admin@host# show security idpidp-policy Recommended {...}[edit]admin@host# show system security-profile ls-design-profilepolicy {...}idp-policy Recommended;logical-system ls-product-design;

    If you are done configuring the device, enter commit from configuration mode.

    Verification

    Verifying the Configuration

    Purpose

    Verify the IDP policy assigned to the logical system.

    Action

    From operational mode, enter the show security idp logical-system policy-association command. Ensure that the IDP policy in the security profile that is bound to the logical system is correct.

    admin@host> show security idp logical-system policy-association
    Logical system         IDP policy 
    ls-product-design      Recommended

    Published: 2012-06-29