Navigation
Table of Contents
Guide That Contains This Content
[+] Expand All
[-] Collapse All
Related Documentation
- J Series
- Understanding Predefined IDP Policy Templates
- Example: Defining Rules for an IDP IPS Rulebase
- Example: Defining Rules for an IDP Exempt Rulebase
- SRX Series
- Understanding Predefined IDP Policy Templates
- Example: Defining Rules for an IDP IPS Rulebase
- Example: Defining Rules for an IDP Exempt Rulebase
- Additional Information
- Junos OS Feature Support Reference for SRX Series and J Series Devices
Downloading and Using Predefined IDP Policy Templates (CLI Procedure)
Before you begin, configure network interfaces.
See the Junos OS Interfaces Configuration Guide for Security Devices .
To download and use a predefined policy template:
- Download the script file templates.xml to the/var/db/idpd/sec-download/sub-download directory.
This script file contains predefined IDP policy templates.user@host> request security idp security-package download policy-templates
- Copy the templates.xml file
to the /var/db/scripts/commit directory and rename it to templates.xsl.user@host> request security idp security-package install policy-templates
- Enable the templates.xsl scripts
file. At commit time, the Junos OS management process (mgd) looks
in the /var/db/scripts/commit directory for scripts and runs
the script against the candidate configuration database to ensure
the configuration conforms to the rules dictated by the scripts. user@host# set system scripts commit file templates.xsl
- Commit the configuration. Committing the configuration saves the downloaded templates to the Junos OS configuration database and makes them available in the CLI at the [edit security idp idp-policy] hierarchy level.
- Display the list of downloaded templates.
user@host#set security idp active-policy ?Possible completions: <active policy> Set active policy DMZ_Services DNS_Service File_Server Getting_Started IDP_Default Recommended Web_Server
- Activate the predefined policy. The following statement
specifies the Recommended predefined IDP policy
as the active policy:user@host# set security idp active-policy Recommended
- Delete or deactivate the commit script
file. By deleting the commit script file, you avoid the risk of overwriting
modifications to the template when you commit the configuration. Run
one of the following commands: user@host# delete system scripts commit file templates.xsl user@host# deactivate system scripts commit file templates.xsl
- If you are finished configuring the device, commit the configuration.
- You can verify the configuration by using the show security idp status command. For more information, see the Junos OS CLI Reference.
Related Documentation
- J Series
- Understanding Predefined IDP Policy Templates
- Example: Defining Rules for an IDP IPS Rulebase
- Example: Defining Rules for an IDP Exempt Rulebase
- SRX Series
- Understanding Predefined IDP Policy Templates
- Example: Defining Rules for an IDP IPS Rulebase
- Example: Defining Rules for an IDP Exempt Rulebase
- Additional Information
- Junos OS Feature Support Reference for SRX Series and J Series Devices
