Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Configuring Infranet Controller Sensor Settings for Connecting to a Standalone IDP Device (NSM Procedure)

    You can specify system settings that the Infranet Controller uses to establish a connection to a Juniper Networks Intrusion Detection and Prevention (IDP) device. The sensor settings allow you to perform a number of tasks related to configuring and managing interaction between the Infranet Controller and an IDP device.

    1. Creating an IDP Device Entry
    2. Enabling or Disabling the Connection to an Existing IDP Device

    Creating an IDP Device Entry

    In IDP versions prior to 5.0, the Infranet Controller sends only the user IP address. With version 5.0, the Infranet Controller sends session information including the user, role, and IP address. This allows you to configure more granulated IDP policies based on roles in IDP.

    To create an IDP device entry:

    1. In the NSM navigation tree, select Device Manager > Devices.
    2. Click the Device Tree tab, and then double-click the Infranet Controller device on which you want to configure a new IDP device entry.
    3. Click the Configuration tab. In the configuration tree, select System > Configuration > Sensors.
    4. Select the Sensors tab. The corresponding workspace appears.
    5. Add or modify settings as specified in Table 1.
    6. Click one:
      • OK—Saves the changes.
      • Cancel—Cancels the modifications.

    Table 1: New IDP Device Entry Configuration Details

    Option

    Function

    Your Action

    Name

    Specifies the name used to identify the new connection entry.

    Enter a name for the new connection entry.

    Hostname

    Specifies the hostname or IP address of the IDP device to which the Infranet Controller connects to receive application and resource attack alert messages.

    Enter the hostname or IP address.

    TCP Port

    Specifies the TCP port on the IDP device to which the Infranet Controller listens when receiving application and resource attack alert messages.

    Enter the TCP port number.

    One Time Password

    Specifies the encrypted password the Infranet Controller uses when conducting the initial Transport Layer Security (TLS) handshake with the IDP device.

    Enter the encrypted Infranet Controller OTP password as displayed on the IDP ACM configuration summary screen.

    Note: The hostname, TCP port, and one-time password must already be configured on the IDP device before this configuration can be successful.

    Addresses to monitor

    Reports attack information only for the specified IP addresses.

    Enter the individual IP addresses and address ranges, one entry per line. Enter the subnet address in network format 0.0.0.0/0.

    Severity Filter

    Specifies the severity level, which is a number on a scale from 1 to 5, where 1 is informational and 5 is critical.

    Select a severity level between 1 and 5.

    Enabling or Disabling the Connection to an Existing IDP Device

    To enable or disable existing IDP device entries on the Infranet Controller:

    1. In the NSM navigation tree, select Device Manager > Devices.
    2. Click the Device Tree tab, and then double-click the Infranet Controller device on which you want to enable or disable the IDP device.
    3. Click the Configuration tab. In the configuration tree, select System > Configuration > Sensors.
    4. Select the Sensors tab. The corresponding workspace appears.
    5. Click the IDP device entry you want to enable or disable.
    6. From the IDP device workspace, select the Enable/Disable Sensor option.
    7. Click one:
      • OK—Saves the changes.
      • Cancel—Cancels the modifications.

    Published: 2012-11-28