Basic Portal Properties

In the WEB-INF/portal.props file, you can modify the following properties. These properties specify how the portal uses records received from IDP.

Attack.Record.number

• Maximum number of incident records to be stored for use by the IDP captive portal.
• Value—Integer in the range 1–2147483648
• Default—100

Attack.Record.removeStep

• Number of records to be deleted when the number of records stored reaches the limit specified by the Attack.Record.number property. The records are sequentially removed, starting with the oldest record, then the next oldest, and so forth.
• Value—<number>
• Guidelines—This number must be less than the value configured for Attack.Record.number.
• Default—10

DateTime.Format

• Format in which to display the date and time of an incident.
• Value—yyyy/MM/dd hh:mm:ss, where yyyy represents the year, MM the month, dd the day, hh the hour, mm the minute, and ss the second
• Guidelines—For more information about this property, including its value see

  http://java.sun.com/j2se/1.4.2/docs/api/java/text/SimpleDateFormat.html

• Default—No value

<incident-name>

• Name of a parameter that indicates the type of security incident encountered, and provides a description of the parameter.
• Value—<parameter>=<description>
• Guidelines—Enter the parameter and description in the section ” Attack Name and the corresponding description.”

  For information about security parameters, see the IDP documentation at

  http://www.juniper.net/techpubs/software/management/idp/

• Default—No value
• Example

  ICMP.EXPLOIT.FLOOD = Network traffic that is flooded by ICMP Echo Request Packet

  TROJAN.AUTOPROXY.INFECTED-HOST = AutoProxy trojan attempts to contact a master server and register the IP address and open ports of the infected host

Attack.Captive.service

• Name of the service for the IDP captive portal. The IDP management server activates this service for subscribers who receive or send malicious traffic. If you use a “ remind me later” control on the Web page and the subscriber selects this control, the portal deactivates this service and schedules service activation for a later time. If you use a “ don't show this page again” control and the subscriber selects this control, the portal deactivates this service.
• Value—<service name>
• Default—Quarantine

Attack.showRemindLater

• Specifies whether the IDP captive portal page provides the Remind me again in field. This field lets subscribers specify a time at which the portal reminds them of the security incident.
• Value—true or false
• Default—true

Attack.showIgnore

• Specifies whether the IDP captive portal page provides the Don’t show this page again field. The field lets subscribers stop display of the captive portal page for incidents that have already been detected. The portal displays another page when another incident occurs.
• Value—true or false
• Default—true

Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice.