Applying Services to Subscribers Associated with Problem Traffic

You can configure services to control subscriber traffic, such as limiting bandwidth available to a subscriber, in response to detection of malicious traffic sent or received by a subscriber. The following procedure describes how to configure policies to decrease the amount of bandwidth available to the subscriber and to redirect subscriber Web requests to an IDP captive portal as implemented in the sample data. You can also create separate services or a service for only one of these actions.

To limit bandwidth and redirect subscriber Web requests to a captive portal:

1. In Policy Editor, create a policy that defines an action to be taken, such as a policy that limits a subscriber’s bandwidth and redirects Web requests to a captive portal.

   For a sample policy group, see policyGroupName=Quarantine, ou=idp, o=Policies, o=UMC in the sample data.

2. (Optional) In SDX Admin, create a scope for the services that define actions to be taken in response to IDP rules configured in IDP.
3. If you created a scope in Step 2:
   1. In that scope, create a service that defines actions to be taken in response to IDP rules. Then set the type to normal, and specify the policy group configured in Step 1.

      For a sample service, see serviceName=Quarantine, l=IDP-Subscriber, o=Scopes, o=umc in the sample data.

   2. Assign the scope to a subscriber folder to make the service available to subscribers.
4. Create service subscriptions for subscribers. In the sample data, we create a subscription at the folder level to allow all subscribers in the folder to inherit the subscription.

   For a sample implementation, see serviceName=Quarantine, ou=subscribers, retailerName=SP-IDP, o=Users, o=umc in the sample data.

Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice.