[Contents] [Prev] [Next] [Index] [Report an Error]

J-Web Configuration

To define rules for an IPS rulebase:

  1. Create a policy by assigning a meaningful name to it. The following tasks specify base-policy as the policy name:
    1. Select Configuration>View and Edit>Edit Configuration. The Configuration page appears.
    2. Next to Security, click Configure or Edit.
    3. Next to Idp, click Configure.
    4. Next to Idp policy, click Add new entry.
    5. In the Policy name box, type base-policy.
  2. Associate a rulebase with the policy and add rules to the rulebase. The following tasks associate an IPS rulebase with base-policy and add rule R1 to the rulebase.
    1. Next to Rulebase ips, click Configure.
    2. Next to Rule, click Add new entry.
    3. In the Name box, type R1.
  3. Define the match criteria for the rule. The following tasks specify that traffic from trust zone to untrust zone as match criteria for rule R1. The default application setting matches any application configured in the attack object.
    1. Next to Match, click Configure.
    2. From the From zone list, select Enter specific value and type trust in the Zone box.
    3. From the To zone list, select Enter specific value and type untrust in the Zone box.
    4. From the Source list, select Source address.
    5. Next to Source address, click Add new entry.
    6. From the Value list, select Any and click OK.
    7. From the Destination list, select Destination address.
    8. Next to Destination address, click Add new entry.
    9. From the Value list, select Any and click OK.
    10. Next to Application, click Add new entry.
    11. From the Value list, select default and click OK.
  4. Define an attack as match criteria. The following tasks specify predefined attack group Critical - TELNET as match criteria for rule R1.
    1. On the Rule R1 page, next to Match, click Configure.
    2. Next to Attacks, click Configure.
    3. Next to Predefined attack groups, click Add new entry.
    4. In the Value box, type “Critical - TELNET” and click OK.
  5. Specify an action for the rule. The following tasks specify that the connection be dropped for any traffic that matches the criteria defined for rule R1:
    1. On the Rule R1 page, next to Then, click Configure.
    2. Next to Action, click Configure.
    3. From the Action list, select Drop connection and click OK.
  6. Specify notification and logging options for the rule. The following tasks enable logging for this attack and specify that an alert flag be added to the attack log:
    1. On the Rule R1 page, next to Then, click Configure.
    2. Next to Notification, select the check box and click Configure.
    3. Next to Log attacks, select the check box and click Configure.
    4. Next to Alert, select the check box and click OK.
  7. Set the severity level for the rule. The following tasks set a critical severity level for rule R1:
    1. On the Rule R1 page, next to Then, select Configure or Edit.
    2. From the Severity list, select critical and click OK.
  8. Activate the policy. The following tasks specify base-policy as the active policy:
    1. On the Idp page, in the Active-policy box, type base-policy.
    2. Click OK.
  9. If you are finished configuring the device, commit the configuration.
[Contents] [Prev] [Next] [Index] [Report an Error]

Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice.