[Contents] [Prev] [Next] [Index] [Report an Error]

Setting Terminal Rules in Rulebases

By default, rules in the IDP rulebase are not terminal. That means that IDP examines all rules in the rulebase and executes all matches. You can specify that a rule is terminal; if IDP encounters a match for the source, destination, and service specified in a terminal rule, it does not examine any subsequent rules for that connection.

Before You Begin
For background information, read: IDP Policies Overview Understanding IDP Policy Rulebases Understanding IDP Terminal Rules Establish basic connectivity. For more information, see the Getting Started Guide for your device. Configure network interfaces. See the JUNOS Software Interfaces and Routing Configuration Guide. Enable IDP application services in a security policy. See Enabling IDP in a Security Policy. Create security zones. See Creating Security Zones. Define rules. See Defining Rules for an IPS Rulebase.

Before You Begin

For background information, read:
Establish basic connectivity. For more information, see the Getting Started Guide for your device.
Configure network interfaces. See the JUNOS Software Interfaces and Routing Configuration Guide.
Enable IDP application services in a security policy. See Enabling IDP in a Security Policy.
Create security zones. See Creating Security Zones.
Define rules. See Defining Rules for an IPS Rulebase.

The configuration statements in this topic describe how to define terminal rules. You define a rule R2 to terminate the match algorithm if the source IP of the traffic originates from a known trusted network in your company. If this rule is matched, IDP disregards traffic from the trusted network and does not monitor the session for malicious data.

You can use either J-Web or the CLI configuration editor to configure terminal rules.

This topic contains:

[Contents] [Prev] [Next] [Index] [Report an Error]