Monitoring Security Features

Combo Options

From Zone

Name of the source zone.

To Zone

Name of the destination zone.

Filter

Filters the policy according to the selected From and To zones and displays only the related policies.

Total Policies

Number of policies listed in the policy list pane including the default policy.

Default policy

Actions the device takes for a packet that does not match any user-defined policy:

• permit-all—Permit all traffic that does not match a policy.
• deny-all—Displays the configured default-policy.

Policy List Pane

From Zone

Name of the source zone.

To Zone

Name of the destination zone.

Name

Name of the policy.

Source Address

Names of the source addresses for a policy. Address sets are resolved to their individual names. (In this case, only the names are given, not their IP address).

Destination Address

Name of the destination address (or address set) as it was entered in the destination zone’s address book. A packet’s destination address must match this value for the policy to apply to it.

Applications

Name of a preconfigured or custom application whose type the packet matches, as specified at configuration time.

Action

Permitting application services under a policy results in permitting the following possibilities:

• gprs-gtp-profile— Specify GPRS Tunneling Protocol profile name
• idp— Performs Intrusion detection and prevention
• redirect-wx— Sets WX redirection
• reverse-redirect-wx— Sets WX reverse redirection
• uac-policy — Enables unified access control enforcement of policy

Count

Enables a counter and records the number of packets hitting the particular policy, such as the input and output packets and bytes.

Log

Indicates the log options for log session. The options are:

• Session initialization
• Session close
• Both

ICMP Flood

Internet Control Message Protocol (ICMP) flood counter.

An ICMP flood typically occurs when ICMP echo requests use all resources in responding, such that valid network traffic can no longer be processed.

UDP Flood

User Datagram Protocol (UDP) flood counter.

UDP flooding occurs when an attacker sends IP packets containing UDP datagrams with the purpose of slowing down the resources, such that valid connections can no longer be handled.

TCP Winnuke

Number of Transport Control Protocol (TCP) WinNuke attacks.

WinNuke is a denial-of-service (DoS) attack targeting any computer on the Internet running Windows.

TCP Port Scan

Number of TCP port scans.

The purpose of this attack is to scan the available services in the hopes that at least one port will respond, thus identifying a service to target.

ICMP Address Sweep

Number of ICMP address sweeps.

An IP address sweep can occur with the intent of triggering responses from active hosts.

IP Tear Drop

Number of teardrop attacks.

Teardrop attacks exploit the reassembly of fragmented IP packets.

TCP SYN Attack

Number of TCP SYN attacks.

IP Spoofing

Number of IP spoofs.

IP spoofing occurs when an invalid source address is inserted in the packet header to make the packet appear to come from a trusted source.

ICMP Ping of Death

ICMP ping of death counter.

Ping of death occurs when IP packets are sent that exceed the maximum legal length (65,535 bytes).

IP Source Route

Number of IP source route attacks.

TCP Land Attack

Number of land attacks.

Land attacks occur when attacker sends spoofed SYN packets containing the IP address of the victim as both the destination and source IP address.

TCP SYN Fragment

Number of TCP SYN fragments.

TCP No Flag

Number of TCP headers without flags set.

A normal TCP segment header has at least one control flag set.

IP Unknown Protocol

Number of unknown Internet protocols.

IP Bad Options

Number of invalid options.

IP Record Route Option

Number of packets with the IP record route option enabled.

This option records the IP addresses of the network devices along the path that the IP packet travels.

IP Timestamp Option

Number of IP timestamp option attacks.

This option records the time (in Universal Time) when each network device receives the packet during its trip from the point of origin to its destination.

IP Security Option

Number of IP security option attacks.

IP Loose route Option

Number of IP loose route option attacks.

This option specifies a partial route list for a packet to take on its journey from source to destination.

IP Strict Source Route Option

Number of IP strict source route option attacks.

This option specifies the complete route list for a packet to take on its journey from source to destination.

IP Stream Option

Number of stream option attacks.

This option provides a way for the 16-bit SATNET stream identifier to be carried through networks that do not support streams.

ICMP Fragment

Number of ICMP fragments.

Because ICMP packets contain very short messages, there is no legitimate reason for ICMP packets to be fragmented. If an ICMP packet is so large that it must be fragmented, something is amiss.

ICMP Large Packet

Number of large ICMP packets.

TCP SYN FIN Packet

Number of TCP SYN FIN packets.

TCP FIN without ACK

Number of TCP FIN flags without the acknowledge (ACK) flag.

TCP SYN-ACK-ACK Proxy

Number of TCP flags enabled with SYN-ACK-ACK.

To prevent flooding with SYN-ACK-ACK sessions, you can enable the SYN-ACK-ACK proxy protection screen option. After the number of connections from the same IP address reaches the SYN-ACK-ACK proxy threshold, Junos OS rejects further connection requests from that IP address.

IP Block Fragment

Number of IP block fragments.

Status of IDP

Displays the status of the current IDP policy.

Up Since

Displays the time from when the IDP policy first began running on the system.

Packets/Second

Displays the number of packets received and returned per second.

Peak

Displays the maximum number of packets received per second and the time when the maximum was reached.

Kbits/Second

Displays the aggregated throughput (kilobits per second) for the system.

Peak Kbits

Displays the maximum kilobits per second and the time when the maximum was reached.

Latency (Microseconds)

Displays the delay, in microseconds, for a packet to receive and return by a node .

Current Policy

Displays the name of the current installed IDP policy.

Displays the status of all IDP data plane memory.

PIC Name

Displays the name of the PIC.

Total IDP Data Plane Memory (MB)

Displays the total memory space, in megabytes, allocated for the IDP data plane.

Used (MB)

Displays the used memory space, in megabytes, for the data plane.

Available (MB)

Displays the available memory space, in megabytes, for the data plane.

Unicast-sessions

Total number of active unicast sessions.

Multicast-sessions

Total number of active multicast sessions.

Failed-sessions

Total number of failed sessions.

Active-sessions

Total number of active sessions.

Maximum-sessions

Maximum number of supported sessions.

Session ID

Number that identifies the session. Use this ID to get more information about the session.

Policy name

Policy that permitted the traffic.

Timeout

Idle timeout after which the session expires.

In

Incoming flow (source and destination IP addresses, application protocol, and interface).

Out

Reverse flow (source and destination IP addresses, application protocol, and interface).

Session ID

Number that identifies the session. Use this ID to get more information about the session.

Policy name

Policy that permitted the traffic.

Timeout

Idle timeout after which the session expires.

In

Incoming flow (source and destination IP addresses, application protocol, and interface).

Out

Reverse flow (source and destination IP addresses, application protocol, and interface).

Session ID

Number that identifies the session. Use this ID to get more information about the session.

Policy name

Policy that permitted the traffic.

Timeout

Idle timeout after which the session expires.

In

Incoming flow (source and destination IP addresses, application protocol, and interface).

Out

Reverse flow (source and destination IP addresses, application protocol, and interface).

Session ID

Number that identifies the session. Use this ID to get more information about the session.

Policy name

Policy that permitted the traffic.

Timeout

Idle timeout after which the session expires.

In

Incoming flow (source and destination IP addresses, application protocol, and interface).

Out

Reverse flow (source and destination IP addresses, application protocol, and interface).

Session ID

Number that identifies the session. Use this ID to get more information about the session.

Policy name

Policy that permitted the traffic.

Timeout

Idle timeout after which the session expires.

In

Incoming flow (source and destination IP addresses, application protocol, and interface).

Out

Reverse flow (source and destination IP addresses, application protocol, and interface).

Session ID

Number that identifies the session. Use this ID to get more information about the session.

Policy name

Policy that permitted the traffic.

Timeout

Idle timeout after which the session expires.

In

Incoming flow (source and destination IP addresses, application protocol, and interface).

Out

Reverse flow (source and destination IP addresses, application protocol, and interface).

Session ID

Number that identifies the session. Use this ID to get more information about the session.

Policy name

Policy that permitted the traffic.

Timeout

Idle timeout after which the session expires.

Resource information

Information about the session particular to the resource manager, including the name of the ALG, the group ID. and the resource ID.

In

Incoming flow (source and destination IP addresses, application protocol, and interface).

Out

Reverse flow (source and destination IP addresses, application protocol, and interface).

Session ID

Number that identifies the session. Use this ID to get more information about the session.

Status

Session status.

Flag

Internal flag depicting the state of the session, used for debugging purposes.

Virtual system

Virtual system to which the session belongs.

Policy name

Name and ID of the policy that the first packet of the session matched.

Maximum timeout

Maximum session timeout.

Current timeout

Remaining time for the session unless traffic exists in the session.

Start time

Time when the session was created, offset from the system start time.

Duration

Length of time for which the session is active.

In

For the input flow:

• Source and destination addresses and protocol tuple for the input flow.
• Interface: Input flow interface.
• Session token: Internal token derived from the virtual routing instance.
• Flag: Internal debugging flags.
• Route: Internal next hop of the route to be used by the flow.
• Gateway: Next-hop gateway of the flow.
• Tunnel: If the flow is going into a tunnel, the tunnel ID. Otherwise, 0 (zero).
• Port Sequence, FIN sequence, FIN state, Cookie: Internal TCP state tracking information.

Out

For the reverse flow:

• Source and destination addresses and protocol tuple for the input flow.
• Interface: Input flow interface.
• Session token: Internal token derived from the virtual routing instance.
• Flag: Internal debugging flags.
• Route: Internal next hop of the route to be used by the flow.
• Gateway: Next-hop gateway of the flow.
• Tunnel: If the flow is going into a tunnel, the tunnel ID. Otherwise, 0 (zero).
• Port Sequence, FIN sequence, FIN state, Cookie: Internal TCP state tracking information.

Session ID

Number that identifies the session. Use this ID to get more information about the session.

Policy name

Policy that permitted the traffic.

Timeout

Idle timeout after which the session expires.

In

Incoming flow (source and destination IP addresses, application protocol, and interface).

Out

Reverse flow (source and destination IP addresses, application protocol, and interface).

Session ID

Number that identifies the session. Use this ID to get more information about the session.

Policy name

Policy that permitted the traffic.

Timeout

Idle timeout after which the session expires.

In

Incoming flow (source and destination IP addresses, application protocol, and interface).

Out

Reverse flow (source and destination IP addresses, application protocol, and interface).

Session ID

Number that identifies the session. Use this ID to get more information about the session.

Policy name

Policy that permitted the traffic.

Timeout

Idle timeout after which the session expires.

In

Incoming flow (source and destination IP addresses, application protocol, and interface).

Hole

Range of flows permitted by the pinhole.

Translated

Tuples used to create the session if it matches the pinhole:

• Source address and port
• Destination address and port

Protocol

Application protocol, such as UDP or TCP.

Application

Name of the application.

Age

Idle timeout for the pinhole.

Flags

Internal debug flags for pinhole.

Zone

Incoming zone.

Reference count

Number of resource manager references to the pinhole.

Resource

Resource manager information about the pinhole.

Total users in table

Number of users in the authentication table.

ID

Authentication identification number.

Source Ip

IP address of the authentication source.

Age

Idle timeout for the user.

Status

Status of authentication (success or failure).

user

Name of the user.

Source Zone

Name of the source zone.

Destination Zone

Name of the destination zone.

profile

Name of the profile.

Users information.

Authentication method

Path chosen for authentication.

Policy Id

Policy Identifier.

Interface name

Name of the interface.

Bytes sent by this user

Number of packets in bytes sent by this user.

Bytes received by this user

Number of packets in bytes received by this user.

Client-groups

Name of the client group.

Entries from Source IP

IP address of the authentication source.

Source Zone

Name of the source zone.

Destination Zone

Name of the destination zone.

profile

Name of the profile.

Age

Idle timeout for the user.

Status

Status of authentication (success or failure).

user

Name of the user.

Authentication method

Path chosen for authentication.

Policy Id

Policy Identifier.

Interface name

Name of the interface.

Bytes sent by this user

Number of packets in bytes sent by this user.

Bytes received by this user

Number of packets in bytes received by this user.

Client-groups

Name of the client group.

Total authentications

Number of authentication.

ID

Identification number.

Source Ip

IP address of the authentication source.

Start Date

Authentication date.

Start Time

Authentication time.

Duration

Authentication duration.

Status

Status of authentication (success or failure).

User

Name of the user.

Authentication method

Path chosen for authentication.

Policy Id

Security policy identifier.

Source zone

Name of the source zone.

Destination Zone

Name of the destination zone.

Interface name

Name of the interface.

Bytes sent by this user

Number of packets in bytes sent by this user.

Bytes received by this user

Number of packets in bytes received by this user.

Client-groups

Name of the client group.

User

Name of the user.

Start Date

Authentication date.

Start Time

Authentication time.

Duration

Authentication duration.

Status

Status of authentication (success or failure).

Profile

Name of the profile.

Authentication method

Path chosen for authentication.

Policy Id

Security policy identifier.

Source zone

Name of the source zone.

Destination Zone

Name of the destination zone.

Interface name

Name of the interface.

Bytes sent by this user

Number of packets in bytes sent by this user.

Bytes received by this user

Number of packets in bytes received by this user.

Client-groups

Name of the client group.

Select Port

List of ports for selection.

Number of connected hosts

Total number of hosts connected to the port.

Number of authentication bypassed hosts

Total number of authentication-bypassed hosts with respect to the port.

MAC Address

MAC address of the connected host.

User Name

Name of the user.

Status

Information about the host connection status.

Authentication Due

Information about host authentication.

MAC Address

MAC address of the authentication-failed host.

User Name

Name of the authentication-failed user.