idp-policy

Syntax

idp-policy policy-name {rulebase-exempt {rule rule-name {description text ;match {application [ application-name ];attacks {custom-attacks [ attack-name ];predefined-attack-groups [ attack-name ];predefined-attacks [ attack-name ];}destination-address [ address-name ];destination-except [ address-name ];from-zone zone-name ;source-address [ address-name ];source-except [ address-name ];to-zone zone-name ;}}}rulebase-ips {rule rule-name {description text ;match {attacks {custom-attacks [ attack-name ];predefined-attack-groups [ attack-name ];predefined-attacks [ attack-name ];}destination-address [ address-name ];destination-except [ address-name ];from-zone zone-name ;source-address [ address-name ];source-except [ address-name ];to-zone zone-name ;}terminal;then {action {(close-client | close-client-and-server | close-server |drop-connection | drop-packet | ignore-connection | mark-diffserv value | no-action | recommended);}ip-action {(ip-block | ip-close | ip-notify);log;target (destination-address | service | source-address | source-zone | zone-service);timeout seconds;}notification {log-attacks {alert;(}packet-log {pre-attack number;post-attack number;post-attack-timeout seconds;}}severity (critical | info | major | minor | warning);}}}}

Hierarchy Level

[edit security idp]

Release Information

Statement introduced in Release 9.2 of Junos OS.

Description

Configure a security IDP policy.

Options

policy-name —Name of the IDP policy.

The remaining statements are explained separately.

Usage Guidelines

For configuration instructions and examples, see the Junos OS Security Configuration Guide.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.