Configure the Security Intelligence Policy on the SRX Series Device
Define a policy for infected hosts.
- Define a profile:
set services security-intelligence profile <profile_name> category Infected-Hosts
Example: set services security-intelligence profile ih-profile category Infected-Hosts
- Define rules for the profile and set the action:
set services security-intelligence profile <profile_name> rule <rule-name> match threat-level [threat level]
set services security-intelligence profile <profile_name> rule <rule-name> match threat-level [action options]
Note: Ten is the threat level category for infected hosts.
Examples: set services security-intelligence profile ih-profile rule secintelrule1 match threat-level 10
set services security-intelligence profile ih-profile rule secintelrule1 then action permit
- Define the security intelligence policy and link it with
the profile:
set services security-intelligence policy <policy-name> Infected-Hosts <profile_name>
Example: set services security-intelligence policy secintelpolicy1 Infected-Hosts ih-profile
- Enable the security intelligence policy in the firewall
policy:
set security policies from-zone <source zone name> to-zone <destination zone name> policy <firewall policy name> then permit application-services security-intelligence-policy<SecIntel policy name>
Example: set security policies from-zone source-zone1 to-zone dest-zone2 policy firewall-policy1 match source-address any
set security policies from-zone source-zone1 to-zone dest-zone2 policy firewall-policy1 match destination-address any
set security policies from-zone source-zone1 to-zone dest-zone2 policy firewall-policy1 match application any
set security policies from-zone source-zone1 to-zone dest-zone2 policy firewall-policy1 then permit application-services securityintelligence-policy secintel-policy1
