Understanding IDP Policy Rulebases

Intrusion Detection and Prevention (IDP) policies are collections of rules and rulebases. A rulebase is an ordered set of rules that use a specific detection method to identify and prevent attacks.

Rules are instructions that provide context to detection mechanisms by specifying which part of the network traffic the IDP system should look in to find attacks. When a rule is matched, it means that an attack has been detected in the network traffic, triggering the action for that rule. The IDP system performs the specified action and protects your network from that attack.

Each rulebase can have multiple rules—you determine the sequence in which rules are applied to network traffic by placing them in the desired order. Each rulebase in the IDP system uses specific detection methods to identify and prevent attacks. Junos OS supports two types of rulebases—intrusion prevention system (IPS) rulebase and exempt rulebase.

Related Topics

• Junos OS Feature Support Reference for SRX Series and J Series Devices
• Understanding IDP Policy Rules
• Understanding IDP Application-Level DDoS Rulebases
• Understanding IDP IPS Rulebases
• Understanding IDP Exempt Rulebases
• Example: Inserting a Rule in the IDP Rulebase
• Example: Deactivating and Activating Rules in an IDP Rulebase