Example: Configuring IDP Protocol Decoders (CLI)

The configuration instructions in this topic provide a tunable context configuration example for one protocol decoder, FTP.

To configure protocol decoder tunables, refer to the following information:

1. View the list of protocols that have tunable parameters by entering the following command.
   user@host # set security idp sensor-configuration detector protocol-name
2. To configure tunable parameters for the protocol in question (in this case, FTP), enter the following:
   user@host # set security idp sensor-configuration detector protocol-name ftp tunable-name ftp_failed_logins tunable-value 4user@host # set security idp sensor-configuration detector protocol-name ftp tunable-name ftp_failed_flags tunable value 1user@host # set security idp sensor-configuration detector protocol-name ftp tunable-name ftp_line_length tunable-value 1024user@host # set security idp sensor-configuration detector protocol-name ftp tunable-name ftp_password_length tunable-value 64user@host # set security idp sensor-configuration detector protocol-name ftp tunable-name ftp_sitestring_length tunable-value 512user@host # set security idp sensor-configuration detector protocol-name ftp tunable-name ftp_username_length tunable-value 32

Related Topics

• Junos OS Feature Support Reference for SRX Series and J Series Devices
• Understanding IDP Protocol Decoders
• Understanding Multiple IDP Detector Support
• Understanding IDP Signature-Based Attacks