Configuring the vGW Series and IDP Inter-operation

Juniper Networks IDP Series Intrusion Detection and Prevention Appliances provides features that protect the network from a wide range of attacks. Using stateful intrusion detection and prevention techniques, the IDP Series provides protection against worms, trojans, spyware, keyloggers, and other malware. Its feature set includes stateful signature detection, protocol and anomaly detection, QoS/DiffServ marking, VLAN-aware rules, role-based administration, separation of domains and management activities, IDP Reporter, and traffic pattern profiling.

Before you configure interoperability between the vGW Series and IDP, you must configure the Intrusion Detection System as an external inspection device and configure an appropriate redirection rule for it using the Global section of the Security Settings module.

The External Inspection Devices screen allows you to enter the name and IP address of the device to which traffic is sent for further analysis.

To configure the vGW Series and IDP inter-operation:

  1. Log into the NSM for your environment.
  2. Create a Security Policy for the Inter-VM communication:
    1. In the notification section of the policy, select Logging.
    2. Enable the policy for traffic between any source and destination.
    3. Set the action to None.

      You can inspect traffic anomalies between VMs using this security policy.

  3. Enable GRE Decapsulation support on the IDS Device for which you created the security policy.
  4. Select Device Manager -> Security Devices.
  5. Select Sensor Settings -> Run-Time Parameters.
  6. Select Enable GRE decapsulation support.

To verify that you set the parameter correctly, enter the following command on the command line of the IDP device:

user@host# scio const -s s0 get sc_gre_decapsulation

After you have completed these steps, you can test the configuration. Once the above steps are complete (including the creation of the External Inspection Device and relevant security policy in vGW Security Design VM) you can test the configuration by triggering any attack in the Juniper Networks database.

Related Documentation