Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

IDP Policies Configuration

The Junos OS Intrusion Detection and Prevention (IDP) policy enables the administrator to selectively enforce various attack detection and prevention techniques on network traffic passing through an IDP-enabled device. It allows to define policy rules to match a section of traffic based on a zone, network, and application, and then take active or passive preventive actions on that traffic.

An IDP policy defines how the device handles the network traffic. It allows to enforce various attack detection and prevention techniques on traffic traversing the network.

A policy is made up of rule bases, and each rule base contains a set of rules. The administrator define rule parameters, such as traffic match conditions, action, and logging requirements, then add the rules to rule bases. After the administrator create an IDP policy by adding rules in one or more rule bases, the administrator can select that policy to be the active policy on the device.

Note:

The TSF shall perform analysis of IP-based network traffic forwarded to the TOE’s sensor interfaces, and detect violations of administratively-defined IPS policies.

The TOE is capable of inspecting all traffic passing through the TOE’s Gigabit Ethernet interfaces (inline mode). The inline mode deployment is default and no configuration is required. Each of these interfaces types can be assigned to Zones on which firewall and IDP policies are predicated. The Gigabit Ethernet interfaces are all session-reset capable when the 'close-client' action is configured in the idp-policy. The dedicated out-of-band management ‘fxp0’ interface (control plane), however, cannot be assigned to such security zones, are not subject to intrusion prevention and detection functions and are hence logically distinct from the sensor interfaces (data plane).

To configure the IDP Policies, perform the following steps:

  1. Enable IPS in a security policy. See Understanding IDP Policy Rules and Understanding IDP Policy Rule Bases .

  2. Configure IDP policy rules, IDP rule bases, and IDP rule actions. See Understanding IDP Policy Rules and Understanding IDP Policy Rule Bases.

  3. Configure IDP custom signatures.

  4. Update the IDP signature database.

  5. When the IDP hits a resource limit, the default behavior is to ignore the flow and let the flow pass without inspection. To avoid this behavior, configure the drop-on-limit option. This command ensures IDP attack inspection of all traffic and does not allow any traffic without inspection.