Understanding IDP Migration
This topic provides details on installing and configuring IDP.
For more information, see the following topics:
Initial Configuration Overview
Enabling a fully functional IPS service on SRX Series Firewalls includes the following basic configuration steps:
Basic Configurations
Configure basic networking, security, and access components (in most cases this will already be configured).
Configure and activate IPS policy.
Configure firewall policy to associate specific rules with IPS.
Download attack objects including sensor updates.
Configure logging.
Update security-package.
Verify configuration and test functionality.
Initial Configuration Assumptions
Before starting the IPS policy configuration, this document assumes that an initial networking configuration exists and that an admin user has full access to the SRX Series. Initial device configuration on our sample system is as follows:
user@ost > show configuration | display set set system root-authentication encrypted-password “$ABC123” set system name-server 1.2.3.4 set system login user mxb uid 2000 set system login user mxb class super-user set system login user mxb authentication encrypted-password “$123ABC” set system syslog user * any emergency set system syslog file messages any notice set system syslog file messages authorization info set system syslog file interactive-commands interactive-commands any set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval set interfaces fxp0 unit 0 family inet address 192.168.1.221/24 set routing-options static route 0.0.0.0/0 next-hop 192.168.1.1 set security idp security-package url https://signatures.juniper.net/cgi-bin/index.cgi
Throughout this document we provide commands required to configure specific features; however, in order to activate associated functionality, configuration changes need to be successfully committed (using the commit command).
This feature requires a license. To understand more about IPS License, see, Installing the IPS License (CLI). Please refer to the Juniper Licensing Guide for general information about License Management. Please refer to the product Data Sheets at SRX Series Services Gateways for details, or contact your Juniper Account Team or Juniper Partner.
See Also
IPS Configuration (CLI)
- Configuring Interfaces
- Configuring Security Zones
- Configuring IPS Security Policy
- Configuring Firewall Security Policy
- IPS Logging
Configuring Interfaces
Configuring Security Zones
Configuring IPS Security Policy
To deploy IPS policy on the SRX Series Firewalls, one more step is required—configuring firewall security policy to identify which traffic is to be processed by the IPS service. This is described in the following section.
Configuring Firewall Security Policy
For traffic entering the SRX Series Firewall to be processed by IPS security policy firewall, the security policy needs to be configured accordingly.
Following are steps required to configure firewall security policy and finalize Intrusion Prevention System configuration on the SRX Series gateway. This will result in traffic between security zones abc-untrust and abc-trust being inspected by IPS security policy abc-idp-policy.
IPS Logging
IPS generates event logs when an event matches an IPS policy rule in which logging is enabled. When you configure a rule for logging, the device creates a log entry for each event that matches that rule.
When configured to do so, an IPS service will send events that match policy entry to the logging server directly from the data plane via emulated IP address, encapsulated in 514/udp.
Configure logging: