Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Intrusion Detection and Prevention

  • Support for Perl-compatible regular expression (PCRE) version 8.40 (SRX Series and NFX Series)—Starting in Junos OS Release 21.1R1, we’ve upgraded the codebase of intrusion detection and prevention (IDP) from PCRE version 5.40 to PCRE version 8.40. As PCRE version 8.40 supports new regex constructs, this upgrade enhances the capability of Junos OS IDP attack signatures to match regular expressions. With this upgrade, we've also addressed security vulnerabilities in the Junos OS PCRE codebase.

    [See pattern-pcre (Security IDP).]

  • Support for Snort IPS signatures (SRX Series and NFX Series)—Starting in Junos OS Release 21.1R1, Juniper Networks IDP supports Snort IPS signatures. IDP secures your network by using signatures that help to detect attacks. Snort is an open-source intrusion prevention system (IPS). You can convert the Snort IPS rules into Juniper IDP custom attack signatures using the Juniper Integration of Snort Tool (JIST). These rules help detect malicious attacks.

    • JIST is included in Junos OS by default. The tool supports Snort version 2 and version 3 rules.
    • JIST converts the Snort rules with snort-ids into equivalent custom attack signatures on Junos OS with respective snort-ids as the custom attack names.
    • When you run the request command with Snort IPS rules, JIST generates set commands equivalent to the Snort IPS rules. Use the request security idp jist-conversion command to generate the set commands as CLI output. To load the set commands, use the load set terminal statement or copy and paste the commands in the configuration mode, and then commit. You can then configure the existing IDP policy with the converted custom attack signatures.
    • All the Snort IPS rule files that didn’t get converted are written to /tmp/jist-failed.rules. The error log files generated during the conversion are written to /tmp/jist-error.log.
    • To view the jist-package version, use the show security idp jist-package-version command.

    [See Understanding Snort IPS Signatures, request security idp jist-conversion , and show security idp jist-package-version .]