Intrusion Detection and Prevention
-
Encryption support for IDP packet capture (SRX Series, vSRX, and vSRX 3.0)—Starting in Junos OS Release 22.1R1, you can enable a secure SSL or TLS connection to send an encrypted IDP packet capture log to the packet capture receiver. To establish the SSL or TLS connection, you must specify the SSL initiation profile that you want to use in the IDP packet log configuration.
In earlier releases, when IDP detects an attack, it sends a decrypted IDP packet log to the packet capture receiver over UDP traffic. Sending a decrypted packet log is not a secure process, especially when packet-log is captured for encrypted traffic.
To enable SSL or TLS connection for IDP packet log, run the
set security idp sensor-configuration packet-log ssl-profile-name profile-name
command. To view the new packet log counters, use theshow security idp counters packet-log
command.[See IDP Security Packet Capture, packet-log (Security IDP Sensor Configuration), and show security idp counters packet-log.]