Use Case 2: Import a Firewall Policy that Has IPS Policy Configured
SUMMARY An intrusion prevention system (IPS) policy enables you to selectively enforce various attack detection and prevention techniques on the network traffic passing through an IPS-enabled device. In this section, you’ll learn how to import a device running Junos OS Release 18.2 (that has a firewall policy with an IPS policy configured) to Junos Space Security Director. You’ll see that the assigned IPS policy is imported along with the firewall policy.
What's Next
To learn more about IPS features, see Junos Space Security Director User Guide.
Benefits
Each imported firewall policy rule can have a different IPS policy assigned.
Simplifies application-based security policy management at Layer 7.
Provides greater control and extensibility to manage dynamic applications traffic.
Before You Begin
Install Junos Space Security Director and Log Collector. See Junos Space Security Director Installation and Upgrade Guide.
Ensure that IPS is enabled on the SRX Series device.
Ensure that the SRX Series device runs Junos OS Release 18.2 or later.
Although this use case has been specifically validated against Junos Space Security Director Release 19.3 and an SRX Series device running Junos OS Release 18.2, you can use Junos OS Release 18.2 or later.
Only mandatory fields and other required fields are included in the procedures in this use case.
Overview
Starting in Junos Space Security Director Release 19.3, when you import a firewall policy from an SRX Series device running Junos OS Release 18.2 or later, the IPS policy that is assigned to the firewall policy is also imported. The imported device is assigned to the firewall policy, and is displayed on the firewall policies page. The imported device is not displayed on the IPS Policies page.
In the following topology, we have an enterprise local area network behind a Layer 2 switch. The switch is connected to an SRX Series firewall that has IPS enabled and inspects all the traffic traveling in and out of the network. The SRX Series device can be in any form: hardware, virtual, or containerized.
Import a Firewall Policy
Let’s import a firewall policy from an SRX Series device running Junos OS Release 18.2:
CLI Configuration
Here is the CLI configuration from the vSRX Virtual Firewall-18.2 device:
set security idp idp-policy IPS-Policy-1 rulebase-ips rule
rule1 match from-zone any
set security idp idp-policy IPS-Policy-1 rulebase-ips rule
rule1 match to-zone any
set security idp idp-policy IPS-Policy-1 rulebase-ips rule
rule1 match application default
set security idp idp-policy IPS-Policy-1 rulebase-ips rule
rule1 match attacks predefined-attacks
ICMP:INFO:ECHO-REPLY
set security idp idp-policy IPS-Policy-1 rulebase-ips rule
rule1 then action recommended
set security policies global policy rule-one match source-address
any
set security policies global policy rule-one match destination-address
any
set security policies global policy rule-one match application
any
set security policies global policy rule-one then permit
application-services idp-policy IPS-Policy-1
Verify the Imported Configuration in Security Director
Purpose
Let's verify that the device is assigned to the imported firewall policy. You’ll see that the device is not assigned to the imported IPS policy on the IPS Policies page.
Action
Select Configure > IPS Policy > Policies.
The device is not displayed for the imported IPS policy on the IPS Policies page.
Select Configure > Firewall Policy > Standard Policies.
The imported firewall policy (vsrx-18.2) and the assigned device (vsrx-18.2) are displayed on the Standard Policies page.
Click the rules for the vsrx-18.2 firewall policy.
On the firewall policy rules (vsrx-18.2/Rules) page, you’ll see the imported IPS policy (IPS-Policy-1) in the Advanced Security column.
If a device runs Junos OS Release 18.2 or later and has deprecated active-idp policy CLI, Junos Space Security Director imports the IPS policy and assigns it to all firewall policy rules with IPS ON.