Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

IPS Profiles Overview

An intrusion prevention system (IPS) is a security configuration that defines how network traffic is inspected and mitigated for threats using IPS rules. It is a collection of unified IPS rules and exempt rules that are applied to traffic through a firewall policy rule. The IPS profiles are used to detect and prevent malicious activity by inspecting traffic for known attack signatures and behaviors.

To deploy an IPS profile on a device, associate it with a firewall policy rule that is applied to the device. Each IPS profile can include both IPS rules and exempt rules.

The IPS profile configuration workflow is as follows:

  1. Create an IPS profile.

  2. Add IPS rules.

  3. Add exempt rules, if needed.

  4. Associate the profile with a firewall policy.

  5. Deploy the policy to devices.

Note: Juniper Security Director Cloud supports only IPS Profiles with unified rules. IPS profiles with standard rules are not supported.

Use the IPS Profiles page to manage IPS profiles. To access this page, select SRX > Security Subscriptions > IPS > IPS Profiles.

Field Descriptions - IPS Profiles Page

Table 1: Fields on the IPS Profiles Page

Field

Description

Policy Name

The name of the IPS profile.

Click the IPS-Profile-Name to manage the IPS rules associated with the IPS profile. The IPS-Profile-Name page opens.

Rules

Indicates the count of rules created in the IPS profile.

Click the rule count to manage the IPS rules associated with the IPS profile. The IPS-Profile-Name page opens.

Predefined / Custom

Indicates whether the IPS profile was system-generated (Predefined) or created by a user (Custom).

Description

The description of the IPS profile.

Field Descriptions - <IPS-Profile-Name> Page

When you click a profile name, the IPS profile page is displayed. You can view, add, modify, clone, or delete the IPS rules and exempt rules in the IPS profiles.

Table 2: Fields on the <IPS-Profile-Name> Page

Field

Description

Name

The name of the IPS rule or exempt rule.

IPS Signatures

Displays the IPS signatures associated with the IPS rule or exempt rule.

If multiple signatures are associated with the rule, the number of additional signatures is displayed. Hover over the number to view the full list of signatures.

Action

Displays the action to be taken when the IPS rule is matched.

Options

Displays the following options for IPS rules:

  • The logging options configured if advance settings (to be taken when the rule is matched) are configured. Hover over the arrow icon to view the logging options configured.

  • The advance settings configured if advance settings (to be taken when the rule is matched) are configured. Hover over the gear icon to view the advance settings configured.

Related Documentation