Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Capture IPS Data Packets of Devices

Configure Juniper Security Director Cloud to capture the IPS data packets of managed SRX Series Firewalls. The configuration involves the following two steps:

  • Enabling the logging of IPS packets in the IPS rule associated with the security policy used by the managed devices.

  • Configuring the IPS sensor for the devices that are involved in the IPS data packet capture process.

Configure IPS Rules to Capture IPS Data Packets

  1. Select SRX>Security Subscriptions>IPS>IPS Profiles.

    The IPS Profiles page opens.

  2. Click the IPS profile name.

    The specific IPS profile page opens.

  3. Select the IPS rule, click the options icon, and enable Capture packets.
  4. Click Advanced, and complete the configuration according to the guidelines in Table 1.
    Table 1: Create IPS Rule Settings
    Field Description
    Packets before attack

    Enter the number of received packets to capture before an attack for further analysis of the attack behavior. The range is from 1 to 255.

    This field is available only if you enable the Capture packets option.
    Packets after attack

    Enter the number of received packets to capture after an attack for further analysis of the attack behavior. The range is from 1 to 255.

    This field is available only if you enable the Capture packets option.
    Packet capture timeout

    Enter a time limit in seconds for capturing packets received after an attack. No packets are captured after the specified timeout has elapsed. The range is from 1 to 1800 seconds.

    This field is available only if you enable the Capture packets option.
  5. Click to save your changes.

  • The changes are saved, and a confirmation message is displayed at the top of the page.

  • Capturing data packets for the devices associated with the security policy using IPS rule is enabled.

See Also

Configure the IPS Sensor to Capture IPS Data Packets

  1. Select SRX>Security Policy>SRX Policy.

    The Security Policies page opens.

  2. Click IPS Sensor Settings.

    The IPS Sensor Settings page opens.

  3. Select the devices to configure the IPS sensor, and click the edit icon.

    The Edit IPS Sensor Settings page opens.

  4. Complete the configuration according to the guidelines in Table 2.
    Table 2: Edit IPS Sensor Settings
    Setting Guideline
    Devices selected

    The devices selected to configure the IPS sensor.
    PCAP server

    Enter the IP address or host name of the external server.
    Source address

    Enter the IP address of the source address.
    Port number

    Enter the port number of the host server where the captured packets are sent.
    Maximum sessions

    Enter the percentage of the total sessions to include during the packet capture session.
    Threshold logging interval

    Enter the interval period in minutes between each packet capture session.

    The range is from 1 to 60 minutes.
    Total memory

    Enter the percentage of the total memory capacity to use for the packet capture session.
  5. Click OK to save the configuration.

The IPS data packets of the devices configured with the IPS sensor will be captured.

See Also