Table of Contents
Advertisement
Intrusion Detection and Protection
Intrusion Detection and Protection (IDP) is a mechanism for filtering the traffic
permitted by firewall policies. IDP uses a variety of techniques such as examining
Layer 3 and 4 packet headers and Layer 7 application content and protocol
characteristics in an effort to detect and prevent any attacks or anomalous behavior
that might be present in permitted traffic.
For more information about IDP, see the ISG 2000 Getting Started with IDP Guide.
NOTE:
You can use NetScreen-Security Manager, the WebUI, or the CLI to install an IDP
license key, but to configure IDP for the ISG 2000, you must use NetScreen-Security
Manager.
When you install an IDP license key, the ISG 2000 automatically disables Deep
NOTE:
Inspection (DI).
Minimum Configuration for a NetScreen-Security Manager Connection
Before you can manage the ISG 2000 with NetScreen-Security Manager, you need to
set up the ISG 2000 on the network so that NetScreen-Security Manager can
connect to it. At a minimum, you need to configure the following on the ISG 2000:
For example, to set up the ISG 2000 for NetScreen-Security Manager to connect to it
through ethernet1/1, do the following:
You can now connect to the ISG 2000 through ethernet1/1 from NetScreen-Security
Manager and continue configuring the device.
Set an IP address for the interface through which NetScreen-Security Manager
can connect to the ISG 2000.
If there is a network forwarding device between the ISG 2000 and the
NetScreen-Security Manager server, set a route through that device to the server.
Enable the ISG 2000 for management from NetScreen-Security Manager. This is
enabled by default.
Cable the ISG 2000 to the network as described in "Connecting the Device to a
Network" on page 24
Log in to the device, and then enter the following commands:
set interface ethernet1/1 zone untrust
set interface ethernet1/1 ip 1.1.1.1/30
set vrouter trust-vr route 0.0.0.0/0 interface ethernet1/1 gateway 1.1.1.2
set nsm enable
save
Chapter 1: Configuring
Intrusion Detection and Protection
15
Advertisement
Table of Contents
Related Manuals for Juniper ISG 2000
Related Products for Juniper ISG 2000
- Juniper IDP 8200
- Juniper IDP 250
- Juniper IDP 800
- Juniper IGP - CONFIGURATION GUIDE V11.1.X
- Juniper IP - CONFIGURATION GUIDE V11.1.X
- Juniper IPV6 - CONFIGURATION GUIDE V11.1.X
- Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - IP-IPV6-IGP CONFIGURATION GUIDE 2010-10-31
- Juniper NETWORK AND SECURITY MANAGER NSMXPRESS SERIES II - REV1