Table of Contents
Advertisement
Quick Links
Advertisement
Table of Contents
Subscribe to Our Youtube Channel
Related Manuals for Juniper NetScreen-IDP 3.0
Summary of Contents for Juniper NetScreen-IDP 3.0
- Page 1 UICK TART UIDE NetScreen-IDP 3.0 V/N 3.0 P/N 093-1509-000 Rev. B...
- Page 2 Use of the Enterprise Security Profiler may subject users in certain countries to obligations under applicable laws and regulations, including data protection laws. Juniper Networks makes no representation or warranty that your use of this feature will comply with all applicable laws and regulations and you are encouraged to seek advice of counsel to understand your obligations, if any, under applicable laws and regulations.
-
Page 3: Table Of Contents
OPTIONAL BSMI W ..................25 ARNING ..............26 NSTALL THE NTERFACE ............28 ETWORK OMPONENTS ...............29 NSTALL A ECURITY OLICY ................30 UN THE ROFILER ............31 PDATE TTACK BJECTS -IDP Q ............32 CREEN UICK HEET QuickStart Guide, Juniper Networks NetScreen-IDP 3.0 | 3... -
Page 4: Overview
VERVIEW This guide describes how to install version 3.0 of the Juniper Networks NetScreen-Intrusion Detection and Prevention (IDP) system for non-high availability (HA) configurations that use the NetScreen-IDP 10, 100, 500, or 1000 appliances. This guide also describes how to use an NS-IDP-BYP (Bypass Unit) with your NetScreen-IDP 10, 100, 500, or 1000 system. - Page 5 IDP Management Server, the IDP Sensor, and the User Interface for all IDP appliances. The NS-IDP-BYP is preconfigured to work with NetScreen-IDP 10, 100, 500, and 1000 appliances running IDP 2.1 or 3.0 Sensor software; no additional configuration is required. QuickStart Guide, Juniper Networks NetScreen-IDP 3.0 | 5...
-
Page 6: Choose A Deployment Mode
IDP appliance is disrupted, the Bypass Unit can automatically reroute traffic. To use a Bypass Unit for fail-open protection with a NetScreen- IDP appliance, you must deploy the IDP Sensor in bridge or transparent mode. 6 | Juniper Networks, Inc. - Page 7 • Must use a hub or the span port of a • Does not create an additional point-of- switch failure gateway • Cannot use NS-IDP-BYP for fail-open • Can monitor and log suspicious network protection activity QuickStart Guide, Juniper Networks NetScreen-IDP 3.0 | 7...
- Page 8 G W 1 .1 .1 .1 Advantages Disadvantages • Can reliably respond to and prevent • Affects layer-3 IP networks (routing attacks tables) • Can connect IP networks with different • Cannot use NS-IDP-BYP for fail-open address spaces protection 8 | Juniper Networks, Inc.
- Page 9 • Simple, transparent deployment • Allows layer-2 broadcasts (DHCP, etc.) • No changes to routing tables or network equipment • Can use NS-IDP-BYP for fail-open protection • Can forward non-IP traffic (transparent mode only) QuickStart Guide, Juniper Networks NetScreen-IDP 3.0 | 9...
- Page 10 ARP entries • Simple, transparent deployment • Cannot use NS-IDP-BYP for fail-open protection When you have chosen a deployment mode for your IDP system, proceed to “Install the IDP Management Server” on page 11. 10 | Juniper Networks, Inc.
-
Page 11: Install The Idp Management Server
This configuration is often easier to install, but can negatively impact Sensor performance. If you are using multiple Sensors or are operating in a production environment, Juniper Networks strongly recommends that you install the Management Server software on another machine. You cannot install the Management Server software on the NetScreen-IDP 10 , 500, or 1000 appliance, or the NS-IDP-BYP Unit. - Page 12 6. Change to the Management Server directory using the command. For Linux: cd /mnt/cdrom/Mgt-Svr/Linux For Solaris: cd /cdrom/cdrom0/Mgt-Svr/Solaris 7. Run the Management Server install script by typing the appropriate command: For Linux: ./mgtsvr_linux_3_0.sh 12 | Juniper Networks, Inc.
- Page 13 Management Server computer. For quick reference, write the Management Server IP address in the table below: Management Server IP Address When you have successfully installed the Management Server, proceed to “Connect to the IDP Appliance” on page 14. QuickStart Guide, Juniper Networks NetScreen-IDP 3.0 | 13...
-
Page 14: Onnect To The Idp Appliance
1. Connect a standalone computer, such as a laptop, to the IDP appliance eth2 port. To connect directly to the appliance, use a crossover cable. To connect to the appliance over a hub or switch, use a straight-through cable. 14 | Juniper Networks, Inc. - Page 15 Press Enter to continue. 4. When prompted, set a default route by pressing y. Enter the default route for the computer that you will use to configure the Sensor software. Press Enter. QuickStart Guide, Juniper Networks NetScreen-IDP 3.0 | 15...
- Page 16 HTTP, you MUST enter https:// before the IP address. 7. Enter the default user name (root) and password (abc123). When the ACM wizard appears, proceed to “Configure the IDP Sensor” on page 17. 16 | Juniper Networks, Inc.
-
Page 17: Onfigure The Idp Sensor
• Install Management Server Locally (Optional) • Management Server password for the User Interface Mode • Deployment mode: sniffer, router, bridge, transparent, or proxy-ARP • Enable Bypass Unit (Optional) • Enable/choose high availability solution QuickStart Guide, Juniper Networks NetScreen-IDP 3.0 | 17... - Page 18 • Save all changes • Apply the configuration to the IDP appliance • Reboot the IDP appliance After you have saved and applied a configuration to the IDP Sensor, exit the ACM by closing the Web browser window. 18 | Juniper Networks, Inc.
- Page 19 IDP appliance. If you changed the IP address of a standalone computer to access the ACM, be sure to change it back to its original IP address. Proceed to “Connect IDP to Your Network” on page 20. QuickStart Guide, Juniper Networks NetScreen-IDP 3.0 | 19...
-
Page 20: Connect Idp To Your Network
Forwarding Forwarding Can also be Interface Interface management interface eth2 eth3 Optional IDP 500 IDP 1000 eth0 eth1 Optional Forwarding Forwarding Interface Interface to external network to external network 20 | Juniper Networks, Inc. - Page 21 • If you are using a Bypass Unit, proceed to “Connect the NS-IDP-BYP (optional)” on page 22. • If you are not using a Bypass Unit, proceed to “Install the User Interface” on page 26. QuickStart Guide, Juniper Networks NetScreen-IDP 3.0 | 21...
-
Page 22: Optional )
N E T -O U T ID P -O U T H eartb eat F lo w T rusted N o rm al T raffic F lo w S w itch B yp ass T raffic F lo w 22 | Juniper Networks, Inc. - Page 23 Reboot the IDP Sensor by typing: reboot;reboot NS-IDP-BYP Specifications The following sections provide general system specifications for the NS-IDP-BYP. NS-IDP-BYP Attributes Height: 1.35 inches Depth: 5 inches Width: 8 inches Weight: 1.5 pounds QuickStart Guide, Juniper Networks NetScreen-IDP 3.0 | 23...
- Page 24 Status LEDs The status LED indicates the operation of the NS-IDP-BYP device. Status LED Operation Blinking Green Bypass unit is passive (NetScreen-IDP appliance is up) Blinking Orange Bypass unit is active (NetScreen-IDP appliance is down) 24 | Juniper Networks, Inc.
-
Page 25: Bsmi Warning
BSMI Warning The Bureau of Standards Metrology and Inspection (BSMI) is an agency of the government of China (Taiwan), which requires the following label on technological equipment: QuickStart Guide, Juniper Networks NetScreen-IDP 3.0 | 25... -
Page 26: Install The User Interface
3. Follow the directions in the dialog boxes to install the UI. When prompted for a Web browser, you can change the default location of your Web browser. Click Choose to display the Web browser dialog box. 26 | Juniper Networks, Inc. - Page 27 • User Name. Use the default user name admin. • Password. Use the password you specified when you installed the Management Server. When you have installed the UI, proceed to “Add Network Components” on page 28. QuickStart Guide, Juniper Networks NetScreen-IDP 3.0 | 27...
-
Page 28: Add Network Components
Anti Spoof tab. 4. Click OK. A confirmation dialog box appears, prompting you to register your new Sensor with the Juniper Networks customer support Web site. Click the registration link to register the Sensor (registration is required for Attack Object updates). -
Page 29: Install A Security Policy
Security Policy on the Sensor. You should also verify that the Sensor is correctly connected to your network by sending other types of traffic through the IDP appliance. You can use the default Security Policy created by Juniper Networks, or you can create a new, custom Security Policy for your network. -
Page 30: Run The Profiler
7. Select Sync and the checkbox next to the name of your Sensor and then click Go. Once the synchronization is complete, click Close. 8. Click Click here to view profiler data to verify that you are collecting Profiler information about your network. 30 | Juniper Networks, Inc. -
Page 31: Update Your Attack Objects
IDP system, see the Concepts & Examples Guide, NetScreen-IDP 3.0. Problems? You can contact Juniper Networks customer support, as well as accessing general information about known issues, IDP versions, and the IDP FAQ, by visiting the Juniper Networks Support Web site at www.juniper.net/support/. -
Page 32: Net Screen -Idp Quick Sheet
8, RHEL AS/ES/WS 3, or Solaris 8/9. Interfaces & Management interface: default is eth2 IP Addresses IP address: must be unique, default is 192.168.1.1 Bridge, Router, Proxy- interface: any interface; can use multiple interfaces ARP, Transparent IP address: must be unique 32 | Juniper Networks, Inc.
Need help?
Do you have a question about the NetScreen-IDP 3.0 and is the answer not in the manual?
Questions and answers