Pushing Security Policy Updates To An Idp Device (Nsm Procedure) - Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1 Manual

Configuring intrusion detection and prevention devices guide

Table of Contents

Table 52: Troubleshooting: Security Policy Validation Errors (continued)

Error

Any-Any-None Rules

Any-Any-One Rules

Unsupported Options

Pushing Security Policy Updates to an IDP Device (NSM Procedure)

Chapter 10: Managing Security Policies in Intrusion Detection and Prevention Devices

Description

Any-Any-None rules are rules that specify any for the source and destination and none for

attacks. Because IDP must log all packets for all connections, this rule can cause severe IDP

performance penalties.

To resolve this problem, specify network objects for the destination and attack objects for

the attacks.

Any-Any-One rules are rules that specify any for the source and destination and a single

attack object for attacks. Because IDP must look at all network traffic, this rule can cause

severe IDP performance penalties.

To resolve this problem, specify network objects for the destination.

Rule contains options that are not supported on the target device.

To resolve this problem, upgrade the target device or remove the option from the rule.

Intrusion Detection and Prevention Devices and Security Policies Overview on page 31

Assigning a Security Policy in an Intrusion Detection and Prevention Device (NSM

Procedure) on page 117

Validating a Security Policy (NSM Procedure) on page 118

You must run a device configuration update job (also called pushing an update) in the

following cases:

After you have revised the security policy assigned to an IDP device. The configuration

changes you make in NSM do not affect the IDP device until you have successfully

pushed the configuration to the IDP device.

If you have deleted the device from NSM and reinstall it. In these cases, the IDP device

does not retain the previous security policy assignment.

If you use the NSM Device Manager to change IDP device settings.

To push configuration updates to multiple IDP devices:

Select Devices > Configuration > Update Device Config to display the Update

Devices Options dialog box.

Select the devices that you want to push configuration updates to and to set update

job options on. Table 53 on page 120 describes devices update job options.

Click OK.

119

Table of Contents

Troubleshooting

This manual is also suitable for:

Network and security manager 2010.3

Pushing Security Policy Updates To An Idp Device (Nsm Procedure) - Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1 Manual

Pushing Security Policy Updates to an IDP Device (NSM Procedure)

Troubleshooting

Related Manuals for Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1

Related Content for Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1

This manual is also suitable for:

Table of Contents