Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1 Manual page 66

Configuring Intrusion Detection and Prevention Devices Guide
50
Table 31: SYN Protector Rulebase Rule Properties (continued)
Option
Mode
Notification
Function
Specifies the mode that
indicates how IDP handles
TCP traffic.
Allows you to create log
records with attack
information that you can view
real-time in the Log Viewer.
NOTE: For more critical
attacks, you can also set an
alert flag to appear in the log
record.
Your Action
Select any of the following
options:
None—Specifies that IDP takes
no action and does not
participate in the three-way
handshake.
Relay—Specifies that IDP acts
as the middleman or relay, for
the connection establishment,
performing the three-way
handshake with the client host
on behalf of the server.
NOTE: Relay mode might note
work as expected for MPLS traffic.
When the IDP engine processes
MPLS traffic, it stores the MPLS
label information for traffic in each
direction. In the case of traffic that
matches SYN Protector rules in
relay mode, the IDP appliance is
programmed to send a SYN-ACK
before the traffic has reached the
server. In these cases, the IDP
engine does not have
server-to-client MPLS label
information. Therefore, the
SYN-ACK packet does not include
an MPLS label. Some MPLS
routers can add packets without
a label to an existing MPLS tunnel;
others drop such packets.
Passive—Specifies that IDP
handles the transfer of packets
between the client host and the
server, but does not actively
prevent the connection from
being established.
Select Configure to create log
records.
NOTE: The Configure menu option
does not appear if the Mode
column is set to None.
Select Logging to have a log
record created each time the
rule is matched.
Select Alert to have an alert flag
placed in the Alert column of
the Log Viewer for the matching
log record.
In the Log Actions tab, select
desired log actions, if any.
Copyright © 2010, Juniper Networks, Inc.