Table of Contents
Advertisement
Configuring Intrusion Detection and Prevention Devices Guide
52
Click New in the upper right corner of the policy viewer and select Add Traffic
3.
Anomalies Rulebase.
Click the New button within the rules viewer to add a rule.
4.
Modify the property of the rule by right-clicking the table cell for the property and
5.
making your modifications.
Configure or modify the rule using the settings described in Table 32 on page 52.
6.
Table 32: Traffic Anomalies Rulebase Rule Properties
Option
No
Match > Source
Match > Destination
Match > Service
Traffic Anomaly
Function
Specifies if you want to add,
delete, copy, or reorder rules.
Specifies the address object
that is the source of the
traffic.
Specifies the address object
that is the destination of the
traffic, typically a server or
other device on your network.
Specifies service objects in
rules to service an attack to
access your network.
Specifies how IDP is to treat
the matching traffic.
Your Action
Right-click the table cell for the
rule number and make your
required modifications.
Select any to monitor network
traffic originating from any IP
address.
NOTE: You can also negate one
or more address objects to specify
all sources except the excluded
object.
Select the destination object.
NOTE: You can also negate one
or more address objects to specify
all destinations except the
excluded object.
Set a service by selecting any of
the available options.
NOTE: We recommend that you
do not change the default value,
TCP-ANY.
Select any of the following
options:
Ignore—IDP ignores this traffic.
This option excludes traffic from
trusted sources that might be
falsely construed as a scan.
Detect—IDP matches this traffic
and takes the IP action that you
have set.
When you select this option, the
Traffic Anomalies dialog box
appears. Select the scans or
sweep you want to detect and
enter values for Port Count and
Time Threshold (in seconds) or
Session Count.
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
Troubleshooting
Related Manuals for Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
Related Products for Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - API GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING J SERIES SERVICES ROUTERS AND SRX SERIES SERVICES GATEWAYS GUIDE REV
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - NSMXPRESS SERIES II REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - M-SERIES AND MX-SERIES DEVICES GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.2
- Juniper MEDIA FLOW MANAGER 2.0.2 - ADMINISTRATOR S GUIDE AND CLI
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CATEGORY OFFENSE INVESTIGATION GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT ADMINISTRATION GUIDE REV 1
- Juniper MEDIA FLOW CONTROLLER 2.0.5
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - SNMP AGENT GUIDE REV 1