Configuring Protocol Handling (Nsm Procedure) - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01 Manual
Configuring intrusion detection and prevention devices guide
Hide thumbs
Also See for NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01:
- Manual (444 pages) ,
- Administration manual (1026 pages) ,
- Installation manual (244 pages)
Table of Contents
Advertisement
Table 50: IDP Device Configuration: Router Parameter Settings
Setting
ARP timeout (seconds)
ARP proxy timeout
(seconds)
Log ARP attacks
MAC timeout (seconds)
MAC proxy timeout
(seconds)
Related
Documentation
Configuring Protocol Handling (NSM Procedure)
Copyright © 2010, Juniper Networks, Inc.
Description
When the virtual router is in proxy-ARP mode, this setting controls how long an ARP entry is
maintained in the virtual router. If IDP does not receive an ARP reply before the timeout expires,
the ARP entry times out. The default is 3600 seconds.
In proxy-ARP mode, IDP sends out proxy ARPs on all interfaces except the one on which an ARP
request was received. This setting indicates how long the original ARP entry is maintained in the
virtual router if IDP does not receive an ARP reply through that interface. The default is 20 seconds.
When selected, IDP detects and logs all spoofed ARP requests/replies and other ARP anomalies.
This setting is enabled by default.
When the virtual router is in bridge mode, this setting controls how long a MAC entry is maintained
in the virtual router. The default is 3600 seconds.
In bridge mode, IDP performs MAC discovery if the target MAC address is not in its MAC table. This
setting controls how long the entry is maintained in the virtual router until a reply comes back. The
default is 20 seconds.
Configuring Protocol Handling (NSM Procedure) on page 97
Configuring Load-Time Parameters (NSM Procedure) on page 89
The protocol anomaly detection methods identify traffic that deviates from RFC
specifications. In general, you modify protocol thresholds and configuration settings only
if you encounter false positives or performance issues.
To tune protocol anomaly detection thresholds:
In NSM Device Manager, double-click the IDP device that you want to modify. The
1.
device configuration editor appears.
Click Sensor Settings.
2.
Click the Protocol Thresholds and Configuration tab.
3.
Configure the protocol thresholds using Table 51 on page 98.
4.
Click Apply.
5.
Click OK.
6.
Chapter 8: Configuring Intrusion Detection and Prevention Device Settings
97
Advertisement
Table of Contents
Troubleshooting
Need help?
Do you have a question about the NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01 and is the answer not in the manual?
Questions and answers