Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01 Manual page 71

Copyright © 2010, Juniper Networks, Inc.
Click New in the upper right corner of the policy viewer and select Add Network
3.
Honeypot Rulebase.
Click the New button within the rules viewer to add a rule.
4.
Modify the property of the rule by right-clicking the table cell for the property and
5.
making your modifications.
Configure or modify the rule using the settings described in Table 33 on page 55.
6.
Table 33: Network Honeypot Rulebase Rule Properties
Option
No
Source Address
Impersonate > Destination
Impersonate > Service
Operation
Function
Specifies if you want to add,
delete, copy, or reorder rules.
Specifies the address object
that is the source of the
traffic.
Specifies the address object
that is the destination of the
traffic, typically a server or
other device on your network.
Specifies the services running
on your network.
Specifies whether or not IDP
fakes open ports.
Chapter 4: Configuring Security Policies
Your Action
Right-click the table cell for the
rule number and make your
required modifications.
Select any source address or
group.
Select the destination object.
NOTE: You can also negate one
or more address objects to specify
all destinations except the
excluded object.
Select the services you want to
monitor.
Select any of the following
options:
Ignore—This option allows free
passage on your network when
creating rules for trusted traffic.
Impersonate—IDP creates a
fake port open to the public
based on the destination IP
addresses and service you
selected.
55