Configuring The Infranet Controller To Interoperate With Idp; Configuring Isg-Idp As A Sensor On The Infranet Controller (Nsm Procedure) - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INFRANET CONTROLLER GUIDE REV 01 Manual

CHAPTER 18
Configuring the Infranet Controller to
Interoperate with IDP

Configuring ISG-IDP as a Sensor on the Infranet Controller (NSM Procedure)

Copyright © 2010, Juniper Networks, Inc.
NOTE: For the Infranet Controller to interoperate with IDP, the
ic-xxxx-ADD-tctrl coordinated threat control license is required.
Configuring ISG-IDP as a Sensor on the Infranet Controller (NSM Procedure) on page 193
Configuring Infranet Controller Sensor Settings for Connecting to a Standalone IDP
Device (NSM Procedure) on page 194
Configuring Sensor Event Policies (NSM Procedure) on page 196
Creating a Custom Expression for Sensor Settings (NSM Procedure) on page 198
When ISG-IDP is configured, ISG-IDP notifies the Infranet Controller when an attack event
is detected from any endpoint. To avoid overwhelming the SSH connection between the
Infranet Controller and the Infranet Enforcer, the number of attack notifications is limited
to 10 per second. If additional attacks are detected, the Infranet Enforcer holds an
additional 10 notifications in a queue.
To configure ISG-IDP on the Infranet Controller:
In the NSM navigation tree, select Device Manager > Devices.
1.
Click the Device Tree tab, and then double-click the Infranet Controller device on
2.
which you want to configure ISG-IDP.
Click the Configuration tab. In the configuration tree, select UAC > Infranet Enforcer.
3.
The corresponding workspace appears.
Select the name of the Enforcer on which you want to configure IDP.
4.
Select the Use IDP Module check box.
5.
Select IDP for this IC's sessions only to restrict ISG-IDP to report attacks from end
6.
points whose authentication table entries are present on ISG-IDP.
Do not select this option, if you want attack alerts for attacks generated by unknown
users to be published to IF-MAP.
193