Table of Contents
Advertisement
Setting VLAN Tags for IDP Rules
Copyright © 2010, Juniper Networks, Inc.
Setting an Alert—In the Configure Notification dialog box, select Alert and then click
OK. If Alert is selected and the rule is matched, the security device places an alert flag
in the Alert column of the Log Viewer for the matching log record.
Logging Packets—You can record the individual packets in the network traffic that
matched a rule by capturing the packet data for the attack. Viewing the packets used
in an attack on your network can help you determine the extent of the attempted attack
and its purpose, whether or not the attack was successful, and any possible damage
to your network.
NOTE: To improve performance, log only the packets after the attack.
If multiple rules with packet capture enabled match the same attack, the security
device captures the maximum specified number of packets. For example, you configure
Rule 1 to capture 10 packets before and after the attack, and Rule 2 to capture 5 packets
before and after the attack. If both rules match the same attack, IDP attempts to
capture 10 packets before and after the attack.
NOTE: Packet captures are restricted to 256 packets before and after the attack.
You can choose to apply rules to traffic on certain VLANs only. Normally, for a rule to
take effect, it must match the packet source, destination, service, and attack objects. If
the VLAN cell is populated with a value other than any, then the rule will also consider
the packet's VLAN tag when determining a match.
The IDP, Exempt, Backdoor, SYN Protector, Traffic Anomalies, and Network Honeypot
rulebases support VLAN matching. VLAN matching is only supported in Transparent and
Sniffer modes.
NOTE: VLAN matching is supported in IDP 4.1 and later. Rules with a VLAN Tag field
set to anything other than any are removed from the rulebase before NSM sends the
security policy to an IDP device that does not support VLAN tags.
VLAN tag matching can be set to any, none, a particular VLAN tag value, or a range of
VLAN tag values. Use VLAN objects to create individual VLAN tags or ranges of VLAN
tags. You can assign more than one VLAN object to a rule. To assign a VLAN object to a
rule, or to set the VLAN Tag value to none, right-click in the VLAN Tag cell of the rule.
VLAN matching works as follows:
Any: Matches traffic with any or no VLAN tag (default)
Single tag: Matches traffic with that specific tag only
Range of tags: Matches traffic with any tag in that range
None: Matches only traffic that has no VLAN tag
Chapter 9: Configuring Security Policies
469
Advertisement
Table of Contents
