Table of Contents
Advertisement
Network and Security Manager Administration Guide
Setting Severity for IDP Rules
Setting Target Devices for IDP Rules
Entering Comments for IDP Rules
470
(This column only appears when you view the security policy in Expanded Mode. To
change the security policy view from Compact Mode to Expanded Mode, from the menu
bar, select View > Expanded Mode.)
You can override the inherent attack severity on a per-rule basis within the IDP rulebase.
You can set the severity to either Default, Info, Warning, Minor, Major, or Critical.
To change the severity for a rule, right-click the Severity column of the rule and select a
severity.
For each rule in the IDP rulebase, you can select which devices the rule applies to. When
you install the security policy that the rule belongs to, the rule becomes active only on
the devices you selected in the Install On column of the rulebase.
NOTE: NSM supports IDP on ISG gateways running ScreenOS 5.0.0-IDP1 and later,
standalone IDP appliances running IDP 5.0 and later, J Series routers, SRX Series
gateways, and MX Series routers .
You can enter notations about the rule in the Comments column. Anything you enter in
the Comments column is not pushed to the target devices. To enter a comment, right-click
the Comments column and select Edit Comments. The Edit Comments dialog box
appears. You can enter up to 1024 characters in the Comments field.
You can deploy an ISG2000 or ISG1000 gateway as a standalone IDP security system
protecting critical segments of your private network. For example, you might already
have a security device actively screening traffic between the Internet and your private
network (some device can optionally use Deep Inspection to inspect this traffic), but you
still need to protect internal systems, such as mail servers, from attacks that might
originate from user machines in an otherwise trusted network. In this case, you need a
security system that provides IDP instead of firewall functions.
Standalone IDP Sensors function in this mode by default and do not have to be specifically
configured for it.
In this example, you are deploying an ISG2000 device as a standalone IDP security system
between the Trust zone and the custom "Data_Center" zone in your network. Your
company's file, mail, and database servers reside in the Data_Center zone. While you
want to allow users in the Trust zone to be able to access the servers in the Data_Center
zone, you also need to protect the servers from attacks that inadvertently might have
been introduced into a user machine in the Trust zone. You create a firewall rule from
the Trust to the Data_Center zone that allows traffic from any source to any destination
for any service, then enable IDP in the Rule Options column.
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
