Table of Contents
Advertisement
Copyright © 2010, Juniper Networks, Inc.
Validating a security policy can identify potential problems before you install it.
a.
In the navigation tree, select Device Manager.
b.
From the Device Manager launchpad, select Validate > Validate IDP Policy and
select the device. A Job Manager window displays job information and progress.
If NSM identifies a problem in the policy during policy validation, it displays
information about the problem at the bottom of the selected rulebase. For
example, if you included a non-IDP capable security device in the Install On
column of an IDP rule, policy validation displays a error message.
Install the security policy.
3.
During policy installation, NSM installs the entire security policy, including the firewall
and IDP rules, on the security devices you selected in the Install On column of each
rule.
To install a policy:
a.
In the navigation tree, select Device Manager.
b.
From the Device Manager launchpad, select Update Device.
c.
Select the ISG2000 or ISG1000 security device.
d.
Click OK . A Job Manager window displays job information and progress.
Reviewing IDP Logs
After you have enabled IDP on the device and installed a security policy that uses the
IDP detection and prevention functionality, IDP logs begin to appear in the NSM Log
Viewer (assuming you enabled IDP logging for each IDP rule). Depending on the attack
objects you included in the IDP rule, the IDP log entries you receive might provide details
of events such as attacks against your network, protocol anomalies, or even simple login
attempts.
To view IDP log entries:
Go to the main navigation tree and expand the Investigate panel.
1.
Select Log Viewer > Predefined > 3-IDP/DI. The Log Viewer displays all IDP logs
2.
generated by the security device.
NOTE: The DI/IDP Logs view is a predefined custom view applied to all log entries
received by NSM. To view all log entries for all devices in the selected domain without
filters, select the Log Viewer module in the main navigation tree.
We recommend you review and analyze these log entries to determine the effectiveness
of your current security policy and IDP rules. Log entries are often a valuable insight into
your network traffic. You can see where traffic is coming from, where traffic is going to,
and what malicious content (if any) the traffic contains.
Chapter 2: Planning Your Virtual Network
53
Advertisement
Table of Contents
