Table of Contents
Advertisement
Network and Security Manager Administration Guide
Viewing Predefined DI Attack Object Groups
Updating Predefined DI Attack Objects and Groups
Creating DI Profiles
334
might choose to hide the exact pattern for specific attack objects. This is done to protect
the confidentiality of either the source or target of the specific attack object. In such
cases, the field displays Protected instead of the regular expression.
To view attack version information, click one of the Supported Platform links within an
attack object dialog box.
To view predefined attack object groups, in Object Manager, select Attack Objects , then
select the Predefined Attack Groups tab. The name of each attack object group indicates
the severity, protocol, and attack type of the individual attack objects contained within.
For example, the predefined attack object group CRITICAL:DNS:ANOMALY contains
predefined protocol anomaly attack objects that detect critical Domain Name Service
(DNS) attacks.
To locate all firewall rules that use a predefined attack object or group, right-click the
attack object group and select View Usages.
You cannot create, edit, or delete predefined DI attack objects or groups, but you can
update the attack object database with new attack objects created by Juniper Networks.
Updates can include:
New descriptions or severities for existing attack objects
New attack objects
Deletion of obsolete attack objects
A Deep Inspection (DI) Profile object contains predefined attack object groups (created
by Juniper Networks), and your own custom attack object groups. After creating the DI
Profile, you add the Profile object in the Rule Option column of a firewall rule.
To create a DI Profile:
In the navigation tree, select Object Manager > Attack Objects > DI Objects.
1.
Select the Profile tab.
2.
Click the Add icon to add a new Profile object.
3.
Configure the name, color, and comments for the profile object.
4.
To add members to the profile object, configure the following:
DI Severity Setting—Select a DI Severity setting for the profile object. The DI Severity
setting overrides the severity setting of the attack objects included in each profile
member.
Signature Category—Select a category of DI signatures. You can only select categories
for which you have a license.
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
