Table of Contents
Advertisement
Network and Security Manager Administration Guide
Configuring Antispam Rules
Configuring IDP Rules
462
Antispam settings are stored in profiles. Initially, NSM will have only one antispam profile
available: ns-profile.
To assign an antispam profile to a policy, do the following:
Double-click the Rule Options cell in a rule.
1.
In the Configure Options dialog, click the Antispam tab.
2.
Check the Enable Antispam profile check box.
3.
Select ns-profile in the Profile Name pull-down menu.
4.
Click OK.
5.
The IDP rulebase protects your network from attacks by using attack objects to identify
malicious activity and take action. Creating an IDP rule involves the following steps:
"Defining Match for Firewall Rules" on page 443 (does not apply to rulebases for
standalone IDP Sensors) —The type of network traffic you want IDP to monitor for
attacks, such as source/destination zones, source/destination address objects, and
the application layer protocols (services) supported by the destination address object.
You can also negate zones, address objects, or services.
Standalone IDP Senors do not use firewall rules.
"Configuring Terminal IDP Rules" on page 466—By default, rules in the IDP rulebase are
non-terminal, meaning that IDP examines all rules in the rulebase and all matches are
executed. You can specify that a rule is terminal; if IDP encounters a match for the
source, destination, and service specified in a terminal rule, it does not examine any
subsequent rules for that connection. Note that the traffic does not need to match the
attacks specified in the terminal rule. Terminal rules should appear near the top of the
rulebase, before other rules that would match the same traffic. Use caution when
specifying terminal rules.
"Configuring Attack Objects in IDP Rules" on page 469—The attacks you want IDP to
match in the monitored network traffic. Each attack is defined as an attack object,
which represents a known pattern of attack. Whenever this known pattern of attack
is encountered in the monitored network traffic, the attack object is matched. You can
add attack objects by category, operating system, severity, or individually.
Configuring Actions—The action you want IDP to take when the monitored traffic
matches the rule's attack objects. You can specify the action you want the device to
perform against the current connection (see "Defining Actions For IDP Rules" on
page 467) and future connections from the same source IP address (see "Choosing an
IP Action" on page 471).
"Configuring Notification in IDP Rules" on page 472—Disable or enable logging for the
IDP rule.
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
Need help?
Do you have a question about the NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1 and is the answer not in the manual?
Questions and answers