Table of Contents
Advertisement
Defining Actions For IDP Rules
Copyright © 2010, Juniper Networks, Inc.
attack is an e-mail that uses the SMTP context Confidential. Rule 6 closes the server
when the attack is an SMTP attack.
Rule 5 terminates the match algorithm when the source is the Internal Network and
the attack is a Critical, High, or Medium Trojan Backdoor. The rule ensures that IDP
closes both the client and server and does not continue to match the connection.
You can define actions for the security device to perform against attacks that match
rules in your security policy. For each attack that matches a rule, you can choose to either
take action on the packet containing the attack (permit or drop packet) or take action
on the connection or session (permit, ignore, drop or close connection). Refer Table 43
on page 467 for details.
Remember, that the device can drop the packet containing the attack only when IDP is
enabled in the inline mode.
When IDP is enabled in the inline tap mode on ISG-IDP devices, and the action defined
is drop packet or drop connection, IDP causes the firewall to drop the session upon
detection of an attack. However, it cannot prevent the attack packet from reaching its
destination because in the inline tap mode, the IDP only receives a copy of the packet
while the original packet is sent to its destination.
When standalone IDP sensors are deployed in the inline tap or sniffer mode, IDP cannot
perform a drop action and there is no disruption to the session carrying attack traffic.
Table 43 on page 467 lists actions for IDP rules:
Table 43: IDP Rule Actions
Action
Description
None
IDP inspects for attacks but takes no action against the connection if
an attack is found. If a rule that contains an action None is matched,
the corresponding log record displays accept in the action column of
the Log Viewer.
Ignore
IDP completely ignores the session if the rule does not specify an
attack. If an attack is specified in the rule, IDP inspects the session and
generates a log for the first attack detected. Subsequently, IDP ignores
the rest of that session and neither inspects the session for attacks
nor generates attack logs. Use with caution.
Chapter 9: Configuring Security Policies
467
Advertisement
Table of Contents
Subscribe to Our Youtube Channel
Related Manuals for Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
Related Products for Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - API GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING J SERIES SERVICES ROUTERS AND SRX SERIES SERVICES GATEWAYS GUIDE REV
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - NSMXPRESS SERIES II REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - M-SERIES AND MX-SERIES DEVICES GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.2
- Juniper MEDIA FLOW MANAGER 2.0.2 - ADMINISTRATOR S GUIDE AND CLI
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CATEGORY OFFENSE INVESTIGATION GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT ADMINISTRATION GUIDE REV 1
- Juniper MEDIA FLOW CONTROLLER 2.0.5
- Juniper 200 Series
Need help?
Do you have a question about the NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1 and is the answer not in the manual?
Questions and answers