Table of Contents
Advertisement
Network and Security Manager Administration Guide
48
To update the IDP and DI attack object databases on the NSM GUI Server:
Select Tools > View/Update NSM Attack Database to open the Attack Update
1.
Manager wizard,
Follow the instructions in the Attack Update Manager wizard to download the new
2.
Signature and Protocol Anomaly attack objects to the NSM GUI Server. The
management system contacts the server and downloads the latest database version
to the GUI Server.
After you have updated the attack object database on the GUI Server, you can use that
database to update the attack object database on your managed devices.
IDP attack objects are loaded onto IDP-capable devices with the IDP rulebase.
To load a new detector engine onto an IDP-capable device:
From the Device Manager launch pad, select Security Updates > Update ScreenOS
1.
Device Detector or Update Junos Device Detector.
Click Next, then select the devices on which you want to load the detector engine.
2.
Click Finish.
3.
To download the DI attack object database update to your DI-capable devices:
From the Device Manager launch pad, select Update Device Attack Database to
1.
open the Change Device Sigpack wizard.
Follow the directions in the Change Device Sigpack wizard to update the attack
2.
object database on the selected managed devices.
Adding Objects (Optional)
Create address objects for the network components you want to protect with IDP. These
components can be routers, servers, workstations, subnetworks, or any other object
connected to your network. You can also create address object groups, which represent
multiple address objects. (If you have previously created network objects for use with
your devices, you do not need to create them again.)
For more information about creating address objects, see "Configuring Address Objects"
on page 322.
For more information about adding address object for standalone IDP sensors, see the
IDP Concepts & Examples Guide.
Configuring a Security Policy for IDP
Because the security module on the device processes traffic after the firewall/VPN
management module, you must configure a firewall rule to pass permitted traffic to the
IDP rulebases. Enabling IDP functionality in a security policy is a two-step process: first
enable a firewall rule to pass permitted traffic to the IDP rulebases, then create the IDP
rules that detect and prevent malicious traffic from entering your network.
When creating a new security policy for your IDP deployment, we highly recommend you
use a security policy template. Each security policy template contains the IDP rulebase
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
