Using Attack Objects Overview - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01 Manual
Configuring screenos devices guide
Hide thumbs
Also See for NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01:
- Manual (340 pages) ,
- Administration manual (1026 pages) ,
- Installation manual (244 pages)
Table of Contents
Advertisement
Related
Documentation
Using Attack Objects Overview
Copyright © 2010, Juniper Networks, Inc.
To use the predefined attack objects, create a DI Profile object that references specific
attack object groups and configure a firewall rule to use that profile object.
To configure the attack object database:
Specify the URL of the attack object database server. NSM downloads the latest version
of the attack object database from
https://services.netscreen.com/restricted/sigupdates.
When you update the attack object database for a device running ScreenOS 5.0.x
or later, the device connects to this URL and downloads the latest database version.
When you update the attack object database for a device running ScreenOS 5.1 and
later, the management system automatically connects to the URL specified in the
UI Preferences and downloads the new database version to the GUI server. ScreenOS
5.1 and later devices do not contact the Attack Object Database server URL directly.
You can update the DI patterns from a proxy server (ScreenOS 6.2 devices or later).
This update does not require Internet connectivity and is done offline. You cannot
configure an HTTPs proxy, because you cannot cache an HTTPs proxy. You can
update the DI patterns only if you have disabled the deep inspection package
selection.
Specify the mode for checking and updating the database (ScreenOS 5.0 devices
only):
Notification—Checks the attack object update server at specified times and notifies
you if the database on the server is more recent than the database on the security
device.
Update—Checks the attack object update server at specified times and automatically
updates the database on the device if the database on the attack object update
server is more recent.
Specify the schedule (daily, weekly, or monthly) on which the security device checks
the attack object update server.
You can also direct a security device to update its attack object database immediately,
either from the attack object update server (ScreenOS 5.0 devices) or the NSM GUI
server (ScreenOS 5.1 and later devices). For more information, see the " Managing Devices"
section of the Network and Security Manager Administration Guide.
Using Attack Objects Overview on page 185
Antispam Settings in ScreenOS Overview on page 186
Classification of Deep Inspection Methods on page 183
Occasionally, an attack object produces false positives when included in a security policy
for your network. You can remove the attack from the firewall rule by removing the attack
object group to which the attack belongs or by disabling the individual attack object at
Chapter 6: Security
185
Advertisement
Table of Contents
Need help?
Do you have a question about the NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01 and is the answer not in the manual?