Table of Contents
Advertisement
About IDP Rulebases on Standalone IDP Sensors
Copyright © 2010, Juniper Networks, Inc.
NOTE: If you configure a J Series router to be managed in central manager
mode and you select an IDP rulebase rule and specify an IP address for the
source and destination instead of "any," the rule policy is not be pushed to
the router.
When configuring IDP in a firewall rule, consider the following:
The firewall action must be permit. You cannot enable IDP for traffic that the security
device denies or rejects.
Only traffic that is permitted by the firewall rule is passed to the IDP rulebases. The
security device does not forward denied traffic to IDP rulebases.
You cannot configure deep inspection (DI) for the rule; when you install the IDP license
on an ISG2000 or ISG1000 device running ScreenOS 5.0–IDP and later, DI is
automatically disabled on the device.
NOTE: The Attack Profile Settings only apply to the DI feature on security
devices.
To enable IDP in a firewall rule, right-click in the Rule Options column for the zone or
global firewall rule and select DI Profile/Enable IDP. The DI Profile/Enable IDP dialog
box appears (by default, IDP is disabled). Select Enabled to enable IDP for traffic that
matches the firewall rule, then select the mode in which you want IDP to operate:
In inline mode, which is the default, IDP is directly in the path of traffic on your network
and can detect and block attacks. For example, you can deploy the device with
integrated Firewall/VPN/IDP capabilities between the Internet and an enterprise LAN,
WAN, or special zones such as DMZ. This is the default mode.
In inline tap mode, IDP receives a copy of a packet while the original packet is forwarded
on the network. IDP examines the copy of the packet and flags any potential problems.
IDP's inspection of packets does not affect the forwarding of the packet on the network.
Standalone IDP Sensors only support IDP-specific rulebases—not firewall rulebases. You
do not need to direct traffic to the IDP rulebases; all traffic passing through a standalone
IDP Sensor is automatically examined for IDP-related issues.
You must configure the Sensor directly to operate in inline or sensor mode. Refer to the
IDP Installer's Guide for configuration procedures.
In inline mode, a Sensor is directly in the path of traffic on your network and can detect
and block attacks. For example, you can deploy the Sensor between the Internet and
an enterprise LAN, WAN, or special zones such as DMZ.
In sensor mode, a Sensor receives a copy of a packet while the original packet is
forwarded on the network. The Sensor examines the copy of the packet and flags any
Chapter 9: Configuring Security Policies
443
Advertisement
Table of Contents
