Configuring Antispam Rules; Configuring Idp Rules - Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1 Administration Manual

Network and Security Manager Administration Guide

Configuring Antispam Rules

Configuring IDP Rules

468
Use Scan Manager—Tells the device to use the settings on the device, instead of a
profile. Necessary for ScreenOS 5.0-5.2.
Use Scan Manager with Profile—Tells the device to use the indicated antivirus profile.
Necessary for ScreenOS 5.3 and later.
Use ICAP Profile—Tells the device to use the indicted ICAP AV profile. Available
with ScreenOS 5.4 and later.
Antispam settings are stored in profiles. Initially, NSM will have only one antispam profile
available: ns-profile.
To assign an antispam profile to a policy, do the following:
Double-click the Rule Options cell in a rule.
1.
In the Configure Options dialog, click the Antispam tab.
2.
Check the Enable Antispam profile check box.
3.
Select ns-profile in the Profile Name pull-down menu.
4.
Click OK.
5.
The IDP rulebase protects your network from attacks by using attack objects to identify
malicious activity and take action. Creating an IDP rule involves the following steps:
"Defining Match for Firewall Rules" on page 449 (does not apply to rulebases for
standalone IDP Sensors) —The type of network traffic you want IDP to monitor for
attacks, such as source/destination zones, source/destination address objects, and
the application layer protocols (services) supported by the destination address object.
You can also negate zones, address objects, or services.
Standalone IDP Senors do not use firewall rules.
"Configuring Terminal IDP Rules" on page 472—By default, rules in the IDP rulebase are
non-terminal, meaning that IDP examines all rules in the rulebase and all matches are
executed. You can specify that a rule is terminal; if IDP encounters a match for the
source, destination, and service specified in a terminal rule, it does not examine any
subsequent rules for that connection. Note that the traffic does not need to match the
attacks specified in the terminal rule. Terminal rules should appear near the top of the
rulebase, before other rules that would match the same traffic. Use caution when
specifying terminal rules.
"Configuring Attack Objects in IDP Rules" on page 475—The attacks you want IDP to
match in the monitored network traffic. Each attack is defined as an attack object,
which represents a known pattern of attack. Whenever this known pattern of attack
is encountered in the monitored network traffic, the attack object is matched. You can
add attack objects by category, operating system, severity, or individually.
Copyright © 2010, Juniper Networks, Inc.