Defining Match For Idp Rules; Configuring Source And Destination Zones For Idp Rules (Does Not Apply To Standalone Idp Sensor Rulebases); Configuring Source And Destination Address Objects For Idp Rules - Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1 Administration Manual
Table of Contents
Advertisement
Defining Match For IDP Rules
Copyright © 2010, Juniper Networks, Inc.
Configuring Actions—The action you want IDP to take when the monitored traffic
matches the rule's attack objects. You can specify the action you want the device to
perform against the current connection (see "Defining Actions For IDP Rules" on
page 473) and future connections from the same source IP address (see "Choosing an
IP Action" on page 478).
"Configuring Notification in IDP Rules" on page 479—Disable or enable logging for the
IDP rule.
The following sections detail each step.
When creating your IDP rules, you must specify the type of network traffic that you want
IDP to monitor for attacks. These characteristics include the network components that
originate and receive the traffic, and the firewall zones the traffic passes through.
You must specify the From Zone, Source, User Role, To Zone, Destination, and Service
in their respective Match columns for all rules in the IDP rulebase. The Terminate Match
selection allows you to designate a rule as terminal; if IDP encounters a match for the
other Match columns in a terminal rule, no other rules in the rulebase are examined. The
matching traffic does not need to match the attacks specified in a terminal rule. (For
more information on terminal rules, see "Configuring Terminal IDP Rules" on page 472.
The following sections detail the Match columns of an IDP rule.
Configuring Source and Destination Zones for IDP Rules (Does not apply to
Standalone IDP Sensor rulebases)
You can select multiple zones for the source and destination, however these zones must
be available on the security devices on which you will install the policy. You can specify
"any" for the source or destination zones to monitor network traffic originating or destined
for any zone.
For standalone IDP rulebases, the zones are always set to "any."
NOTE: You can create custom zones for some security devices. The list of
zones from which you can select source and destination zones includes the
predefined and custom zones that have been configured for all devices
managed by NSM. Therefore, you should only select zones that are applicable
for the device on which you will install the security policy.
Configuring Source and Destination Address Objects for IDP Rules
In the NSM system, address objects are used to represent components on your network:
hosts, networks, servers, etc. Typically, a server or other device on your network is the
destination IP for incoming attacks, and can sometimes be the source IP for interactive
attacks (see "Configuring Backdoor Rules" on page 494 for more information on interactive
attacks). You can specify " any" to monitor network traffic originating from any IPv4
address and " AnyIPv6 " to monitor network traffic originating from any IPv6 address.
Chapter 9: Configuring Security Policies
469
Advertisement
Table of Contents
Need help?
Do you have a question about the NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1 and is the answer not in the manual?
Questions and answers