Table of Contents
Advertisement
Network and Security Manager Administration Guide
Adding the APE Rulebase to a Policy Using the Application Profiler
Defining Matches For APE Rules
484
NOTE: Policy updates include custom applications on the IDP devices with
application identification support, such as the ISG Series running ScreenOS
6.3 and IDP 5.0 or later.
From the Application Profiler view, you select from traffic flows to create corresponding
APE rules in the APE rulebase. When you configure a new APE rule, the APE rulebase is
automatically created.
NOTE: If you do not have appropriate access-control permission and you
attempt to create APE rules, the wizard returns an error message stating that
you do not have access to create rulebases.
To create APE rules for a policy from the Application Profiler:
From the Investigate panel, select Security Monitor > Profiler.
1.
Select a traffic flow (row) from the Application Profiler view and right-click on a
2.
column row.
Right-click on the traffic flow row.
3.
Select Create Application Rules > For Policies.
4.
The New Application Rules dialog box is displayed.
NOTE: If an APE rulebase is not already configured, the rulebase is
automatically configured when you add an APE rule to the security policy.
Select one or more policies to which you want to add application rules, and click Next.
5.
From the New Application Rules dialog box, configure one or more application rules.
6.
Click Next.
7.
Verify that the new rules have been correctly configured in the policy, and click Finish.
8.
When creating your APE rules, you must specify the type of network traffic that you want
IDP to monitor for applications.
The match columns From Zone, Source, To Zone, Destination, and Service are required
for all rules in the APE rulebase. If IDP encounters a match for the other Match columns
in an APE rule, no other rules in the rulebase are examined. .
The following sections describe the Match columns of an APE rule.
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
