Table of Contents
Advertisement
Copyright © 2010, Juniper Networks, Inc.
Configuring Applications for APE Rules
You can select one or more applications to monitor network traffic originating from or
destined for any application.
To select or configure an application, right-click the Application column of a rule and
1.
select Select Application. The Select Application dialog box is displayed.
From the Select Application dialog box, check the check box next to each predefined
2.
or custom application that you wish to add.
Configuring Source and Destination Zones for APE Rules (Does not Apply to
Standalone IDP Sensor Rulebases)
You can select multiple zones for the source and destination. However, these zones must
be available on the security devices on which you will install the policy. You can specify
"any" for the source or destination zones to monitor network traffic originating or destined
for any zone.
NOTE: You can create custom zones for some security devices. The list of
zones from which you can select source and destination zones includes the
predefined and custom zones that have been configured for all devices
managed by NSM. Therefore, you should only select zones that are applicable
for the device on which you will install the security policy.
Configuring Source and Destination Address Objects for APE Rules
In the NSM system, address objects are used to represent components on your network:
hosts, networks, servers, and so on. Typically, a server or other device on your network is
the destination IP for incoming attacks, and can sometimes be the source IP for interactive
attacks (see "Configuring Backdoor Rules" on page 494 for more information on interactive
attacks). You can specify "any" to monitor network traffic originating from any IP address.
You can also "negate" the address objects listed in the Source or Destination column to
specify all sources or destinations except the excluded objects.
You can create address objects either before you create an APE rule or while creating or
editing an APE rule. To select or configure an address object, right-click either the Source
or Destination column of a rule and select Select Address. In the Select Source Addresses
dialog box, you can either select an already created address object or click the Add icon
to create a new host, network, or group object.
NOTE: You can select either a user role or a source IP address for the APE
rule, but not both.
To detect incoming attacks that target your internal network, set the From Zone to
Untrust, and the Source IP to any IP. Then set the To Zone to dmz and trust. Next, select
the address object that represents the host or server you want to protect from attacks
as the Destination IP.
Chapter 9: Configuring Security Policies
485
Advertisement
Table of Contents
