Table of Contents
Advertisement
Network and Security Manager Administration Guide
Configuring IP Actions in APE Rules
488
Table 45: APE Rule Actions (continued)
Action
Description
Rate Limiting
IDP enforces a rate limit for all current sessions that match the rule. If
the limit has not been reached, the IDP appliance forwards the packets.
If the limit has been reached, the IDP appliance behaves as if bandwidth
is unavailable; it drops packets until the aggregate bandwidth falls
below the limit. When the IDP appliance drops packets, the TCP or
UDP endpoints identify the packet loss and slow down the transmission
rate.
Specify rate limits depending on the bandwidth for your links. If you
have a 1 Gbps link, and want no more than 10% available to
peer-to-peer traffic, the sum of the rate limits you specify for all
peer-to-peer rules should be less than 102.4 Mbps (in each direction).
You configure separate rate limits for client-to-server and
server-to-client directions. For peer-to-peer traffic, we recommend
you set the same rate for each direction.
NOTE: For TFTP traffic, all traffic is counted as client-to-server traffic.
A TFTP server responds to get requests by establishing an ephemeral
port from which to send the reply. In this case, both directions appear
to the IDP appliance as client-to-server flows. We recommend you set
the same rate for each direction.
This column only appears when you view the security policy in Expanded Mode. To change
the security policy view from Compact Mode to Expanded Mode, from the menu bar,
select View > Expanded Mode.
If the current network traffic matches a rule, the security device can perform an IP action
against future network traffic that uses the same IP address. IP actions are similar to
other actions; they direct the device to drop or close the connection. However, because
you now also have the attacker's IP address, you can choose to block the attacker for a
specified amount of time. If attackers cannot immediately regain a connection to your
network, they might try to attack easier targets.
Use IP actions in conjunction with actions and logging to secure your network. In a rule,
first configure an action to detect and prevent current malicious connections from reaching
your address objects. Then right-click in the IP Action column of the rule and select
Configure. Enable and configure an IP action to prevent future malicious connections
from the attacker's IP address.
Choosing an IP Action
For each IP action option, an IP action is generated by NSM. The IP action instructs the
security device to perform the specified task. Select from the following options:
IDP Notify—The security device does not take any action against future traffic, but logs
the event. This is the default.
IDP Drop—The security device drops the matching connection and blocks future
connections that match the criteria set in the Block list.
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
