Table of Contents
Advertisement
Adding the Backdoor Rulebase
Defining a Match
Copyright © 2010, Juniper Networks, Inc.
Before you can configure a rule in the Backdoor rulebase, you need to add the Backdoor
rulebase to a security policy.
In the main navigation tree, select Policies. Open a security policy by double-clicking
1.
the policy name in the security policies window or click the policy name and then
select the Edit icon.
Click the Add icon in the upper right corner of the Security Policy window and select
2.
Add Backdoor Rulebase. The Backdoor rulebase tab appears.
Configure a backdoor rule by clicking the Add icon on the left side of the Security Policy
3.
window. A default backdoor rule appears. You can modify this rule as needed.
You specify the traffic you want to IDP to monitor for indications of backdoors. The Match
columns From Zone, Source, To Zone, Destination, and Service are required for all rules
in the Backdoor rulebase.
The following sections detail the Match columns of a backdoor rule.
Configuring Source and Destination Zones
You can select multiple zones for the source and destination, however these zones must
be available on the security devices on which you will install the policy. You can specify
" any" for the source or destination zones to monitor network traffic originating or destined
for any zone.
NOTE: You can create custom zones for some security devices. The list of
zones from which you can select source and destination zones includes the
predefined and custom zones that have been configured for all devices
managed by NSM. Therefore, you should only select zones that are applicable
for the device on which you will install the security policy.
Configuring Source and Destination Address Objects
In NSM, address objects are used to represent components on your network: hosts,
networks, servers, and so on. Typically, a server or other device on your network is the
destination IP for incoming attacks, and can sometimes be the source IP for interactive
attacks. You can specify "any" to monitor network traffic originating from any IPv4 address
and " AnyIPv6 " to monitor network traffic originating from any IPv6 address. You can
also negate the address objects listed in the Source or Destination column to specify all
sources or destinations except the excluded address object.
You can create address objects either before you create a backdoor rule or while creating
or editing an backdoor rule. To select or configure an address object, right-click either
the Source or Destination column of a rule and select Select Address. In the Select Source
Addresses dialog box, you can either select an already-created address object or click
the Add icon to create a new host, network, or group object.
Chapter 9: Configuring Security Policies
495
Advertisement
Table of Contents
