Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX/J] Quick setup guide for setting up IDP policy on Junos devices

0

0

Article ID: KB15806 KB Last Updated: 20 Sep 2016Version: 6.0
Summary:

This article explains how to setup an IDP policy on a new SRX firewall (any model), including an example that looks for all HTTP related attacks.

Solution:

Take the steps below to configure an IDP policy on a brand new SRX firewall.

Note: For additional information on configuring and troubleshooting IDP, refer to KB16561-SRX Getting Started - Configure and Troubleshoot IDP on SRX.
  1. Login to the SRX firewall via CLI as admin user.

  2. Download the latest signature DB from the CLI by running the following command (make sure the firewall is setup with a valid DNS server IP address as the download of signature DB requires name lookup)

    CLI> request security idp security-package download full-update   
    CLI> request security idp security-package download status
      (This command verifies the download status)

  3. Install the signature DB on to the control and data-plane by running the command:

    CLI>request security idp security-package install
    CLI>request security idp security-package install status
    (This command verifies the install status)

  4. Run the following commands to setup the IDP policy in configuration edit mode.

    [edit]
    #set security idp idp-policy HTTP-INSPECTION rulebase-ips rule 1 match attacks predefined-attack-groups "HTTP"

         (policy name: HTTP-INSPECTION, inspecting all HTTP signatures for any SRC and any DST)
    [edit]
    #set security idp idp-policy HTTP-INSPECTION rulebase-ips rule 1 then action recommended     

          (This command defines the action as recommended for any attack detected)
    [edit]
    #set security idp idp-policy HTTP-INSPECTION rulebase-ips rule 1 then notification   
         
         (This command defines notification to be sent out in case an attack is detected)

  5. Now the newly defined IDP policy needs to be setup as the active IDP policy.  Run the following command:

    [edit]
    #set security idp active-policy HTTP-INSPECTION

  6. Commit the changes to load the policy.

    [edit]
    #commit

  7. Once configuration is committed, IDP policy load takes a few minutes depending on how many signature groups are included in the policy. The following command can be executed on the CLI to verify if the policy is loaded:

    CLI>show security idp status


  8. Enable IDP in a security policy:

    [edit]
    # set security policies from-zone untrust to-zone trust policy untrust-to-trust match source-address any
    [edit]
    # set security policies from-zone untrust to-zone trust policy untrust-to-trust match destination-address any
    [edit]
    # set security policies from-zone untrust to-zone trust policy untrust-to-trust match application any
    [edit]
    # set security policies from-zone untrust to-zone trust policy untrust-to-trust then permit application-services idp


  9. When traffic hitting the configured policy is generated, detected attacks can be listed by running the following command on the CLI:

    CLI>show security idp attack table

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search