Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Juniper updating built-in IDP policy templates in attackDB update

0

0

Article ID: TSB16412 TECHNICAL_BULLETINS Last Updated: 27 May 2014Version: 4.0
Alert Type:
PSN - Product Support Notification
Product Affected:
Security Director, IDP, Network and Security Manager
Alert Description:
Juniper to change built-in IDP policy templates in attackDB update on May 27th, 2014.

Solution:
This update will add new IDP policy templates to NSM and Junos Space.   
The update will not change any existing IDP policies or templates that may be in use.

The purpose of the addition is to provide clarity concerning recommended policies.
The update also introduces templates specific to basic and high-memory devices.

A future update may remove the old default templates.
Prior to removing any templates, Juniper would issue notice.

These new IDP policy templates are not compatible with NSM 2007.3.  
The templates will be added but the IDP policy rulebase will be empty.
Existing templates will continue to function normally.
If using NSM 2007.3, please consider upgrading as NSM 2007.3 is end of engineering support as of 06/30/2012.


Example of existing policy template:

dmz_services: Designed to protect a typical DMZ environment
file_server: Designed to provide protection to various file sharing services such as AMB, NFS, FTP and others.


Example of new policy template:

Client-And-Server-Protection: Designed to protect both clients and servers.  
To be used on high memory devices with 2GB or more of memory.
Client-And-Server-Protection-1G: Designed to protect both clients and servers.   
To be used on all devices including branch devices with reduced memory.
Client-Protection: Designed to protect clients.  
To be used on high memory devices with 2GB or more of memory.
Client-Protection-1G: Designed to protect clients.  
To be used on all devices including branch devices with reduced memory.
Server-Protection: Designed to protect servers.  
To be used on high memory devices with 2GB or more of memory.
Server-Protection-1G: Designed to protect servers.  
To be used on all devices including branch devices with reduced memory.


Example screenshots show Junos Space and NSM policy templates before and after.

NSM - Before:



NSM - After:



Junos Space Security Director -  Before:

Space_Before


Junos Space Security Director - After:

Space_After


Implementation:

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search