Juniper to change built-in IDP policy templates in attackDB update on May 27th, 2014.
This update will add new IDP policy templates to NSM and Junos Space.
The update will not change any existing IDP policies or templates that may be in use.
The purpose of the addition is to provide clarity concerning recommended policies.
The update also introduces templates specific to basic and high-memory devices.
A future update may remove the old default templates.
Prior to removing any templates, Juniper would issue notice.
These new IDP policy templates are not compatible with NSM 2007.3.
The templates will be added but the IDP policy rulebase will be empty.
Existing templates will continue to function normally.
If using NSM 2007.3, please consider upgrading as NSM 2007.3 is
end of engineering support as of 06/30/2012.
Example of existing policy template:
dmz_services: | Designed to protect a typical DMZ environment |
file_server: | Designed to provide protection to various file sharing services such as AMB, NFS, FTP and others. |
Example of new policy template:
Client-And-Server-Protection: | Designed to protect both clients and servers. To be used on high memory devices with 2GB or more of memory. |
Client-And-Server-Protection-1G: | Designed to protect both clients and servers. To be used on all devices including branch devices with reduced memory. |
Client-Protection: | Designed to protect clients. To be used on high memory devices with 2GB or more of memory. |
Client-Protection-1G: | Designed to protect clients. To be used on all devices including branch devices with reduced memory. |
Server-Protection: | Designed to protect servers. To be used on high memory devices with 2GB or more of memory. |
Server-Protection-1G: | Designed to protect servers. To be used on all devices including branch devices with reduced memory. |
Example screenshots show Junos Space and NSM policy templates before and after.
NSM - Before:
NSM - After:
Junos Space Security Director - Before:

Junos Space Security Director - After:
