Knowledge Base
Search our Knowledge Base sites to find answers to your questions.
Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articlesJuniper updating built-in IDP policy templates in attackDB update
PSN - Product Support Notification
Product Affected:Alert Description:
Solution:
This update will add new IDP policy templates to NSM and Junos Space.
The update will not change any existing IDP policies or templates that may be in use.
The purpose of the addition is to provide clarity concerning recommended policies.
The update also introduces templates specific to basic and high-memory devices.
A future update may remove the old default templates.
Prior to removing any templates, Juniper would issue notice.
These new IDP policy templates are not compatible with NSM 2007.3.
The templates will be added but the IDP policy rulebase will be empty.
Existing templates will continue to function normally.
If using NSM 2007.3, please consider upgrading as NSM 2007.3 is end of engineering support as of 06/30/2012.
Implementation:The update will not change any existing IDP policies or templates that may be in use.
The purpose of the addition is to provide clarity concerning recommended policies.
The update also introduces templates specific to basic and high-memory devices.
A future update may remove the old default templates.
Prior to removing any templates, Juniper would issue notice.
These new IDP policy templates are not compatible with NSM 2007.3.
The templates will be added but the IDP policy rulebase will be empty.
Existing templates will continue to function normally.
If using NSM 2007.3, please consider upgrading as NSM 2007.3 is end of engineering support as of 06/30/2012.
Example of existing policy template:
| dmz_services: | Designed to protect a typical DMZ environment |
| file_server: | Designed to provide protection to various file sharing services such as AMB, NFS, FTP and others. |
Example of new policy template:
| Client-And-Server-Protection: | Designed to protect both clients and servers. To be used on high memory devices with 2GB or more of memory. |
| Client-And-Server-Protection-1G: | Designed to protect both clients and servers. To be used on all devices including branch devices with reduced memory. |
| Client-Protection: | Designed to protect clients. To be used on high memory devices with 2GB or more of memory. |
| Client-Protection-1G: | Designed to protect clients. To be used on all devices including branch devices with reduced memory. |
| Server-Protection: | Designed to protect servers. To be used on high memory devices with 2GB or more of memory. |
| Server-Protection-1G: | Designed to protect servers. To be used on all devices including branch devices with reduced memory. |
Example screenshots show Junos Space and NSM policy templates before and after.
NSM - Before:
NSM - After:
Junos Space Security Director - Before:
Junos Space Security Director - After:
Getting Up and Running with Junos
Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search