EasyManua.ls Logo

Juniper Junos OS User Manual

Juniper Junos OS
158 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #83 background imageLoading...
Page #83 background image
Web_Server
idp-engine
13. Activate the predefined Recommended policy as the active policy.
[edit]
user@host# set security idp active-policy Recommended
14. Confirm the active policy enabled on your device.
[edit]
user@host>show security idp active-policy
active-policy Recommended;
15. Create a security policy for the traffic from the untrust zone to the DMZ zone. In this
step, you are creating an address set in the DMZ zone to group all HTTP server
addresses together. In this example, you are applying security policies that can be
used to inspect the traffic between the untrust zone and the DMZ zone.
NOTE: Keep in mind the following points:
Security policy on order on SRX Series device is important because
Junos OS performs a policy lookup starting from the top of the list,
and when the device finds a match for the traffic received, it stops
policy lookup.
The SRX Series device allows you to enable IDP processing on a
security policy on a rule-by-rule basis, instead of turning on IDP
inspection across the device.
A security policy identifies what traffic is to be sent to the IDP engine,
and then the IDP engine applies inspection based on the contents of
that traffic. Traffic that matches a security policy in which IDP is not
enabled completely bypasses IDP processing. Traffic that matches
a security policy marked for IDP processing is handed off to the IDP
engine.
[edit]
user@host# set security zones security-zone DMZ address-book address
Server-HTTP-1 192.168.2.2/24
user@host# set security zones security-zone DMZ address-book address
Server-HTTP-2 192.168.2.3/24
user@host# set security zones security-zone DMZ address-book address-set
DMZ-address-set-http address Server-HTTP-1
user@host# set security zones security-zone DMZ address-book address-set
DMZ-address-set-http address Server-HTTP-2
user@host# set security policies from-zone untrust to-zone DMZ policy P1 match
source-address any
user@host# set security policies from-zone untrust to-zone DMZ policy P1 match
destination-address DMZ-address-set-http
user@host# set security policies from-zone untrust to-zone DMZ policy P1 match
application junos-http
67Copyright © 2016, Juniper Networks, Inc.
Chapter 9: Configuring Intrusion Detection and Prevention for SRX Series

Table of Contents

Question and Answer IconNeed help?

Do you have a question about the Juniper Junos OS and is the answer not in the manual?

Juniper Junos OS Specifications

General IconGeneral
CategoryNetwork Operating System
Operating SystemJunos OS
TypeModular
Supported HardwareJuniper routers, switches, and security devices
ArchitectureModular
Configuration ModelHierarchical configuration
Automation SupportPython, Ansible, Puppet, Chef, REST API, NETCONF
High AvailabilityGraceful Routing Engine Switchover (GRES), Nonstop Active Routing (NSR)
Security FeaturesFirewall, VPN
Routing ProtocolsBGP, OSPF, IS-IS, RIP, MPLS
Switching ProtocolsVLAN, STP, RSTP, MSTP, LACP
Management InterfacesCLI, NETCONF, REST API, SNMP

Summary

Configuring an SRX Series Device for the First Time

Understanding Methods to Manage the Branch SRX Series

Explains various methods for configuring and monitoring SRX Series devices.

Mandatory Settings to Configure the Branch SRX Series

Lists essential configuration settings required for initial device setup.

Connecting the Branch SRX Series Through the Console Port for the First Time

Provides steps to connect the SRX Series device via the console port.

Configuring Internet Access for the Branch SRX Series

Details how to enable Internet access for the SRX Series device.

Configuring Security Zones and Policies for SRX Series

Understanding Security Zones and Policies for SRX Series

Explains how zones and policies control traffic flow in security policies.

Security Policy

Configuring NAT for SRX Series

Understanding NAT for SRX Series

Explains Network Address Translation (NAT) and its types supported on SRX Series.

Example: Configuring Destination NAT for SRX Series

Managing Licenses for SRX Series

Updating Licenses for a Branch SRX Series

Guides on installing and updating licenses for advanced SRX Series features.

Configuring UTM for Branch SRX Series

Understanding Unified Threat Management for Branch SRX Series

Introduces Unified Threat Management (UTM) for network security features.

Example: Configuring Unified Threat Management for a Branch SRX Series

Configuring Intrusion Detection and Prevention for SRX Series

Understanding Intrusion Detection and Prevention for SRX Series

Explains Intrusion Detection and Prevention (IDP) policies for network traffic.

Example: Configuring Intrusion Detection and Prevention for SRX Series

Operational Commands

show security flow session

show security nat destination summary

show security policies

show security zones

show system license (View)

show system services dhcp client

Related product manuals