CLI Configuration

To enable IDP in a security policy:

1. Create a security policy and specify the match conditions for the traffic flowing in one direction. The following statement creates a policy idp-app-policy-1 and specifies that traffic from any source address, to any destination address and with any application type, matches the criteria for this policy:

   user@host# set security policies from-zone Zone1 to-zone Zone2 policy idp-app-policy-1 match source-address any destination-address any application any

2. Specify the action to be taken on traffic that matches the specified conditions. The following statement permits all traffic matching the specified criteria and directs it to be checked against IDP rulebases:

   user@host# set security policies from-zone Zone1 to-zone Zone2 policy idp-app-policy-1 then permit application-services idp

3. Create a security policy and specify the match conditions for the traffic flowing in the other direction. The following statement creates a policy idp-app-policy-2 and specifies that traffic from any source, to any destination with any application type, matches the criteria for this policy:

   user@host# set security policies from-zone Zone2 to-zone Zone1 policy idp-app-policy-2 match source-address any destination-address any application any

4. Specify the action to be taken on traffic that matches the conditions specified in the policy. The following statement permits all traffic matching the specified criteria and directs it to be checked against IDP rulebases:

   user@host# set security policies from-zone Zone2 to-zone Zone1 policy idp-app-policy-2 then permit application-services idp

5. If you are finished configuring the router, commit the configuration.
6. You can verify the configuration by using the show security policies command. For more information, see the JUNOS Software CLI Reference.