[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

CLI Configuration

To download and use a predefined policy template:

  1. Download the script file templates.xml to the/var/db/idpd/sec-download/sub-download directory. This script file contains predefined IDP policy templates.
    user@host> request security idp security-package download policy-templates
  2. Copy the templates.xml file to the /var/db/scripts/commit directory and rename it to templates.xsl.
    user@host> request security idp security-package install policy-templates
  3. Enable the templates.xsl scripts file. At commit time, the JUNOS management process (mgd) looks in the /var/db/scripts/commit directory for scripts and runs the script against the candidate configuration database to ensure the configuration conforms to the rules dictated by the scripts.
    user@host# set system scripts commit file templates.xsl
  4. Commit the configuration. Committing the configuration saves the downloaded templates to the JUNOS configuration database and makes them available in the CLI at the [edit security idp idp-policy] hierarchy level.
  5. Display the list of downloaded templates.
    user@host#set security idp active-policy ? 
    Possible completions:
 <active policy> Set active policy
All_With_Logging     
  All_Without_Logging  
  DMZ_Services         
  DNS_Service          
  File_Server          
  Getting_Started      
  IDP_Default          
  Recommended          
  Web_Server
  6. Activate the predefined policy. The following statement specifies the Recommended predefined IDP policy as the active policy:
    user@host# set security idp active-policy Recommended
  7. Delete or deactivate the commit script file. By deleting the commit script file, you avoid the risk of overwriting modifications to the template when you commit the configuration. Run one of the following commands:
    user@host# delete system scripts commit file templates.xsl
    user@host# deactivate system scripts commit file templates.xsl
  8. If you are finished configuring the router, commit the configuration.
  9. You can verify the configuration by using the show security idp status command. For more information, see the JUNOS Software CLI Reference.
[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

[an error occurred while processing this directive]