- idp-policy policy-name {
-
- rulebase-exempt {
-
- rule
rule-name {
- description text ;
-
- match {
-
- attacks {
- custom-attacks [ attack-name
];
- predefined-attack-groups
[ attack-name ];
- predefined-attacks [ attack-name
];
- }
- destination-address [ address-name
];
- destination-except [ address-name
];
- from-zone zone-name
;
- source-address [ address-name
];
- source-except [ address-name
];
- to-zone
zone-name ;
- }
- }
- }
-
- rulebase-ips {
-
- rule
rule-name {
- description text ;
-
- match {
-
- attacks {
- custom-attacks [ attack-name
];
- predefined-attack-groups
[ attack-name ];
- predefined-attacks [ attack-name
];
- }
- destination-address [ address-name
];
- destination-except [ address-name
];
- from-zone zone-name
;
- source-address [ address-name
];
- source-except [ address-name
];
- to-zone
zone-name ;
- }
- terminal;
-
- then {
-
- action {
- (close-client | close-client-and-server
| close-server |
- drop-connection | drop-packet
| ignore-connection |
- mark-diffserv value
| no-action | recommended);
- }
-
- ip-action {
- (ip-block | ip-close | ip-notify);
- log;
- target (destination-address
| service | source-address |
- source-zone | zone-service);
- timeout seconds;
- }
-
- notification {
-
- log-attacks {
- alert;(
- }
- }
- severity (critical | info
| major | minor | warning);
- }
- }
- }
- }
- [edit security idp]
Statement introduced in Release 9.2 of JUNOS software.
Configure a security IDP policy.
This statement is supported on SRX-series devices.
policy-name —Name of the IDP policy.
The remaining statements are explained separately.
For configuration instructions and examples, see the JUNOS Software Security Configuration Guide.
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.