IDP Extended Package Configuration Overview
The Junos OS Intrusion Detection and Prevention (IDP) policy enables you to selectively enforce various attack detection and prevention techniques on network traffic passing through an IDP-enabled device. It allows you to define policy rules to match a section of traffic based on a zone, network, and application, and then take active or passive preventive actions on that traffic.
An IDP policy defines how your device handles the network traffic. It allows you to enforce various attack detection and prevention techniques on traffic traversing your network.
A policy is made up of rule bases, and each rule base contains a set of rules. You define rule parameters, such as traffic match conditions, action, and logging requirements, then add the rules to rule bases. After you create an IDP policy by adding rules in one or more rule bases, you can select that policy to be the active policy on your device.
To configure the IDP extended package (IPS-EP) perform the following steps:
Enable IPS in a security policy. See IDP Policy Rules and IDP Rule Bases.
Configure IDP policy rules, IDP rule bases, and IDP rule actions. See IDP Policy Rules and IDP Rule Bases.
Configure IDP custom signatures. See Understanding IDP Signature-Based Attacks.
Update the IDP signature database. See Updating the IDP Signature Database Overview.
When the IDP hits a resource limit, the default behavior is to ignore the flow and let the flow pass without inspection. To avoid this behavior, configure the
drop-on-limit
option. This command ensures IDP attack inspection of all traffic and does not allow any traffic without inspection.[edit] user@host# set security idp sensor-configuration flow drop-on-limit
Also, see IDP Sensor Configuration.