About the Sensor Page
You are here: Security Services > IPS > Sensor.
You can configure sensor settings to limit the number of sessions running application identification and also to limit memory usage for application identification.
Field Descriptions
Table 1 describes the fields on the Sensor page.
Field |
Description |
|---|---|
| Basic Settings | Select to configure basic IPS sensor settings. |
| IDP Protection Mode | |
Protection Mode |
Select an option to specify the inspection parameters for efficient inspection of traffic in the device. The options available are:
|
| Intelligent Inspection | |
IDP By Pass |
Enable or disable the IDP Intelligent Bypass option. |
IDP By Pass CPU Threshold |
Enter the threshold value. Range: 0 through 99. Default value: 85. |
IDP By Pass CPU Tolerance |
Enter the CPU tolerance value. Range: 1 through 99. Default value: 5. |
Intelligent Inspection |
Enable or disable this option. If you enable this option, enter the following details:
|
Memory Lower Threshold |
Enter the memory lower threshold limit percentage. Range: 1 through 100. |
Memory Upper Threshold |
Enter the memory upper threshold limit percentage. Range: 1 through 100. |
| Flow | |
Drop On Limit |
Enable this option to specify the dropped connections on exceeding resource limits. |
Drop On Failover |
Enable this option to specify the dropped traffic on HA failover sessions. |
Drop If No Policy Loaded |
Enable this option to specify all the dropped traffic till IDP policy gets loaded. |
| Packet Log Note:
Starting in Junos OS Release 19.2R1, Packet Log configuration is available. |
|
IP Address |
Enter the IP address of the destination host to send packet log. |
Port |
Enter the UDP port number. Range: 0 through 65535. |
Source Address |
Enter the source IP address used to transport packet log to a host. |
| Advanced Settings | |
| IDP Flow | |
Log Errors |
Enable this option to specify if the flow errors have to be logged. Select an option from the list. |
Flow FIFO Max Size |
Enter a value to specify the maximum FIFO size. Range: : 1 through 65535. Default value is 1. |
Hash Table Size |
Enter a value to specify the hash table size. Range: 1024 through 1,000,000. Default value is 1024. |
Max Timers Poll Ticks |
Enter a value to specify the maximum amount of time at which the timer ticks at a regular interval. Range: 0 through 1000 ticks. Default value is 1000 ticks. |
Reject Timeout |
Enter a value to specify the amount of time in milliseconds within which a response must be received. Range: 1 through 65,535 seconds. Default value is 300 seconds. |
| Global | |
Enable All Qmodules |
Select an option from the list to specify all the qmodules of the global rulebase IDP security policy are enabled. |
Enable Packet Pool |
Select an option from the list to specify the packet pool is enabled to be used when the current pool is exhausted. |
Policy Lookup Cache |
Select an option from the list to specify the cache is enabled to accelerate IDP policy lookup. |
Memory Limit Percent |
Enter a value to specify the limit IDP memory usage at this percent of available memory. Range: 10 through 90 percent. |
HTTP X-Forwarded |
When you enable this option, during traffic flow, IDP saves the source IP addresses (IPv4 or IPv6) from the contexts of HTTP traffic, and displays it in the attack logs. Note:
Starting in Junos OS Release 20.2R1, HTTP X-Forwarded option is supported. |
| IPS | |
Detect Shellcode |
Select an option from the list to specify if shellcode detection has to be applied. |
Ignore Regular Expression |
Select an option from the list to specify if the sensor has to bypass DFA and PCRE matching. |
Process Ignore Server-to-Client |
Select an option from the list to specify if the sensor has to bypass IPS processing for server-to-client flows. |
Process Override |
Select an option from the list to specify if the sensor has to execute protocol decoders even without an IDP policy. |
Process Port |
Enter an integer to specify a port on which the sensor executes protocol decoders. Range: 0 through 65535. |
IPS FIFO Max Size |
Enter an integer to specify the maximum allocated size of the IPS FIFO. Range: 1 through 65535. |
Minimum Log Supercade |
Enter an integer to specify the minimum number of logs to trigger the signature hierarchy feature. Range: 0 through 65535. |
| Log | |
Cache Size |
Enter a value to specify the size in bytes for each user’s log cache. |
Disable Suppression |
Enable this option to specify if the log suppression has to be disabled. |
Include Destination Address |
Select an option from the list to specify if combine log records for events with a matching source address. |
Max Logs Operate |
Enter a value to specify the maximum number of logs on which log suppression can operate. Range is 255 through 65536. |
Max Time Report |
Enter a value to specify the time (seconds) after which suppressed logs will be reported. IDP reports suppressed logs after 5 seconds by default. |
Start Log |
Enter a value to specify the number of log occurrences after which log suppression begins. Log suppression begins with the first occurrence by default. Range is 1 through 128. |
| Reassembler | |
Ignore Memory Overflow |
Select an option from the list to specify if the user has to allow per-flow memory to go out of limit. |
Ignore Reassembly Memory Overflow |
Select an option from the list to specify if the user has to allow per-flow reassembly memory to go out of limit. |
Ignore Reassembly Overflow |
Enable this option to specify the TCP reassembler to ignore the global reassembly overflow to prevent the dropping of application traffic. |
Max Flow Memory |
Enter an integer to specify the maximum per-flow memory for TCP reassembly in kilobytes. Range: 64 through 4,294,967,295 kilobytes. |
Max Packet Memory |
Enter an integer to specify the maximum packet memory for TCP reassembly in kilobytes. Range: 64 through 4,294,967,295 kilobytes |
Max Synacks Queued |
Enter an integer to specify the maximum limit for queuing Syn/Ack packets with different SEQ numbers. Range: 0 through 5 |
| Packet Log | |
Max Sessions |
Enter an integer to specify the maximum number of sessions actively conducting pre-attack packet captures on a device at one time. Range: 1 through 100 percent |
Total Memory |
Enter an integer to specify the maximum amount of memory to be allocated to packet capture for the device. Range: 1 through 100 percent |
| Detectors | Click + and enter the following fields. |
Protocol |
Select the name of the protocol from the list to enable or disable the detector. |
Tunable Name |
Select the name of the specific tunable parameter from the list to enable or disable the protocol detector for each of the services. |
Tunable Value |
Enter the protocol value of the specific tunable parameter to enable or disable the protocol detector for each of the services. Range: 0 to 4294967295 |
Change History Table
Feature support is determined by the platform and release you are using. Use Feature Explorer to determine if a feature is supported on your platform.