IDP 75, 250, 800, and 8200 Installation Guide
2
IDP Configuration Basics
8.
Add the sensor as an object in NSM using the Add Device wizard. Select
Device
Manager > Security Devices
from the left navigational pane, and then click
the
+
button. See “Adding Your Sensor to NSM” on page 29. The Add Device
Wizard creates a database entry in NSM for the sensor, imports the sensor’s
configuration, and loads the Juniper Networks Recommended policy onto the
sensor. At that point, your sensor is actively protecting your network.
To improve the performance and accuracy of your protection, use the
IDP Concepts
& Examples Guide
and the
NetScreen-Security Manager Administrator’s Guide
to tailor
your security policy to your network.
IDP Configuration Basics
This section provides an introduction to IDP configuration basics. An IDP
configuration consists of the following components:
IDP sensor placement
—Decide where to position the sensor in the network.
IDP sensor placement mode
—Decide to use passive or active mode when
deploying your IDP sensor.
NetScreen-Security Manager
—Use NetScreen-Security Manager (NSM) to
administer the sensor.
IDP Sensor Placement
Juniper Networks IDP sensor is an ideal solution to be implemented inline between
gateway firewalls and DMZ or internal networks. IDP sensor placement is an
important part of the installation.
You should choose a location for your IDP sensor based on your existing network
hardware and the networks you want to protect. The examples provided in this
guide place the IDP sensor behind the firewall or router.
IDP Sensor Deployment Mode
IDP sensors can be installed individually or in high availability (HA) clusters of two
or more.
For configurations without high availability, you can deploy the IDP sensor as a
passive sniffer or as an active gateway.
Passive Mode
—The sniffer mode is passive. In sniffer mode, the IDP is not
directly involved with packet flow. While it can send resets, protection is not
guaranteed as attacks may have already happened before the reset can be
acted upon. In addition, attacker machines may ignore resets.
NOTE:
You must update your attack objects to get the latest protection.
Summary of Contents for IDP 250
Page 6: ...vi Table of Contents IDP 75 250 800 and 8200 Installation Guide...
Page 8: ...viii List of Figures IDP 75 250 800 and 8200 Installation Guide...
Page 10: ...x List of Tables IDP 75 250 800 and 8200 Installation Guide...
Page 14: ...IDP 75 250 800 and 8200 Installation Guide xiv Requesting Technical Support...
Page 20: ...IDP 75 250 800 and 8200 Installation Guide 6 IDP Configuration Basics...
Page 48: ...IDP 75 250 800 and 8200 Installation Guide 34 Checking the Status of Your Sensor...
Page 52: ...IDP 75 250 800 and 8200 Installation Guide 38 Reimaging the IDP Sensor...
Page 56: ...IDP 75 250 800 and 8200 Installation Guide 42 Replacing a Hard Drive IDP 800 and 8200 Only...
Page 68: ...IDP 75 250 800 and 8200 Installation Guide 54 Index...