Juniper IDP 250 Скачать руководство пользователя

Страница: 13 / 68

Requesting Technical Support

xiii

About This Guide

Self-Help Online Tools and Resources

For quick and easy problem resolution, Juniper Networks has designed an online
self-service portal called the Customer Support Center (CSC) that provides you with
the following features:

Find CSC offerings:

http://www.juniper.net/customers/support/

Search for known bugs:

http://www2.juniper.net/kb/

Find product documentation:

http://www.juniper.net/techpubs/

Find solutions and answer questions using our Knowledge Base:

http://kb.juniper.net/

Download the latest versions of software and review your release notes:

http://www.juniper.net/customers/csc/software/

Search technical bulletins for relevant hardware and software notifications:

http://www.juniper.net/alerts/

Join and participate in the Juniper Networks Community Forum:

http://www.juniper.net/company/communities/

Open a case online in the CSC Case Manager:

http://www.juniper.net/customers/cm/

To verify service entitlement by product serial number, use our Serial Number
Entitlement (SNE) Tool:

https://tools.juniper.net/SerialNumberEntitlementSearch/

Opening a Case with JTAC

You can open a case with JTAC on the Web or by telephone.

Use the Case Manager tool in the CSC at

http://www.juniper.net/customers/cm/

Call 1-888-314-JTAC (1-888-314-5822—toll free in USA, Canada, and Mexico).

For international or direct-dial options in countries without toll-free numbers, visit
us at

http://www.juniper.net/customers/support/requesting-support/

Содержание IDP 250

Страница 1: ...rth Mathilda Avenue Sunnyvale CA 94089 USA 408 745 2000 www juniper net Part Number 530 023834 01 Juniper Networks Intrusion Detection and Prevention IDP 75 250 800 and 8200 Installation Guide Release...

Страница 2: ...nse The following information is for FCC compliance of Class B devices The equipment described in this manual generates and may radiate radio frequency energy If it is not installed in accordance with...

Страница 3: ...P 250 Sensor 8 IDP 800 Sensor 8 IDP 8200 Sensor 9 Traffic Ports Forwarding Interfaces 10 Configurable NIC States 10 Normal State 11 NIC Bypass State 11 NIC Bypass and Cable Choices 12 External Bypass...

Страница 4: ...rwarding Interfaces 28 Verifying Traffic Flow 28 Connecting the High Availability Port 28 Chapter 5 Adding the Sensor to NSM 29 Adding Your Sensor to NSM 29 Checking the Status of Your Sensor 33 Chapt...

Страница 5: ...Table of Contents Table of Contents v IDP 800 Technical Specifications 50 IDP 8200 Technical Specifications 51 Safety Compliance 52 EMI Compliance 52 Immunity 52 Index 53...

Страница 6: ...vi Table of Contents IDP 75 250 800 and 8200 Installation Guide...

Страница 7: ...Midmount Bracket 19 Figure 11 1 RU Device IDP 75 Midmount Bracket 20 Figure 12 Begin Add Device Procedure 30 Figure 13 Add Device Wizard Device Name 30 Figure 14 Add Device Wizard Connection Settings...

Страница 8: ...viii List of Figures IDP 75 250 800 and 8200 Installation Guide...

Страница 9: ...for ACM Configuration 26 Table 14 Advantages and Disadvantages of Bridge Mode 44 Table 15 Advantages and Disadvantages of Router Mode 45 Table 16 Advantages and Disadvantages of Proxy ARP Mode 46 Tab...

Страница 10: ...x List of Tables IDP 75 250 800 and 8200 Installation Guide...

Страница 11: ...Conventions on page xi Documentation on page xii Requesting Technical Support on page xii Audience This guide is intended for experienced system and network specialists Conventions The term sensor is...

Страница 12: ...ing basic configuration management server installation and user interface installation Online Help Available through the IDP Appliance Configuration Manager ACM The online help provides explanations f...

Страница 13: ...software Search technical bulletins for relevant hardware and software notifications http www juniper net alerts Join and participate in the Juniper Networks Community Forum http www juniper net compa...

Страница 14: ...IDP 75 250 800 and 8200 Installation Guide xiv Requesting Technical Support...

Страница 15: ...twork for the sensor Choose which mode you will run See Chapter 4 Installing the Sensor on page 17 4 Install the sensor on a rack See Chapter 4 Installing the Sensor on page 17 5 Log into the sensor u...

Страница 16: ...use passive or active mode when deploying your IDP sensor NetScreen Security Manager Use NetScreen Security Manager NSM to administer the sensor IDP Sensor Placement Juniper Networks IDP sensor is an...

Страница 17: ...ts before they reach their target Inline sensors are typically configured in transparent mode For other inline modes see Advanced Configuration on page 43 One step in setting up IDP on your network is...

Страница 18: ...changes Does not create an additional point of failure gateway Monitors and logs suspicious network activity Passively monitors with limited prevention only Requires a hub or the Switched Port Analyse...

Страница 19: ...o your network See the IDP Concepts Examples Guide to improve the performance and accuracy of your protection Table 3 Advantages and Disadvantages of Transparent Mode Inline Active Advantages Disadvan...

Страница 20: ...IDP 75 250 800 and 8200 Installation Guide 6 IDP Configuration Basics...

Страница 21: ...s and USB Ports on page 13 Power Supplies on page 13 IDP Sensor LEDs on page 14 IDP Sensors This section provides an overview of the following IDP sensors IDP 75 Sensor on page 8 IDP 250 Sensor on pag...

Страница 22: ...The IDP 250 sensor is optimal for medium central sites or large branch offices Figure 4 shows the following features One console serial port One management network interface port One dedicated high av...

Страница 23: ...00 Sensor The IDP 8200 sensor is optimal for large central sites or high traffic areas Figure 6 shows the following features One console serial port One management network interface port One dedicated...

Страница 24: ...located on the front of each device Sensors can have a combination of copper and fiber ports Figure 7 Traffic Ports Configurable NIC States Copper port pairs on the IDP 75 250 800 and 8200 can be con...

Страница 25: ...es active again it sends a reset signal When the timer receives the reset signal the bypass deactivates automatically and the sensor goes back to normal operation When NICs are in NIC bypass state pri...

Страница 26: ...ting the devices If the two devices are connected with a cross over cable use two straight through cables to connect the sensor to these two devices When NIC bypass starts the resulting effect is to c...

Страница 27: ...d on all IDP sensors Console Serial Port The console serial port provides access using an RJ 45 connector to the sensor s command line interface CLI Management Port The management port provides access...

Страница 28: ...on all sensors HA ports are available on the IDP 250 800 and 8200 sensors only Table 8 describes the LEDs for management and HA ports Table 6 IDP Sensor Power Supplies IDP Sensor Power Supplies 75 On...

Страница 29: ...00 and the 8200 sensors Table 8 IDP Sensor Management and High Availability Port LED Port LED Description Status LINK Port connection activity indicator Blinks amber to indicate activity on the port T...

Страница 30: ...tem emits a high pitch noise if a hard drive has failed The LED flashes red if the drive is being rebuilt Do not turn the power off unplug the unit or remove either drive while the drive is being rebu...

Страница 31: ...rds in your work area such as moist floors ungrounded power extension cables frayed power cords and missing safety grounds WARNING Never assume that the power supply is disconnected from a power sourc...

Страница 32: ...e exhaust air from intake air The best placement of the baffles depends on the airflow patterns in the rack The IDP 75 sensor occupies one rack unit RU in an equipment rack One RU is 1 75 inches 44 45...

Страница 33: ...o they prevent the device from sliding forward 6 Secure the rear brackets to the rack Mounting Using Midmount Brackets To mount the sensor using the midmount brackets in a device rack 1 Use a flathead...

Страница 34: ...e power supply at the rear of each chassis 2 Connect the other end of the power cable to the electrical outlet 3 For IDP 800 and 8200 sensors only Connect the second power cable to the receptacle on t...

Страница 35: ...g the High Availability Port on page 28 Initial Configuration Options When you first configure your sensor you can choose a simple configuration that sets options to the most commonly used settings or...

Страница 36: ...liance Configuration Manager See ACM Advanced Configuration on page 26 Connecting to the Sensor Your sensor has two management interfaces a console serial port and a management Ethernet port You can u...

Страница 37: ...rs in the terminal window press Enter to display the boot messages 5 Log into the IDP sensor as name root and password abc123 The EasyConfig script runs automatically The following text appears Config...

Страница 38: ...gement port is now complete EasyConfig does not run the next time you log into the sensor Using the Management Port to Configure the Sensor You can choose a simple or advanced configuration for the se...

Страница 39: ...and password abc123 4 Go to Simple or Advanced Configuration Using the Management Port on page 25 Simple or Advanced Configuration Using the Management Port The IDP sensor management port provides two...

Страница 40: ...ameters Management Interface IP Address The IP address of the sensor management interface Management Interface Netmask The netmask for the management interface IP address Default Route Your network s...

Страница 41: ...figure SSH access This is optional Set if you want to access the sensor using a terminal window or if you want to be able to upload upgrade files to the sensor See the ACM online help for more informa...

Страница 42: ...t sensors the pairs are horizontal port pairs 0 1and 2 3 on each NIC Traffic in inline transparent mode only flows between paired interfaces You cannot have traffic flow from port 0 to port 2 for exam...

Страница 43: ...cking the Status of Your Sensor on page 33 Adding Your Sensor to NSM This procedure assumes your sensor is installed has a static IP address and is reachable using SSH If your sensor is not yet availa...

Страница 44: ...Security Devices age click the button and select Device to open the Add Device wizard Figure 13 a Type a name and select a color to represent the device in the UI b Select Device is Reachable default...

Страница 45: ...in user name The default password is abc123 d Enter the password for the device root user The default password is abc123 e Select SSH Version 2 as the connection method Leave the port number as 22 f C...

Страница 46: ...to this 1024 f4 91 d0 04 b7 61 00 77 45 c3 cc bd af b3 5b a2 ssh_host_dsa_key pub 8 After you have verified the key click Next to display device information retrievable by NSM Figure 16 This takes a...

Страница 47: ...ce job Checking the Status of Your Sensor When the update device job finishes move the mouse pointer over the device in Device Manager to check the device status The configuration state Managed indica...

Страница 48: ...IDP 75 250 800 and 8200 Installation Guide 34 Checking the Status of Your Sensor...

Страница 49: ...ust load a new sensor image to NSM Then use NSM to load the new image onto your sensors Loading a Sensor Image into NSM To make the sensor software available to NSM 1 Download firmware image files fro...

Страница 50: ...onto the device but you cannot manage the device from NSM until the device ADM is updated 6 Click Finish to display upgrade status in the Job Information dialog box 7 When the upgrade finishes click C...

Страница 51: ...erial port of the device using the serial cable provided with the IDP sensor 2 Power off the IDP sensor 3 Insert the Restore Media USB stick into the USB flash drive on the front of the sensor 4 Power...

Страница 52: ...IDP 75 250 800 and 8200 Installation Guide 38 Reimaging the IDP Sensor...

Страница 53: ...nsor has three If a device has two replaceable power supplies you can hot swap one while the device is running Contact Juniper Networks if you want to purchase a spare power supply Remove a Power Supp...

Страница 54: ...r The LED turns green to indicate that it is receiving power and is giving power to the IDP sensor only occurs if sensor is on The high pitched whine stops and the PS FAIL light on the front of the ID...

Страница 55: ...side of the handle 2 Open the handle to its fully extended position 3 Begin to slide the drive into the bay 4 Gently slide the drive the rest of the way into the bay and snap it into place 5 Close the...

Страница 56: ...IDP 75 250 800 and 8200 Installation Guide 42 Replacing a Hard Drive IDP 800 and 8200 Only...

Страница 57: ...43 IDP High Availability Deployment Modes on page 46 Advanced Deployment Modes Most IDP sensors are configured in passive sniffer or transparent mode However the IDP 75 250 and 800 sensors can also be...

Страница 58: ...asts No changes to routing tables or network equipment Cannot connect IP networks with different address spaces Management Server IP 2 2 2 4 User Interface IP 2 2 2 5 Protected Machines Hub or Switch...

Страница 59: ...Connects IP networks with different address spaces Affects Layer 3 IP networks routing tables Interfaces cannot be used in stealth mode The sensor itself can be the target of attacks Management Server...

Страница 60: ...odes and HA clusters see the NetScreen Security Manager Administrator s Guide Table 16 Advantages and Disadvantages of Proxy ARP Mode Advantages Disadvantages Reliably responds to and prevents attacks...

Страница 61: ...ndards for compliance It has the following sections IDP 75 Technical Specifications on page 48 IDP 250 Technical Specifications on page 49 IDP 800 Technical Specifications on page 50 IDP 8200 Technica...

Страница 62: ...ominal Value Acceptable Range AC input voltage 110 220 VAC single phase 90 to 255 VAC AC input line frequency 50 60 Hz 47 to 63 Hz AC input current 4 A 110 VAC 2 A 220 VAC Table 19 Power Cord Specific...

Страница 63: ...Value Acceptable Range AC input voltage 110 220 VAC single phase 90 to 255 VAC AC input line frequency 50 60 Hz 47 to 63 Hz AC input current 4 A 110 VAC 2 A 220 VAC Table 23 Power Cord Specifications...

Страница 64: ...n Nominal Value Acceptable Range AC input voltage 110 220 VAC single phase 90 to 255 VAC AC input line frequency 50 60 Hz 47 to 63 Hz AC input current 4 A 110 VAC 2 A 220 VAC Table 27 Power Cord Speci...

Страница 65: ...al Value Acceptable Range AC input voltage 110 220 VAC single phase 90 to 255 VAC AC input line frequency 50 60 Hz 47 to 63 Hz AC input current 4 A 110 VAC 2 A 220 VAC Table 31 Power Cord Specificatio...

Страница 66: ...ion Safety of Information Technology Equipment EN 60950 2000 Safety of Information Technology Equipment including Electrical Business Equipment IEC 60950 Third Edition Safety of Information Technology...

Страница 67: ...specifications 48 IDP 600 technical specifications 50 immunity 52 installing the appliance 18 L LED Definitions 14 M mounting the appliance 18 N NIC Bypass 10 NIC bypass 11 cable choices 12 notice ico...

Страница 68: ...IDP 75 250 800 and 8200 Installation Guide 54 Index...

Результаты поиска

Содержание IDP 250

Отзывы:

Похожие инструкции для IDP 250

Бренды по названию

Популярные бренды

Juniper IDP 250, Руководство по установке

Результаты поиска

Содержание IDP 250

Отзывы:

Похожие инструкции для IDP 250

Бренды по названию

Популярные бренды