The following sections detail each step.
Defining Match For IDP Rules
When creating your IDP rules, you must specify the type of network traffic that you want
IDP to monitor for attacks. These characteristics include the network components that
originate and receive the traffic, and the firewall zones the traffic passes through.
You must specify the From Zone, Source, User Role, To Zone, Destination, and Service
in their respective Match columns for all rules in the IDP rulebase. The Terminate Match
selection allows you to designate a rule as terminal; if IDP encounters a match for the
other Match columns in a terminal rule, no other rules in the rulebase are examined. The
matching traffic does not need to match the attacks specified in a terminal rule. (For
more information on terminal rules, see “Configuring Terminal IDP Rules” on page 466.
The following sections detail the Match columns of an IDP rule.
Configuring Source and Destination Zones for IDP Rules (Does not apply to
Standalone IDP Sensor rulebases)
You can select multiple zones for the source and destination, however these zones must
be available on the security devices on which you will install the policy. You can specify
“any” for the source or destination zones to monitor network traffic originating or destined
for any zone.
For standalone IDP rulebases, the zones are always set to “any.”
NOTE:
You can create custom zones for some security devices. The list of zones from
which you can select source and destination zones includes the predefined and custom
zones that have been configured for all devices managed by NSM. Therefore, you should
only select zones that are applicable for the device on which you will install the security
policy.
Configuring Source and Destination Address Objects for IDP Rules
In the NSM system, address objects are used to represent components on your network:
hosts, networks, servers, etc. Typically, a server or other device on your network is the
destination IP for incoming attacks, and can sometimes be the source IP for interactive
attacks (see “Configuring Backdoor Rules” on page 486 for more information on interactive
attacks). You can specify “ any” to monitor network traffic originating from any IPv4
address and “ AnyIPv6 ” to monitor network traffic originating from any IPv6 address.
You can also “negate” the address objects listed in the Source or Destination column to
specify all sources or destinations except the excluded objects.
You can create address objects either before you create an IDP rule or while creating or
editing an IDP rule. To select or configure an address object, right-click either the Source
or Destination column of a rule and select Select Address. In the Select Source Addresses
dialog box, you can either select an already-created address object or click the Add icon
to create a new host, network, or group object.
To detect incoming attacks that target your internal network, set the From Zone to
Untrust, and the Source IP to any IP. Then, set the To Zone to dmz and trust. Next, select
463
Copyright © 2010, Juniper Networks, Inc.
Chapter 9: Configuring Security Policies
Содержание NETWORK AND SECURITY MANAGER 2010.3
Страница 6: ...Copyright 2010 Juniper Networks Inc vi...
Страница 36: ...Copyright 2010 Juniper Networks Inc xxxvi Network and Security Manager Administration Guide...
Страница 52: ...Copyright 2010 Juniper Networks Inc 2 Network and Security Manager Administration Guide...
Страница 90: ...Copyright 2010 Juniper Networks Inc 40 Network and Security Manager Administration Guide...
Страница 144: ...Copyright 2010 Juniper Networks Inc 94 Network and Security Manager Administration Guide...
Страница 146: ...Copyright 2010 Juniper Networks Inc 96 Network and Security Manager Administration Guide...
Страница 234: ...Copyright 2010 Juniper Networks Inc 184 Network and Security Manager Administration Guide...
Страница 310: ...Copyright 2010 Juniper Networks Inc 260 Network and Security Manager Administration Guide...
Страница 364: ...Copyright 2010 Juniper Networks Inc 314 Network and Security Manager Administration Guide...
Страница 366: ...Copyright 2010 Juniper Networks Inc 316 Network and Security Manager Administration Guide...
Страница 478: ...Copyright 2010 Juniper Networks Inc 428 Network and Security Manager Administration Guide...
Страница 576: ...Copyright 2010 Juniper Networks Inc 526 Network and Security Manager Administration Guide...
Страница 580: ...Copyright 2010 Juniper Networks Inc 530 Network and Security Manager Administration Guide...
Страница 592: ...Copyright 2010 Juniper Networks Inc 542 Network and Security Manager Administration Guide...
Страница 684: ...Copyright 2010 Juniper Networks Inc 634 Network and Security Manager Administration Guide...
Страница 690: ...Copyright 2010 Juniper Networks Inc 640 Network and Security Manager Administration Guide...
Страница 696: ...Copyright 2010 Juniper Networks Inc 646 Network and Security Manager Administration Guide...
Страница 698: ...Copyright 2010 Juniper Networks Inc 648 Network and Security Manager Administration Guide...
Страница 748: ...Copyright 2010 Juniper Networks Inc 698 Network and Security Manager Administration Guide...
Страница 778: ...Copyright 2010 Juniper Networks Inc 728 Network and Security Manager Administration Guide...
Страница 870: ...Copyright 2010 Juniper Networks Inc 820 Network and Security Manager Administration Guide...
Страница 872: ...Copyright 2010 Juniper Networks Inc 822 Network and Security Manager Administration Guide...
Страница 898: ...Copyright 2010 Juniper Networks Inc 848 Network and Security Manager Administration Guide...
Страница 908: ...Copyright 2010 Juniper Networks Inc 858 Network and Security Manager Administration Guide...
Страница 910: ...Copyright 2010 Juniper Networks Inc 860 Network and Security Manager Administration Guide...
Страница 995: ...PART 6 Index Index on page 947 945 Copyright 2010 Juniper Networks Inc...
Страница 996: ...Copyright 2010 Juniper Networks Inc 946 Network and Security Manager Administration Guide...