Intrusion Prevention

  • 1.  IDP 250 Network Interface Configuration Issues

    Posted 06-04-2009 09:38

    Hi Everyone,

     I've got an IDP 250 I'm trying to connect our web servers to. I've got 1 server hooked up already and I'm trying to get the other one hooked up. I'm running in Transparent mode. Server 1 is set to forward traffic and working fine. My problem is that when I connect Server 2, the NICs do not come up on the IDP. If I change the forwarding interfaces, I run the risk of disabling server 1 but server 2 will probably work. When I first hooked up Server 1, I had to set ethernet interfaces on the IDP to forwarding so the interfaces would come up. Am I missing something in the configuration of ACM? My goal is to watch the traffic going to and from the servers and also hooking up 2 other devices.

     

    Thank You



  • 2.  RE: IDP 250 Network Interface Configuration Issues

    Posted 06-04-2009 09:57

    You could execute mii-tool on the IDP and see what it shows for the interface.

     

    You do need to set it at forwarding.

     

    Thanks,
    Chandra

     



  • 3.  RE: IDP 250 Network Interface Configuration Issues

    Posted 06-04-2009 10:14

    Here is the output. I can not plug server 2 back into the IDP because its currently in production. Server 1 is connected to eth4. eth5 connects to the switch.

     

    eth0: negotiated, link ok
    eth1: no link
    eth2: no link
    eth3: no link
    eth4: negotiated flow-control, link ok
    eth5: negotiated, link ok
    eth6: no link
    eth7: no link
     



  • 4.  RE: IDP 250 Network Interface Configuration Issues

    Posted 06-04-2009 10:22
    I also noticed that ACM is showing 9 interfaces and mii-tool is not.


  • 5.  RE: IDP 250 Network Interface Configuration Issues

    Posted 06-04-2009 10:32

    I guess once you configure all the other interfaces as forwarding, the link should come up. If you have someother temporary system, you can connect that to eth2 and see if the link comes up.

     

    Also, the limitation with mii-tool is that it can only list 8 interfaces. Beyond that you need to use ethtool.


    Thanks,
    Chandra



  • 6.  RE: IDP 250 Network Interface Configuration Issues

    Posted 06-04-2009 11:48

    Sorry if I'm asking a lot of basic questions. I'm new to Juniper. How do you set all NICs on the IDP to forwarding? The IDP only lets me forward 1 pair of NIC's at a time. Do I need to enable multiple virtual routers?

     

    Thank You for your quick responces!



  • 7.  RE: IDP 250 Network Interface Configuration Issues

    Posted 06-04-2009 13:41

    I've been digging a bit more. It looks like I need to enable Virtual Routers for Transparent mode.

     

    Here's the deal.....I've got 4 devices I need to get hooked up. 2 of which are on the same network, the other 2 are on different networks. With virtual routers enabled, can I tie all interface pairs to vr0?

     

    Thank You!



  • 8.  RE: IDP 250 Network Interface Configuration Issues
    Best Answer

    Posted 06-04-2009 13:56

    You can use vr0 for all your interfaces.


    Thanks,
    Chandra