Intrusion Prevention

  • 1.  IDP: FAIL OPEN (RESOURCE ISSUES) ?

    Posted 08-18-2009 05:13

    Studying the NSS Labs report from April 2008 on the IDP800 series (http://nsslabs.com/intrusion-prevention/juniper-idp-800.html),  I noticed the important test called "Fail Open (resource issues)".

     

    "8.1.9 FAIL OPEN (RESOURCE ISSUES)
    Does the NIPS provide the ability to pass all traffic when resources are exhausted or it is no longer possible
    to analyze traffic for any reason (i.e. packet rate exceeds device capabilities)

     

    Result: FAIL.  DUT is not configurable to pass traffic once resources are exhausted."

     

    However, comments from Juniper on that particular test stated:

    "this feature would be included in the next major release."

     

    My obvious question:  has this important feature already been introduced, and so, started from which release ?

     


    #IDP
    #open
    #issue
    #Fail
    #Resource


  • 2.  RE: IDP: FAIL OPEN (RESOURCE ISSUES) ?
    Best Answer

    Posted 08-18-2009 05:24

    Hi,

    I think this has been achieved with thefeature:

    Flow bypass when the IDP engine experiences heavy load.

     

    Check on the Admin Guide on pag. 230:

    http://www.juniper.net/techpubs/en_US/idp5.0/information-products/topic-collections/idp-5-0-r1-admin-guide-pn-530-029727-01.pdf