Intrusion Prevention

  • 1.  A couple of questions - looking at Juniper IDP

    Posted 05-23-2011 04:01

    Hi all,
        I've currently been asked to look at IPS devices, and as we use Juniper firewalls I thought I''d take a look at the IDP range and the options of using the IDP feature in our ISG-1000 firewalls. I am presuming using a dedicated IDP device is preferable to using the IDP feature on a ISG performing firewalling.


    1)I've read on here that an ISG-1000 with 1 security module can only process approx 500-700 Mbps of traffic - can anyone advise if it is possible to just apply the IDP inspection to certain policies and use standard firewall policies for others, therefore use the extra 1.3-1.5 gig of through put that the device can normally pass (per the spec sheet) in normal firewalling mode.

    2)I asked on Junipers "live help chat" if you need to purchase the Netcreen Security Manager Software separately when buying an IDP upgrade kit . Unfortunately the live chat just responded that I had to buy a Sophos or Kaspersky license to use an IDP device....presume this is totally wrong. I see the upgrade kit comes with a 5 user NSM lic but unsure if you still need to purchase the software to go on  a server - any ideas?

    3) One option I might have is to purchase a IDP 8200, however due to budgets I could only get one (not a HA pair), so was wondering if I could rely on the bypass interfaces until next year to address this with a straight wired link between network segments as the backup path in a HA network. Has anyone got any views on relying on?


    Sorry for the flood of questions and thanks in advance



  • 2.  RE: A couple of questions - looking at Juniper IDP
    Best Answer

    Posted 05-23-2011 08:45

    Howdy - here are some answers for you:

     

    1- ScreenOS and IDP - you do select what policies will use IDP. It is not a global setting.

    2- NSM and IDP - when you buy and IDP device you get a license for five users for NSM. You do not need to buy NSM on top of IDP. You will of course have to get maintenance for that five user NSM license if you want NSM updates. (And of course you don't need that AV stuff......)

    3- I had a customer who tested in 8200 prior to purchase and they were satisfied with the bypass feature.