Intrusion Prevention

  • 1.  IPS Signatures with Junos Space Security Director and SRX

    Posted 06-30-2021 12:21
    Hi, I'm about to setup IPS/IDS on some SRX1500s, and will manage them using Security Director.  Now I know usually I would need to install the IPS license on the SRXs and have the devices pull down the IPS signature files.  I'm not clear though on how it works when Security Director is used, as this can also download the IPS signature files and presumably supply them to managed devices. Or does it just need the signatures to create policies and the devices are still licensed and require signature updates as usual.

    Is someone able to clarify this for me, I can't seem to find the info I'm after online.

    Many thanks


  • 2.  RE: IPS Signatures with Junos Space Security Director and SRX

    Posted 08-06-2021 05:26
    You're correct, the SRX can download the IPS signatures directly from Juniper, or you can use Security Director to download the sigs and push them to the devices, thereby avoiding any direct Internet access from the FWs.  If you have both download the signatures, and Security Director detects that the current sigs already exist, it will not try to push them again.  If you have more than one SRX, it's advantageous to use Security Director to do it for all your SRXs.  Either way, the devices are still licensed and require sig updates, whether directly from Juniper or via Security Director. 

    Hope this helps.

    ------------------------------
    Chris Hale
    ------------------------------