Security

 View Only
last person joined: 8 days ago 

Ask questions and share experiences with Juniper Connected Security. Discuss Advance Threat Protection, Policy Enforcer, SecIntel, Secure Analytics, Secure Connect, Secure Director and all things related to Juniper security technologies.

  • 1.  SRX IDP observations mode, no action, Intrusion detection system mode

    Posted 02-16-2022 09:33
    Edited by emacdermid 02-16-2022 10:48
    Hi everybody

    Can we apply IDP, in a separate security policy, in watch mode, monitor, without action on traffic?
    As I can see. This can be done by changing the predefined rules, namely by adding the parameter no-action.
    If it is possible, please specify in the config example.
    TAP Mode not suitable.

    ------------------------------
    BADMA BUTAEV
    ------------------------------


  • 2.  RE: SRX IDP observations mode, no action, Intrusion detection system mode

    Posted 02-17-2022 10:56
    Hello,

    Your understanding is correct. If you simply want to have IDP alert on events but take no action, set the action within the IDP rule to 'no-action' and set notification to 'log-attacks' 

    This can be done on a per-IDP rule basis as well. You can have certain sets of signatures actively block malicious traffic and certain other sets of signatures set to 'no-action'

    ------------------------------
    Craig Dods
    ------------------------------

    Original Message


  • 3.  RE: SRX IDP observations mode, no action, Intrusion detection system mode

    Posted 02-17-2022 14:45
    Thanks Craig, got it.
    As I understand it, I can copy the policy, and in the newly created policy, make changes from action to no-action.
    I will test.

    ------------------------------
    Badma Butaev
    ------------------------------

    Original Message