Log in to ask questions, share your expertise, or stay connected to content you value. Don’t have a login? Learn how to become a member.
Studying the NSS Labs report from April 2008 on the IDP800 series (http://nsslabs.com/intrusion-prevention/juniper-idp-800.html), I noticed the important test called "Fail Open (resource issues)".
"8.1.9 FAIL OPEN (RESOURCE ISSUES)Does the NIPS provide the ability to pass all traffic when resources are exhausted or it is no longer possibleto analyze traffic for any reason (i.e. packet rate exceeds device capabilities)
Result: FAIL. DUT is not configurable to pass traffic once resources are exhausted."
However, comments from Juniper on that particular test stated:
"this feature would be included in the next major release."
My obvious question: has this important feature already been introduced, and so, started from which release ?
I think this has been achieved with thefeature:
Flow bypass when the IDP engine experiences heavy load.
Check on the Admin Guide on pag. 230: