Hi Experts,
I'm trying to protect an FTP server using IPS features of my Juniper SRX 210.
What seems to happen is that whenever I define a dynamic attack object with filter services FTP; I get an error mentioning that the dynamic attack object is empty and the configuration can not be committed. It seems like no signatures match the category FTP. I tried a couple of other categories and it gave me the same error. Is this a known issue? Or am I doing something wrong?
Here is a snippet of the configuration and the commit error:
[edit security idp dynamic-attack-group FTP]
root# show
filters {
service {
values FTP;
}
}
[edit security idp dynamic-attack-group FTP]
root# commit check
[edit security idp]
'dynamic-attack-group FTP'
Attack FTP: No matching members found. Group is empty
error: configuration check-out failed