SD-WAN

Alright you SD-WAN experts, let's see if you can answer this one:

Looking at the picture below, do I have IDP turned on anywhere? If so, what level do I have it set to and what type of traffic will be affected by it?

#Trivia

In rule 7 named "Internet". DNS, InternetIDP and SuperSaaSApp sourced from the Corp Network will be impacted.

@Sheetanshu, you are correct again!

I do have IDP turned on for Policy #7 which is when Corp traffic goes to DNS, InternetIDP, and SuperSaaSApp. IDP is also enabled for 4 and 5, but those are grayed out because they are deny policies, so it doesn't matter. 

The IDP in this configuration is set to Strict. Here are the settings in case you forgot:

• Alert - When the IDP engine detects malicious traffic on the network, only an alert is generated; no additional measures are taken by the system to prevent the attack. The IDP signature and rules are the same as the Standard profile. Alerts are typically only for low severity attacks, or when the administrator explicitly configures the alert action for a service and tenant.

• Standard - The Standard profile is the default, and represents the set of IDP signatures and rules recommended by Juniper. Each type and severity of attack has a Juniper-defined, non-configurable action that is enforced when an attack is detected. These actions include:

  • Close the client and server TCP connection.
  • Drop current and all subsequent packets.
  • Alert only, no additional action taken.

• Strict - The Strict profile contains a similar set of IDP signatures and rules as the Standard profile. However, when an attack is detected the actions are more likely to actively block any malicious traffic or other attacks detected in the network.