Security

 View Only
last person joined: yesterday 

Ask questions and share experiences with Juniper Connected Security. Discuss Advanced Threat Protection, SecIntel, Secure Analytics, Secure Connect, Security Director, and all things related to Juniper security technologies.
  • 1.  SRX IDP observations mode, no action, Intrusion detection system mode

    Posted 02-16-2022 09:33
    Edited by emacdermid 02-16-2022 10:48
    Hi everybody

    Can we apply IDP, in a separate security policy, in watch mode, monitor, without action on traffic?
    As I can see. This can be done by changing the predefined rules, namely by adding the parameter no-action.
    If it is possible, please specify in the config example.
    TAP Mode not suitable.

    ------------------------------
    BADMA BUTAEV
    ------------------------------


  • 2.  RE: SRX IDP observations mode, no action, Intrusion detection system mode

    Posted 02-17-2022 10:56
    Hello,

    Your understanding is correct. If you simply want to have IDP alert on events but take no action, set the action within the IDP rule to 'no-action' and set notification to 'log-attacks' 

    This can be done on a per-IDP rule basis as well. You can have certain sets of signatures actively block malicious traffic and certain other sets of signatures set to 'no-action'

    ------------------------------
    Craig Dods
    ------------------------------



  • 3.  RE: SRX IDP observations mode, no action, Intrusion detection system mode

    Posted 02-17-2022 14:45
    Thanks Craig, got it.
    As I understand it, I can copy the policy, and in the newly created policy, make changes from action to no-action.
    I will test.

    ------------------------------
    Badma Butaev
    ------------------------------