[j-nsp] IDP signature automatic update
huy phuong
tnhphuong at gmail.com
Sat Nov 17 10:06:21 EST 2012
Dear All!
I have SRX with configure IDP feature. I want to setup IDP block HTTP
catalogies with severity :"Critical & major" with signature automatic
update. What is solution i will using ?
1/Using predefined-attack-group and automatic update as below:
idp-policy protect-http {
rulebase-ips {
rule 1 {
match {
from-zone any;
source-address any;
to-zone any;
destination-address Web-server;
application default;
attacks {
predefined-attack-groups [ "HTTP - Critical" "HTTP -
Major" ];
}
}
then {
action {
drop-connection;
}
}
}
}
}
active-policy protect-http;
security-package {
install;
automatic {
start-time "2012-11-16.10:00:00 +0000";
interval 72;
enable;
}
}
2/ Or using dynamic attack group with automatic update as below:
idp-policy protect-http {
rulebase-ips {
rule 1 {
match {
from-zone any;
source-address any;
to-zone any;
destination-address Web-server;
application default;
attacks {
dynamic-attack-groups protect-http;
}
}
then {
action {
drop-connection;
}
}
}
}
}
active-policy protect-http
dynamic-attack-group protect-http {
filters {
severity {
values [ critical major ];
}
category {
values HTTP;
}
}
}
security-package {
install;
automatic {
start-time "2012-11-16.10:00:00 +0000";
interval 72;
enable;
}
}
Please help me choose solution to do this task.
Thanks & best regards,
Phuong
More information about the juniper-nsp
mailing list