Juniper NetScreen-IDP 3.0 Quick start guide

Brand: Juniper

Model: NetScreen-IDP 3.0

Category: Networking

Type: Quick start guide

Juniper NetScreen-IDP 3.0 provides comprehensive intrusion detection and prevention capabilities for enterprise networks. It combines advanced threat detection techniques, including signature-based detection, anomaly detection, and protocol anomaly detection, to identify and block a wide range of network attacks. NetScreen-IDP 3.0 also offers flexible deployment options, allowing it to be deployed in various network environments, including in front of or behind firewalls, routers, and switches.

Key capabilities of Juniper NetScreen-IDP 3.0 include:

Intrusion detection and prevention: NetScreen-IDP 3.0 uses a combination of signature-based detection, anomaly detection, and protocol anomaly detection to identify and block a wide range of network attacks, including zero-day attacks.

Key capabilities of Juniper NetScreen-IDP 3.0 include:

Intrusion detection and prevention: NetScreen-IDP 3.0 uses a combination of signature-based detection, anomaly detection, and protocol anomaly detection to identify and block a wide range of network attacks, including zero-day attacks.

QUICKSTART GUIDE

NetScreen-IDP 3.0

V/N 3.0 P/N 093-1509-000 Rev. B

2 | Juniper Networks, Inc.

Customer Support

Toll Free: 800-638-8296, idp-support@juniper.net

Juniper Networks, the Juniper Networks logo, NetScreen, NetScreen Technologies, GigaScreen, and the NetScreen

logo are registered trademarks of Juniper Networks, Inc. NetScreen-5GT, NetScreen-5XP, NetScreen-5XT,

NetScreen-25, NetScreen-50, NetScreen-100, NetScreen-204, NetScreen-208, NetScreen-500, NetScreen-5200,

NetScreen-5400, NetScreen-Global PRO, NetScreen-Global PRO Express, NetScreen-Remote Security Client,

NetScreen-Remote VPN Client, NetScreen-IDP 10, NetScreen-IDP 100, NetScreen-IDP 500, GigaScreen ASIC,

GigaScreen-II ASIC, and NetScreen ScreenOS are trademarks of Juniper Networks, Inc. All other trademarks and

registered trademarks are the property of their respective companies.

Information in this document is subject to change without notice.

No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for

any purpose, without receiving written permission from:

Juniper Networks, Inc.

ATTN: General Counsel

1194 N. Mathilda Ave.

Sunnyvale, CA 94089-1206

FCC Statement

The following information is for FCC compliance of Class A devices: This equipment has been tested and found to

comply with the limits for a Class A digital device, pursuant to part 15 of the FCC rules. These limits are designed to

provide reasonable protection against harmful interference when the equipment is operated in a commercial

environment. The equipment generates, uses, and can radiate radio-frequency energy and, if not installed and used in

accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this

equipment in a residential area is likely to cause harmful interference, in which case users will be required to correct

the interference at their own expense.

The following information is for FCC compliance of Class B devices: The equipment described in this manual

generates and may radiate radio-frequency energy. If it is not installed in accordance with NetScreen’s installation

instructions, it may cause interference with radio and television reception. This equipment has been tested and found

to comply with the limits for a Class B digital device in accordance with the specifications in part 15 of the FCC rules.

These specifications are designed to provide reasonable protection against such interference in a residential

installation. However, there is no guarantee that interference will not occur in a particular installation.

If this equipment does cause harmful interference to radio or television reception, which can be determined by turning

the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following

measures:

• Reorient or relocate the receiving antenna.

• Increase the separation between the equipment and receiver.

• Consult the dealer or an experienced radio/TV technician for help.

• Connect the equipment to an outlet on a circuit different from that to which the receiver is connected.

Caution: Changes or modifications to this product could void the user's warranty and authority to operate this device.

Disclaimer

THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET

FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED

HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED

WARRANTY, CONTACT YOUR JUNIPER NETWORKS REPRESENTATIVE FOR A COPY.

Enterprise Security Profiler

Use of the Enterprise Security Profiler may subject users in certain countries to obligations under applicable laws and

regulations, including data protection laws. Juniper Networks makes no representation or warranty that your use of

this feature will comply with all applicable laws and regulations and you are encouraged to seek advice of counsel to

understand your obligations, if any, under applicable laws and regulations.

QuickStart Guide, Juniper Networks NetScreen-IDP 3.0 | 3

CONTENTS

OVERVIEW ......................................................................................4

HOOSE A DEPLOYMENT MODE...........................................................6

NSTALL THE IDP MANAGEMENT SERVER................................................11

ONNECT TO THE IDP APPLIANCE ......................................................14

ONFIGURE THE IDP SENSOR ............................................................17

ONNECT IDP TO YOUR NETWORK.....................................................20

ONNECT THE NS-IDP-BYP (OPTIONAL)...............................................22

BSMI WARNING ...................................................................................... 25

INSTALL THE USER INTERFACE ..............................................................26

DD NETWORK COMPONENTS ...........................................................28

NSTALL A SECURITY POLICY ...............................................................29

UN THE PROFILER ..........................................................................30

PDATE YOUR ATTACK OBJECTS .........................................................31

ETSCREEN-IDP QUICKSHEET ............................................................32

4 | Juniper Networks, Inc.

OVERVIEW

This guide describes how to install version 3.0 of the Juniper Networks

NetScreen-Intrusion Detection and Prevention (IDP) system for non-high

availability (HA) configurations that use the NetScreen-IDP 10, 100, 500, or 1000

appliances. This guide also describes how to use an NS-IDP-BYP (Bypass Unit)

with your NetScreen-IDP 10, 100, 500, or 1000 system.

For instructions on installing HA configurations, please see the High Availability

QuickStart Guide 3.0. For IDP upgrades, please contact customer support.

IDP Sensor Package Contents

Each NetScreen-IDP Sensor package contains:

• An IDP appliance

•A bezel

• An accessory box containing:

– 1 North American power cable

– 2 Ethernet cables (blue cables)

– 2 LC-LC fiber cables (IDP 500 & 1000 only)

– 2 Crossover Ethernet cables (orange cables)

– 1 Null modem Serial cable (gray cable)

• A documentation box containing:

– Product data sheet

– Release Notes, NetScreen-IDP 3.0

IDP Management Package Contents

Each NetScreen-IDP Management package contains:

• Installation CD, NetScreen-IDP 3.0

• Product Documentation CD, NetScreen-IDP 3.0

• QuickStart Guide, NetScreen-IDP 3.0

• High Availability QuickStart Guide, NetScreen-IDP 3.0

• Release Notes, NetScreen-IDP 3.0

QuickStart Guide, Juniper Networks NetScreen-IDP 3.0 | 5

The Installation Process

The installation process consists of 11 steps:

1. Choose a Deployment Mode. In this step, you choose a deployment

mode for the IDP system.

2. Install the IDP Management Server. In this step, you install the

Management Server software.

3. Connect to the IDP Appliance. In this step, you connect your system

to the IDP appliance using a serial or network connection.

4. Configure the IDP Sensor. In this step, you configure the IDP Sensor

software that is pre-installed on the IDP appliance.

5. Connect IDP to Your Network. In this step, you connect the IDP

appliance to your network.

6. Connect the NS-IDP-BYP (optional). In this step, you connect the

IDP Bypass Unit to your network and to the IDP appliance.

7. Install the User Interface. In this step, you install the User Interface

(UI).

8. Add Network Components. In this step, you add the IDP Sensor as a

Network Object in the IDP system.

9. Install a Security Policy. In this step, you install a Security Policy on

the IDP Sensor.

10.Run the Profiler. In this step, you configure and run the Profiler.

11.Update Your Attack Objects. In this step, you update your Attack

Object database to ensure that you are fully protected against the latest

attacks.

The NetScreen-IDP Installation CD includes the software required to install the

IDP Management Server, the IDP Sensor, and the User Interface for all IDP

appliances.

The NS-IDP-BYP is preconfigured to work with NetScreen-IDP 10, 100, 500, and

1000 appliances running IDP 2.1 or 3.0 Sensor software; no additional

configuration is required.

6 | Juniper Networks, Inc.

Step 1

CHOOSE A DEPLOYMENT MODE

The first step in setting up NetScreen-IDP on your network is to decide on a

deployment mode. The figures on pages 7-10 illustrate the five deployment modes

and their primary advantages and disadvantages.

IDP Appliance Placement

You can place the IDP appliance in front of your firewall, behind your firewall

(recommended), or anywhere on your network.

You should choose a location for your IDP appliance based on your existing

network hardware and the networks you want to protect. The examples provided

in this guide place the IDP appliance behind the firewall or router.

IDP Deployment Modes

For configurations without high availability, you can deploy the IDP Sensor as an

active gateway or as a passive sniffer.

• Active Gateway. Active Gateway modes take full advantage of IDP

attack prevention capabilities and MultiMethod Detection mechanisms.

Choose bridge, proxy-ARP, transparent, or router mode.

• Passive Sniffer. To use IDP as a passive IDS system without

prevention capabilities, deploy IDP in passive sniffer mode to monitor

and log network traffic. If the Sensor is attached to a network switch,

you must configure the switch to mirror all traffic to that port. IDP

defaults to sniffer mode.

Examine the examples on the following pages to determine which deployment

mode to use for your network. When you have chosen a deployment mode,

proceed to “Install the IDP Management Server” on page 11.

NS-IDP-BYP (Bridge or Transparent Mode Only)

The IDP Bypass Unit is a fail-open network device for your IDP system. If traffic

flow through the IDP appliance is disrupted, the Bypass Unit can automatically

reroute traffic. To use a Bypass Unit for fail-open protection with a NetScreen-

IDP appliance, you must deploy the IDP Sensor in bridge or transparent mode.

QuickStart Guide, Juniper Networks NetScreen-IDP 3.0 | 7

Sniffer Mode

Advantages Disadvantages

• Seamless replacement of current IDS

• Minimal network changes

• Does not create an additional point-of-

failure gateway

• Can monitor and log suspicious network

activity

•Passive monitoring with limited

prevention only

• Must use a hub or the span port of a

switch

• Cannot use NS-IDP-BYP for fail-open

protection

IDP

Firewall

Hub or

Switch

Protected Network

Eth2 IP 2.2.2.7

Management Network

Hub or Switch

straight-through cable

mirror/span port if a switch

1.1.1.1

2.2.2.1

(Management Interface)

Client1

IP 2.2.2.2

Client2

IP 2.2.2.3

Client3

IP 2.2.2.5

Client4

UI installed

IP 2.2.2.6

Management

Server

IP 2.2.2.4

Server1

IP 1.1.1.2

GW 1.1.1.1

Server3

IP 1.1.1.4

GW 1.1.1.1

Server2

IP 1.1.1.3

GW 1.1.1.1

Eth0 (Sniffing Interface)

8 | Juniper Networks, Inc.

Router Mode

Advantages Disadvantages

• Can reliably respond to and prevent

attacks

• Can connect IP networks with different

address spaces

• Affects layer-3 IP networks (routing

tables)

• Cannot use NS-IDP-BYP for fail-open

protection

IDP

Firewall

Hub or

Switch

Eth0 192.168.0.1 (Forwarding Interface)

Default GW 192.168.0.2

Eth1 1.1.1.1 (Forwarding Interface)

Protected Network

Eth2 2.2.2.7 (Management Interface)

Management Network

Hub or Switch

2.2.2.1

192.168.0.2

crossover

cable

straight-through

cable

Server1

IP 1.1.1.2

GW 1.1.1.1

Server3

IP 1.1.1.4

GW 1.1.1.1

Server2

IP 1.1.1.3

GW 1.1.1.1

Client1

IP 2.2.2.2

Client2

IP 2.2.2.3

Client3

IP 2.2.2.5

Client4

UI installed

IP 2.2.2.6

Management

Server

IP 2.2.2.4

QuickStart Guide, Juniper Networks NetScreen-IDP 3.0 | 9

Bridge Mode and Transparent Mode

Advantages Disadvantages

• Can reliably respond to and prevent attacks

• Simple, transparent deployment

• Allows layer-2 broadcasts (DHCP, etc.)

• No changes to routing tables or network equipment

• Can use NS-IDP-BYP for fail-open protection

• Can forward non-IP traffic (transparent mode only)

IDP

Firewall

Hub or Switch

Eth2 2.2.2.7 (Management Interface)

Management Network

Hub or Switch

2.2.2.1

Client1

IP 2.2.2.2

Client2

IP 2.2.2.3

Client3

IP 2.2.2.5

Client4

UI installed

IP 2.2.2.6

Management

Server

IP 2.2.2.4

crossover

cable

straight-through

cable

Server1

IP 1.1.1.2

GW 1.1.1.1

Server3

IP 1.1.1.4

GW 1.1.1.1

Server2

IP 1.1.1.3

GW 1.1.1.1

Eth0 no ip address (Forwarding Interface)

1.1.1.1

Eth1 no ip address (Forwarding Interface)

Protected Network

10 | Juniper Networks, Inc.

Proxy-ARP Mode

When you have chosen a deployment mode for your IDP system, proceed to

“Install the IDP Management Server” on page 11.

Advantages Disadvantages

• Can reliably respond to and prevent

attacks

• Simple, transparent deployment

• Network nodes may need to update

cached ARP entries

• Cannot use NS-IDP-BYP for fail-open

protection

IDP

Firewall

Hub or

Switch

Eth0 1.1.1.254 (Forwarding Interface)

Eth1 1.1.1.5 (Forwarding Interface)

Protected Network

Eth2 2.2.2.7 (Management Interface)

Management Network

Hub or Switch

2.2.2.1

1.1.1.1

crossover

cable

straight-through

cable

Server1

IP 1.1.1.2

GW 1.1.1.1

Server3

IP 1.1.1.4

GW 1.1.1.1

Server2

IP 1.1.1.3

GW 1.1.1.1

Client1

IP 2.2.2.2

Client2

IP 2.2.2.3

Client3

IP 2.2.2.5

Client4

UI installed

IP 2.2.2.6

Management

Server

IP 2.2.2.4

QuickStart Guide, Juniper Networks NetScreen-IDP 3.0 | 11

Step 2

INSTALL THE IDP MANAGEMENT SERVER

In this step, you install the NetScreen-IDP Management Server software that

controls your IDP appliances. You can install the Management Server software

on a secure and trusted Red Hat Linux 7.2 or 8, RHEL AS/ES/WS 3, or Solaris 8

or 9 computer.

The remaining instructions in this step describe how to install the Management

Server on a separate computer.

When installing the Management Server, Juniper Networks recommends using a

system that has a minimum of 1 GB RAM. An example Management Server

system uses the following specifications:

• CPU: Quad Intel(R) Xeon(TM), 2.40GHz

• Cache size: 512 KB

• MemTotal: 2GB

• Hard Disk: 32.5 GB

Before installing the Management Server, ensure that the following are installed

on the computer:

•

gzip compression software — This is installed by default on RedHat

systems. For Solaris systems, you can download the gzip package for

your processor and OS version from http://www.sunfreeware.com. Once

you have downloaded the gzip package (do not download the source code

file), install the software with the pkgadd command; for example,

pkgadd -d gzip-1.3.5-sol8-sparc-local.

Note: You can install the Management Server software directly on the NetScreen-IDP

100. This configuration is for simple networking environments, such as a small office.

This configuration is often easier to install, but can negatively impact Sensor

performance. If you are using multiple Sensors or are operating in a production

environment, Juniper Networks strongly recommends that you install the Management

Server software on another machine. You cannot install the Management Server

software on the NetScreen-IDP 10 , 500, or 1000 appliance, or the NS-IDP-BYP Unit.

If you choose to install the Management Server software on a NetScreen-IDP 100

appliance, skip to Step 3 on page 14.

12 | Juniper Networks, Inc.

• uudecode to decode the payloads contained in the installation file —

This is installed by default on Solaris systems. For RedHat systems, you

can install this utility from the Management Server CD by entering the

following command:

rpm -Uvh sharutils-4.2.1-8.7.x.i386.rpm.

Installing the Management Server

1. Ensure that the computer you install the Management Server on is:

– Plugged in to a power source and powered on

– Connected to a serial console or monitor and keyboard

–A secure and trusted Red Hat Linux 7.2 or 8, RHEL AS/ES/WS 3,

or Solaris 8 or 9 computer

2. Insert the IDP Installation CD into the drive on the Management

Server.

3. Log in to the computer as

root. If you are already logged in as a user

other than root, become root by typing: su -. At the password prompt,

enter the root password for the computer.

4. Create an

idp group with the user idp as the only member.

For Linux, type the command: useradd idp

For Solaris, type the commands:

groupadd idp

useradd -g idp idp

5. Mount the IDP Installation CD following the operating system

manufacturer’s instructions.

6. Change to the Management Server directory using the

cd command.

For Linux: cd /mnt/cdrom/Mgt-Svr/Linux

For Solaris: cd /cdrom/cdrom0/Mgt-Svr/Solaris

7. Run the Management Server install script by typing the appropriate

command:

For Linux: ./mgtsvr_linux_3_0.sh

Note: The Management Server installation process is case-sensitive. You must follow

the menu selections exactly as shown in the script help text.

QuickStart Guide, Juniper Networks NetScreen-IDP 3.0 | 13

For Solaris: ./mgtsvr_solaris_3_0.sh

The installation automatically begins.

8. When prompted, specify the directory that IDP uses to store the

Management Server data files.

9. When prompted, specify a password for the IDP Management Server

admin account. Confirm the password.

The installation proceeds automatically. Several messages appear to

confirm the installation progress. After the installation is complete, the

Management Server processes start automatically.

Management Server IP Address

During the Sensor configuration process, you must establish the communication

between the Management Server and the Sensor by providing the IP address of

the Management Server computer. For quick reference, write the Management

Server IP address in the table below:

When you have successfully installed the Management Server, proceed to

“Connect to the IDP Appliance” on page 14.

Note: The admin account authenticates communication between the Management

Server and the User Interface (UI). You are asked for this password again when you

Management Server IP Address

14 | Juniper Networks, Inc.

Step 3

CONNECT TO THE IDP APPLIANCE

In this step, you connect to the NetScreen-IDP appliance and prepare to

configure the Sensor software that is installed on it. You can connect to the IDP

appliance using one of the following methods:

• Connect a standalone computer to IDP appliance eth2

(management) port. In this method, you change the IP address of a

standalone computer to an IP address that is on the 192.168.1.0/24

network. Then, you connect the standalone computer to the IDP

appliance and use the default settings for Ethernet access to configure

the Sensor software.

• Connect a serial console or keyboard/monitor to IDP appliance.

In this method, you assign the IDP appliance an IP address that is on

your network. Then, you connect a serial console or keyboard and

monitor to the IDP appliance and configure Ethernet access by choosing

an Ethernet port, IP address, and default route. After you have

configured Ethernet access, you connect the IDP appliance to your

network and configure the Sensor software from a computer on your

network.

Choose a method and follow the appropriate instructions below. When you have

established Ethernet access to the IDP appliance, you can configure the Sensor

software using the Appliance Configuration Manager (ACM), the Web-based IDP

configuration tool. The configuration process is described in “Configure the IDP

Sensor” on page 17.

Use the illustrations provided on the back cover of this guide to locate the

Ethernet, fiber, and serial ports for the IDP appliance.

Using a Standalone Computer

1. Connect a standalone computer, such as a laptop, to the IDP appliance

eth2 port. To connect directly to the appliance, use a crossover cable. To

connect to the appliance over a hub or switch, use a straight-through

cable.

QuickStart Guide, Juniper Networks NetScreen-IDP 3.0 | 15

2. Change the IP address of the standalone computer to 192.168.1.2.

For instructions on changing your IP address, see your computer’s

operating system documentation.

3. On the connected computer, open a Web browser. Enter the URL of the

ACM wizard as https://192.168.1.1. Because the ACM uses a

secure form of HTTP, you MUST enter https:// before the IP address.

4. Enter the default user name (root) and password (abc123).

When the ACM wizard appears, proceed to “Configure the IDP Sensor”

on page 17.

Using a Serial Console or Keyboard/Monitor

1. Connect to the IDP appliance:

– For serial console connections, connect a serial console to the IDP

appliance Serial port and configure the terminal software to use

parameters 8-N-1, 9600. For Windows, use HyperTerminal. For

Linux, use minicom.

– For keyboard and monitor connections, connect a keyboard and

monitor to the IDP appliance.

2. Log in to the IDP appliance as root with the password abc123.

The Ethernet configuration script automatically runs. Follow the

instructions in the script’s help text to configure Ethernet access to the

IDP appliance.

3. When prompted, select the network card you want to configure. The

default configuration for that network card appears.

– To accept the default configuration, type n and press Enter to

continue.

– To reconfigure the network card, type y. Assign an IP address and

netmask to the network card. Be sure to use an IP address that is

reachable by the computer you will use to configure the Sensor

software. Press Enter to continue.

4. When prompted, set a default route by pressing y. Enter the default

route for the computer that you will use to configure the Sensor

software. Press Enter.

16 | Juniper Networks, Inc.

5. Use the Ethernet port you just configured to connect the IDP appliance

to your network. To connect directly to another computer, use a cross-

over cable. To connect to a hub or switch, use a straight-through cable.

6. Using the computer that is on your network, open a Web browser. Enter

the IP address you chose in the configuration script. Because the ACM

uses a secure form of HTTP, you MUST enter https:// before the IP

address.

7. Enter the default user name (root) and password (abc123).

When the ACM wizard appears, proceed to “Configure the IDP Sensor”

on page 17.

QuickStart Guide, Juniper Networks NetScreen-IDP 3.0 | 17

Step 4

CONFIGURE THE IDP SENSOR

In this step, you configure the NetScreen-IDP Sensor software that is pre-

installed on the IDP appliance to work with your network.

Using the Appliance Configuration Manager (ACM), a Web-based tool, follow the

on-screen instructions as the ACM wizard leads you through the six-section

configuration process.

To view the ACM online help, click the icon in the upper right corner.

The table summarizes the information you should have available:

Note: The ACM supports Mozilla 1.0.1 and IE 6.0 Web browsers. If the font

size is too small or difficult to read in your Mozilla Web browser, increase the

font size to 150%.

Note: During the configuration process, you choose a One-Time Password

(OTP) and are given a VIN for your Sensor. Because you are prompted for this

information again in “Add Network Components” on page 28, you might want

to record the VIN.

Section Configuration Information

Setup • IDP Sensor host and domain name

• IDP Sensor root and admin passwords (default is

abc123)

• Install Management Server Locally (Optional)

• Management Server password for the User Interface

Mode • Deployment mode: sniffer, router, bridge, transparent,

or proxy-ARP

• Enable Bypass Unit (Optional)

• Enable/choose high availability solution

18 | Juniper Networks, Inc.

After you have saved and applied a configuration to the IDP Sensor, exit the

ACM by closing the Web browser window.

Networking • Speed and duplex settings for IDP appliance

interfaces

• Enable/configure VLAN interfaces

• Enable/configure virtual routers

• Management interface

• Forwarding interfaces (The IDP 10 appliance is limited

to a total of four forwarding interfaces.)

• Routing table (In proxy-ARP or router mode, if you are

using multiple subnets in your protected network, you

must configure static routes on the IDP appliance to

these subnets. Without these static routes, incoming

traffic to those subnets can be lost. Alternatively, you

can create a static route from the IDP appliance to an

internal gateway that contains inbound routes to the

protected subnets.)

System • Enable/configure DNS

• Set Time and Time Zone

• Enable/configure NTP

• Enable/configure RADIUS

• Enable/configure SNMP

• Enable/configure SSH access

Management • IP address of the Management Server for this Sensor

and OTP

•Sensor VIN

________________________________________

• Enable/configure ACM access

Done View the current configuration and then:

• Save all changes

• Apply the configuration to the IDP appliance

• Reboot the IDP appliance

Section Configuration Information

QuickStart Guide, Juniper Networks NetScreen-IDP 3.0 | 19

You can now disconnect the serial console, keyboard and monitor, or other

standalone computer from the IDP appliance. If you changed the IP address of a

standalone computer to access the ACM, be sure to change it back to its original

IP address.

Proceed to “Connect IDP to Your Network” on page 20.

20 | Juniper Networks, Inc.

Step 5

CONNECT IDP TO YOUR NETWORK

In this step, you connect the NetScreen-IDP appliance to your network using the

provided cables and the Ethernet ports (interfaces) on the IDP appliance.

To connect to a switch or hub, use the straight-through Ethernet cable; to connect

to a firewall or router, use the crossover Ethernet cable (cables are included with

your system).

The two example configurations below display the Ethernet ports and their

intended connections (your configuration may differ):

to external network

to protected network

eth1

Forwarding

Interface

Forwarding

Interface

eth3

Forwarding

Interface

eth2

eth0

Forwarding

Interface

Can also be

management

interface

Optional

IDP 100

to external network

to protected network

eth1

Forwarding

Interface

Forwarding

Interface

eth3

Forwarding

Interface

eth2

eth0

Forwarding

Interface

Can also be

management

interface

Optional

IDP 500

IDP 1000

Page is loading ...

Juniper NetScreen-IDP 3.0 Quick start guide

Brand: Juniper

Model: NetScreen-IDP 3.0

Category: Networking

Type: Quick start guide

Key capabilities of Juniper NetScreen-IDP 3.0 include:

Intrusion detection and prevention: NetScreen-IDP 3.0 uses a combination of signature-based detection, anomaly detection, and protocol anomaly detection to identify and block a wide range of network attacks, including zero-day attacks.

Download PDF

report

Juniper NetScreen-IDP 3.0 Quick start guide

Juniper NetScreen-IDP 3.0 Quick start guide

Related papers

Other documents