Intrusion Detection and Protection 15
Chapter 1: Configuring
Intrusion Detection and Protection
Intrusion Detection and Protection (IDP) is a mechanism for filtering the traffic
permitted by firewall policies. IDP uses a variety of techniques such as examining
Layer 3 and 4 packet headers and Layer 7 application content and protocol
characteristics in an effort to detect and prevent any attacks or anomalous behavior
that might be present in permitted traffic.
You can use NetScreen-Security Manager, the WebUI, or the CLI to install an IDP
license key, but to configure IDP for the ISG 2000, you must use NetScreen-Security
Manager.
Minimum Configuration for a NetScreen-Security Manager Connection
Before you can manage the ISG 2000 with NetScreen-Security Manager, you need to
set up the ISG 2000 on the network so that NetScreen-Security Manager can
connect to it. At a minimum, you need to configure the following on the ISG 2000:
Set an IP address for the interface through which NetScreen-Security Manager
can connect to the ISG 2000.
If there is a network forwarding device between the ISG 2000 and the
NetScreen-Security Manager server, set a route through that device to the server.
Enable the ISG 2000 for management from NetScreen-Security Manager. This is
enabled by default.
For example, to set up the ISG 2000 for NetScreen-Security Manager to connect to it
through ethernet1/1, do the following:
Cable the ISG 2000 to the network as described in “Connecting the Device to a
Network” on page 24
Log in to the device, and then enter the following commands:
set interface ethernet1/1 zone untrust
set interface ethernet1/1 ip 1.1.1.1/30
set vrouter trust-vr route 0.0.0.0/0 interface ethernet1/1 gateway 1.1.1.2
set nsm enable
save
You can now connect to the ISG 2000 through ethernet1/1 from NetScreen-Security
Manager and continue configuring the device.
NOTE: For more information about IDP, see the ISG 2000 Getting Started with IDP Guide.
NOTE: When you install an IDP license key, the ISG 2000 automatically disables Deep
Inspection (DI).
To Next Page
Loading...
Need help?
General