EasyManuals Logo
Home>Juniper>Network Hardware>Junos OS

Juniper Junos OS User Manual

Juniper Junos OS
158 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #80 background imageLoading...
Page #80 background image
On all high-end SRX Series devices, in sniffer mode, ingress and egress interfaces work
with flow showing both source and destination interface as egress interface.
As a workaround, in sniffer mode, use the tagged interfaces. Hence, the same interface
names are displayed in the logs. For example, the ge-0/0/2.0 as ingress (sniff) and the
ge-0/0/2.100 as egress interfaces are displayed in the logs to show the source interface
as ge-0/0/2.100.
set interfaces ge-0/0/2 promiscuous-mode
set interfaces ge-0/0/2 vlan-tagging
set interfaces ge-0/0/2 unit 0 vlan-id 0
set interfaces ge-0/0/2 unit 100 vlan-id 100
Related
Documentation
Updating Licenses for a Branch SRX Series on page 47
Example: Configuring Intrusion Detection and Prevention for SRX Series on page 64
Example: Configuring Intrusion Detection and Prevention for SRX Series
For transit traffic to pass through IDP inspection, you configure a security policy and
enable IDP application services on all traffic that you want to inspect.
This example shows how to configure a security policy to enable IDP services for the first
time on traffic flowing on the device.
Requirements on page 64
Overview on page 64
Configuration on page 65
Verification on page 68
Requirements
Before you begin, install or verify an intrusion detection and prevention (IDP) feature
license. See “Updating Licenses for a Branch SRX Series” on page 47.
This example uses the following hardware and software components:
An SRX210
Junos OS Release 12.1X44-D10
Overview
In this example, you configure a policy to enable IDP services on an SRX210 to inspect
all traffic from the untrust zone to the DMZ zone against the IDP rulebases.
As a first step, you must download and install the signature database from the Juniper
Networks website. Next, download and install the predefined IDP policy templates and
activate the predefined policy Recommended as the active policy.
Next, you must create a security policy from the untrust zone to DMZ zone and specify
actions to be taken on the traffic that matches the conditions specified in the policy.
Copyright © 2016, Juniper Networks, Inc.64
Getting Started Guide for Branch SRX Series

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Juniper Junos OS and is the answer not in the manual?

Juniper Junos OS Specifications

General IconGeneral
BrandJuniper
ModelJunos OS
CategoryNetwork Hardware
LanguageEnglish

Related product manuals