16. Specify the action to be taken on traffic that matches conditions specified in the
security policy. The security policy action must be to permit the flow.
[edit]
user@host# set security policies from-zone untrust to-zone DMZ policy P1 then
permit application-services idp
Results From configuration mode, confirm your configuration by entering the show security
policies command. If the output does not display the intended configuration, repeat the
configuration instructions in this example to correct it.
[edit]
user@host# show security policies
from-zone untrust to-zone DMZ {
policy P1 {
match {
source-address any;
destination-address DMZ-address-set-http;
application junos-http;
}
then {
permit {
application-services {
idp;
}
}
}
}
}
If you are done configuring the device, enter commit from configuration mode.
Verification
Confirm that the configuration is working properly.
Verifying the IDP Configuration
Purpose Verify that the IDP configuration is working properly.
Action From operational mode, enter the show security idp status command.
user@host>show security idp status detail
PIC : FPC 0 PIC 0:
State of IDP: Default, Up since: 2013-01-22 02:51:15 GMT-8 (2w0d 20:30 ago)
Packets/second: 0 Peak: 0 @ 2013-02-05 23:06:20 GMT-8
KBits/second : 0 Peak: 0 @ 2013-02-05 23:06:20 GMT-8
Latency (microseconds): [min: 0] [max: 0] [avg: 0]
Packet Statistics:
[ICMP: 0] [TCP: 0] [UDP: 0] [Other: 0]
Flow Statistics:
ICMP: [Current: 0] [Max: 0 @ 2013-02-05 23:06:20 GMT-8]
Copyright © 2016, Juniper Networks, Inc.68
Getting Started Guide for Branch SRX Series
To Next Page
Loading...
Need help?
General
