Intrusion Prevention
Showing results for 
Search instead for 
Do you mean 
Posts: 12
Registered: ‎02-26-2008
0 Kudos

2 easy questions :-)

1) If I have an IDP 800, can I use IDP policy X for a pair of interfaces and IDP policy Y for a different pair of interfaces?


2) If I have an ISG with IDP modules, what happens to the IDP when I create Virtual systems on the ISG?


Posts: 28
Registered: ‎08-21-2009
0 Kudos

Re: 2 easy questions :-)



1) not directly - You can specify policies based on IP or VLAN which you might be able to map to traffic you see on each of the pairs. The results in the NSM log viewer can easily be viewed per port. My top tip is to name the interfaces on the appliance so that in NSM you get a sensible label for each attack.


2) ISG+IDP is compatible with VSYS. I've never seen it myself so I can't say if you get a seperate policy per VSYS (in logic you should) or if it the same story as above.


good luck

Juniper Employee
Posts: 67
Registered: ‎04-30-2008
0 Kudos

Re: 2 easy questions :-)

Regarding 2), what happens is your create a rule that is specific to the VSYS, and then click "Install On." This will give you a list of the devices on the NSM. You should be able to select the target VSYS there.



Posts: 14
Registered: ‎10-06-2008
0 Kudos

Re: 2 easy questions :-)

We have several ISG 2000s with VSYS and IDP modules.


All the VSYS can use IDP b/c IDP lives at the physical layer.


Very easy to config and works great.


Juniper Networks Certified Internet Specialist (Firewall/VPN)
Juniper Networks Certified Internet Specialist (SSL VPN)