Hi,
I am in the process of configuring IPS on the SRX.
Can someone please take a look at my current IDP config and see if I need to add anything?
I have static nat and security policies to internal web servers which I have applied the IDP policy to. I haven't applied it for anything from trust to untrust, is this usually the way?
I have application default, if I don't specifiy this what is the default action? And finally is it good practice to specify the direction client-to-server, as I haven't what would the default action be?
The issue I have:
I had for RDP, this has idividual attacks as I could not find a group for remote apps. When I did an IDP update I could no longer commit the config until this RDP rule was removed, I get the error for each attack saying it could not be added to the complied policy. I have done another update and it's still the same. The attacks are still in the list.
After this happens when I run 'show security idp policy-commit-status' I get the following message and it doesn't go away until I make changes:
fwadmin@srx-node0> show security idp policy-commit-status
node0:
--------------------------------------------------------------------------
Reading prereq sensor config...
Please could someone assist, Junos version is 11.4R10.3
Thanks
Ross