SRX

last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  IDP-IPS...how to use on srx firewalls (srx240, srx650, srx3600)

    Posted 01-25-2013 04:21

    hi

    i want to use IDP,IPS features of juniper on srx devices (srx240, srx650, srx3600)...

    1....which of these devices support it???

    2...do i need some liscense to use them on these devices or can i configure and use without it???

    3...do i need to add on some additional hardware on these devices for using IPS,IDP or will it work on same hardware simply???

    Plz if someone can refer some juniper technical document aswell to understand above queries....



  • 2.  RE: IDP-IPS...how to use on srx firewalls (srx240, srx650, srx3600)

    Posted 01-26-2013 09:40

    Hi,

     

    For the Branch Devices i.e SRX100 - SRX650.

    - IDP/IPS is possible through a license. E.g SRX100-SMB4-CS or individual license like SRX220-IDP

    - No additional hardware needed. Just ensure the HW is High Memory Version.

     

    For the High-End SRX's

    - IDP not supported. Unless this changed. Last time I checked, they said that this was not a Data Center requirement.

     

     



  • 3.  RE: IDP-IPS...how to use on srx firewalls (srx240, srx650, srx3600)
    Best Answer

    Posted 01-26-2013 10:14

    Hi

     

    Wendohw is right in that IDP requires license and no additional hw
    is needed, but this is true for high-end SRX as well. IDP has been supported
    in SRX3000/5000 since the beginning. It is UTM (Antivirus, etc) that
    is currently not supported on the high-end SRX (UTM is usually considered a
    "remote office" feature).

     

    The main doc page for IDP is
    http://www.juniper.net/techpubs/en_US/junos12.1/information-products/pathway-pages/security/security-idp-index.html

     

    You need a license to update your IDP database. You can take
    advantage of free 30-day trial by issuing a command
    request system license update trial (inet connectivity and DNS needed).



  • 4.  RE: IDP-IPS...how to use on srx firewalls (srx240, srx650, srx3600)

    Posted 01-27-2013 03:01

    hi dear..still a query...

    it is mentioned on the link ... http://www.juniper.net/techpubs/en_US/junos12.1/topics/concept/idp-policy-overview.html ...that

    Note: IDP feature is enabled by default, no license is required. Custom attacks and custom attack groups in IDP policies can also be configured and installed even when a valid license and signature database are not installed on the device.

     

    what all i can use by default??probably some policies based on custom defined attaks/groups can be configured?to what extent will it suffice for me????

    what additional for i need liscense????

     

     

     

     

     



  • 5.  RE: IDP-IPS...how to use on srx firewalls (srx240, srx650, srx3600)

    Posted 01-27-2013 08:08

    Hi

     

    You need IDP license only to update your IDP attack database. For example:

     

    If you never had IDP license, you can configure your own (custom) attack objects and use them in IDP - for free;

     

    If you had an IDP license (even 30-day trial) and downloaded full attack database, you will be able to use it even after the license expires, but then you will not be protected against new attacks that appear after that. So it is highly recommended to renew a license at a proper time.