SRX Services Gateway
Reply
Contributor
aeroplane
Posts: 724
Registered: ‎06-30-2009
0
Accepted Solution

SRX IDP policy rule processing order and action

Hi Experts

 

Just a basic question. In my IDP policy there are five rules. If traffic matches to first rule then the rule matching processing will stop or it will continue till the last rule? Also if it will continue and traffic matches to multiple rules then what would be the action taken?

 

Thanks

Distinguished Expert
MMcD
Posts: 635
Registered: ‎07-20-2010
0

Re: SRX IDP policy rule processing order and action

If the first rule is set to drop then it will not continue with the rest.  Various scenarios can be configured in relation to IDP.

 

See below:

http://www.juniper.net/techpubs/software/junos-security/junos-security10.1/junos-security-swconfig-s...

MMcD [JNCIP-SEC, JNCIS-ENT, CCNA, MCP]
____________________________________________________

[Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too]
Distinguished Expert
Distinguished Expert
pk
Posts: 814
Registered: ‎10-09-2008

Re: SRX IDP policy rule processing order and action

Hi

 

Please do not confuse firewall and IDP policies. In IDP, even if traffic matches a rule

(and even if action is drop), it goes further.

 

See the reference given above, "When traffic matches multiple rules, the

most severe IP action of all matched rules is applied." This is written about IP actions

but the same is true about usual IDP actions. It processes all rules and then

takes the most severe action.

 

Only if the rule is set to "terminal", IDP processing will stop on it (if src-dst-app match).

Best Regards,
Petr (PK)

Juniper Ambassador, Juniper Networks Certified Instructor,
JNCIE-SEC #98, JNCIE-ENT #393, JNCIE-SP #2253
[Juniper Authorized Education & Support in Russia]
Contributor
aeroplane
Posts: 724
Registered: ‎06-30-2009
0

Re: SRX IDP policy rule processing order and action

Thanks Peter

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.