03-09-2012 06:06 AM
Just a basic question. In my IDP policy there are five rules. If traffic matches to first rule then the rule matching processing will stop or it will continue till the last rule? Also if it will continue and traffic matches to multiple rules then what would be the action taken?
Solved! Go to Solution.
03-09-2012 06:50 AM
If the first rule is set to drop then it will not continue with the rest. Various scenarios can be configured in relation to IDP.
[Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too]
03-09-2012 06:57 AM
Please do not confuse firewall and IDP policies. In IDP, even if traffic matches a rule
(and even if action is drop), it goes further.
See the reference given above, "When traffic matches multiple rules, the
most severe IP action of all matched rules is applied." This is written about IP actions
but the same is true about usual IDP actions. It processes all rules and then
takes the most severe action.
Only if the rule is set to "terminal", IDP processing will stop on it (if src-dst-app match).
Juniper Ambassador, Juniper Networks Certified Instructor,
JNCIE-SEC #98, JNCIE-ENT #393, JNCIE-SP #2253
[Juniper Authorized Education & Support in Russia]