SRX

last person joined: 4 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  SRX IDP policy rule processing order and action

    Posted 03-09-2012 06:06

    Hi Experts

     

    Just a basic question. In my IDP policy there are five rules. If traffic matches to first rule then the rule matching processing will stop or it will continue till the last rule? Also if it will continue and traffic matches to multiple rules then what would be the action taken?

     

    Thanks



  • 2.  RE: SRX IDP policy rule processing order and action

    Posted 03-09-2012 06:50

    If the first rule is set to drop then it will not continue with the rest.  Various scenarios can be configured in relation to IDP.

     

    See below:

    http://www.juniper.net/techpubs/software/junos-security/junos-security10.1/junos-security-swconfig-security/topic-42453.html



  • 3.  RE: SRX IDP policy rule processing order and action
    Best Answer

    Posted 03-09-2012 06:57

    Hi

     

    Please do not confuse firewall and IDP policies. In IDP, even if traffic matches a rule

    (and even if action is drop), it goes further.

     

    See the reference given above, "When traffic matches multiple rules, the

    most severe IP action of all matched rules is applied." This is written about IP actions

    but the same is true about usual IDP actions. It processes all rules and then

    takes the most severe action.

     

    Only if the rule is set to "terminal", IDP processing will stop on it (if src-dst-app match).



  • 4.  RE: SRX IDP policy rule processing order and action

    Posted 03-09-2012 11:05

    Thanks Peter