Hi All,

Below is output from SRX650 IDP enabled firewall. I enabled the DMZ Template from juniper for services running on DMZ zone. This template is blocking the Sharepoint and some other services whick run with default configuration. then i made a exempt rule for that litigmate traffic in idp rulebase. 

My question is how can we custimize the attack threshold value like for HTTPVERFLOW:AUTH-OVFLW in idp rules as the only solution is that  we are exempting it. But how to customize this attack values in IDP attacks so that traffic must check against those attacks without blocking it.

IDP Attack Table:

Juniper Firewall Attack details:
Attack name #Hits
HTTPVERFLOW:AUTH-OVFLW                        99741
HTTP:AUDIT:TOO-MANY-HEADERS                   2827
TCP:C2S:AMBIGLAP-MISMATCH                     630
HTTPVERFLOW:URL-OVERFLOW                 479
HTTP:REQERR:BIN-DATA-AUTH                        439
HTTPQL:INJ:CONCAT                                        175
HTTP:IIS:WEBDAV:XML-HANDLER-DOS           112

Regards,

Zia Khan