SRX Services Gateway
Reply
Contributor
ziamohdkhan
Posts: 29
Registered: ‎03-30-2010
0

SRX IDP threshold value customization

Hi All,

 

Below is output from SRX650 IDP enabled firewall. I enabled the DMZ Template from juniper for services running on DMZ zone. This template is blocking the Sharepoint and some other services whick run with default configuration. then i made a exempt rule for that litigmate traffic in idp rulebase. 

 

My question is how can we custimize the attack threshold value like for HTTP:smileysurprised:VERFLOW:AUTH-OVFLW in idp rules as the only solution is that  we are exempting it. But how to customize this attack values in IDP attacks so that traffic must check against those attacks without blocking it.

 

IDP Attack Table:

Juniper Firewall Attack details:
Attack name #Hits
HTTP:smileysurprised:VERFLOW:AUTH-OVFLW                        99741
HTTP:AUDIT:TOO-MANY-HEADERS                   2827
TCP:C2S:AMBIG:smileysurprised:LAP-MISMATCH                     630
HTTP:smileysurprised:VERFLOW:URL-OVERFLOW                 479
HTTP:REQERR:BIN-DATA-AUTH                        439
HTTP:smileyfrustrated:QL:INJ:CONCAT                                        175
HTTP:IIS:WEBDAV:XML-HANDLER-DOS           112

 

Regards,

Zia Khan

Distinguished Expert
spuluka
Posts: 2,659
Registered: ‎03-30-2009
0

Re: SRX IDP threshold value customization

You could try applying the "Web Server" policy template to the sharepoint server.

Steve Puluka BSEET
Juniper Ambassador
Senior Network Engineer - UPMC Pittsburgh, PA
JNCIA-ER JNCIA-EX JNCIS-SEC JNCIP-SEC
JNCIS-FWV JNCIS-SSL
MCP - Managing Server 2003 MCP - Windows XP Professional
MCTS Windows 7
http://puluka.com/home
Contributor
ziamohdkhan
Posts: 29
Registered: ‎03-30-2010
0

Re: SRX IDP threshold value customization

Hi,

 

Yah i can apply but when u configure the Web Server template it is also generating a lot of attacks for HTTP traffic specially for sharepoint server.

 

 

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.