Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  SSG 140 Deep Inspection -> Service Limits

    Posted 05-13-2010 11:37

    SSG 140 v6.20r4.0

    I've set " Maximum Number of Login Failures per Minute" for FTP (Security -> Deep Inspection -> Service Limits)

    to prevent brute force attacks on my FTP servers behind the FW.

     

    It doesn't seems to apply. Is there anything I need to do to apply the service limits?

     

    Thanks.



  • 2.  RE: SSG 140 Deep Inspection -> Service Limits
    Best Answer

    Posted 05-18-2010 17:55

    You need to configure DPI on an FTP policy using the FTP-Brute-Force context and then it will look and see the failed attempts and then block for N seconds after Y attempts.

     

    set policy id 1 from "Untrust" to "Foo"  "Any" "ftp-hosts" "FTP" permit
    set policy id 1 attack "HIGH:FTP:ANOM" action drop ip-action "block" target "serv" timeout 120

     

    -dsd



  • 3.  RE: SSG 140 Deep Inspection -> Service Limits

    Posted 05-19-2010 13:15

    Perfect! Thank you!



  • 4.  RE: SSG 140 Deep Inspection -> Service Limits

    Posted 05-24-2010 04:56

    Hi, is the DI function need special license for 6.1.r4.0? Thanks for any advice