IDP installed, now have many new open ports? - Edit - figured it out.
[ Edited ]
I recently installed Juniper IDP (default) on our SRX cluster and my company has since failed our PCI scan. Apparently, we have many new open ports they are seeing that were not seen before the installation. For example: port 8080.
Is this typical? Do I have to configure IDP to specifically block ports?
I am confused as to how this could happen, but this is the only change that has taken place.
Any help/advice would be appreciated.
Edit: I figured it out in the default security policy, I needed to limit the applications....
Re: IDP installed, now have many new open ports? - Edit - figured it out.
IDP as such doesn't open or block ports as it works on pattern based approach. It looks like there might be something else which was blocking all these ports earlier and you have enabled IDP now removed the other device/software.
Also, what I would suggest on IDP policy side, if you are unsure of traffic profile in your network, you may use predefined idp policy templates available for different purposes.