Hi,
The necessary steps for activating IDP are as follows:
- Install IDP license by issuing request system license add...
- Download IDP package by issuing request security idp security-package download
- Install IDP package by issuing request security idp security-package install
- Install IDP policy templates by issuing request security idp security-package install policy-templates
- Register the commit script that creates the IDP policies by issuing set system scripts commit file templates.xsl
- Set your preferred IDP policy as active, for instance by issuing set security idp active-policy Getting_Started
- Activate IDP on your policy by issuing set security policies from-zone trust to-zone untrust policy default-permit then permit application-services idp
Nevertheless, I recommend to use some policy that you can easily verify. One of my favorites is blocking skype. Write a new IDP policy:
set security idp idp-policy Block_Skype rulebase-ips rule 1 match source-address any
set security idp idp-policy Block_Skype rulebase-ips rule 1 match destination-address any
set security idp idp-policy Block_Skype rulebase-ips rule 1 match application default
set security idp idp-policy Block_Skype rulebase-ips rule 1 match attacks predefined-attacks VOIP:SKYPE:INSTALL
set security idp idp-policy Block_Skype rulebase-ips rule 1 match attacks predefined-attacks VOIP:SKYPE:LOGIN
set security idp idp-policy Block_Skype rulebase-ips rule 1 match attacks predefined-attacks VOIP:SKYPE:PROBE-1
set security idp idp-policy Block_Skype rulebase-ips rule 1 match attacks predefined-attacks VOIP:SKYPE:VERSION-CHECK
set security idp idp-policy Block_Skype rulebase-ips rule 1 then action close-client
set security idp idp-policy Block_Skype rulebase-ips rule 1 then notification log-attacks
Set this policy the active policy:
set security idp active-policy Block_Skype
and don't forget to commit. I like to see Skype being blocked from connecting. You can also create a log file like this:
set system syslog file idp_log any any
set system syslog file idp_log match RT_IDP
To see IDP logs.
Have fun with IDP! By the way: Upgrade to JUNOS 10.0 R3 if you use an older JUNOS version.
Regards,
Dominik