SRX Services Gateway
Highlighted
SRX Services Gateway

SRX IDP Policy - No counters

‎01-04-2017 01:06 PM

Hello,

I setup my SRX220 IDP for the 1st time today. I wonder why I don't see counters on traffic outbound? Do I also need to setup an inbound Policy? The Guest Network listed is an internal wifi network.  I used the Recomended Option for the IDP.

My Config and outcome shown below. Thank you in adavance - Scott

 

> show security idp status
State of IDP: Default, Up since: 2016-04-15 17:03:27 EDT (37w4d 23:41 ago)

Packets/second: 0 Peak: 0 @ 2016-12-30 11:31:18 EST
KBits/second : 0 Peak: 0 @ 2016-12-30 11:31:18 EST
Latency (microseconds): [min: 0] [max: 0] [avg: 0]

Packet Statistics:
[ICMP: 0] [TCP: 0] [UDP: 0] [Other: 0]

Flow Statistics:
ICMP: [Current: 0] [Max: 0 @ 2016-12-30 11:31:18 EST]
TCP: [Current: 0] [Max: 0 @ 2016-12-30 11:31:18 EST]
UDP: [Current: 0] [Max: 0 @ 2016-12-30 11:31:18 EST]
Other: [Current: 0] [Max: 0 @ 2016-12-30 11:31:18 EST]

Session Statistics:
[ICMP: 0] [TCP: 0] [UDP: 0] [Other: 0]
Policy Name : Recommended
Running Detector Version : 12.6.160161014

-------------------------------------------------------------------

#set security policies from-zone Guest to-zone Internet policy idp-app-policy-1 match source-address any destination-address any application any
#set security policies from-zone Guest to-zone Internet policy idp-app-policy-1 then permit application-services idp

 

> show security policies
From zone: Guest, To zone: Internet
Policy: Guest, State: enabled, Index: 13, Scope Policy: 0, Sequence number: 1
Source addresses: any-ipv4
Destination addresses: any-ipv4
Applications: any
Action: permit
Policy: idp-app-policy-1, State: enabled, Index: 12, Scope Policy: 0, Sequence number: 2
Source addresses: any
Destination addresses: any
Applications: any
Action: permit, application services

2 REPLIES 2
Highlighted
SRX Services Gateway

Re: SRX IDP Policy - No counters

‎01-04-2017 03:50 PM

Think I got it. I re-ordered the Polices for the Guest Network putting iDP First.

 

From zone: Guest, To zone: Internet

  Policy: idp-app-policy-1, State: enabled, Index: 12, Scope Policy: 0, Sequence number: 1

    Source addresses: any

    Destination addresses: any

    Applications: any

    Action: permit, application services

  Policy: Guest, State: enabled, Index: 13, Scope Policy: 0, Sequence number: 2

    Source addresses: any-ipv4

    Destination addresses: any-ipv4

    Applications: any

    Action: permit

 

Getting IDP data now Smiley Happy

> show security idp status   

State of IDP: Default,  Up since: 2016-04-15 17:03:27 EDT (37w5d 02:37 ago)

 

Packets/second: 2               Peak: 254 @ 2017-01-04 18:32:13 EST

KBits/second  : 1               Peak: 934 @ 2017-01-04 18:32:13 EST

Latency (microseconds): [min: 0] [max: 0] [avg: 0]

 

Packet Statistics:

[ICMP: 0] [TCP: 1502] [UDP: 1136] [Other: 0]

 

Flow Statistics:

  ICMP: [Current: 0] [Max: 0 @ 2016-12-30 11:31:18 EST]

  TCP: [Current: 22] [Max: 148 @ 2017-01-04 18:32:12 EST]

  UDP: [Current: 16] [Max: 130 @ 2017-01-04 18:32:12 EST]

  Other: [Current: 0] [Max: 0 @ 2016-12-30 11:31:18 EST]

 

Highlighted
SRX Services Gateway

Re: SRX IDP Policy - No counters

‎01-09-2017 06:47 PM

Nice. Mark your answer and resolved so others can quickly look and see remedial measues if they have similar issue.

[KUDOS PLEASE! If you think I earned it!
If this solution worked for you please flag my post as an "Accepted Solution" so others can benefit..]