SRX Services Gateway
Highlighted
SRX Services Gateway

SRX IDP policy rule processing order and action

03.09.12   |  
‎03-09-2012 06:06 AM

Hi Experts

 

Just a basic question. In my IDP policy there are five rules. If traffic matches to first rule then the rule matching processing will stop or it will continue till the last rule? Also if it will continue and traffic matches to multiple rules then what would be the action taken?

 

Thanks

3 REPLIES
SRX Services Gateway

Re: SRX IDP policy rule processing order and action

03.09.12   |  
‎03-09-2012 06:50 AM

If the first rule is set to drop then it will not continue with the rest.  Various scenarios can be configured in relation to IDP.

 

See below:

http://www.juniper.net/techpubs/software/junos-security/junos-security10.1/junos-security-swconfig-s...

MMcD [JNCIP-SEC, JNCIS-ENT, CCNA, MCP]
____________________________________________________

[Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too]
SRX Services Gateway

Re: SRX IDP policy rule processing order and action

03.09.12   |  
‎03-09-2012 06:57 AM

Hi

 

Please do not confuse firewall and IDP policies. In IDP, even if traffic matches a rule

(and even if action is drop), it goes further.

 

See the reference given above, "When traffic matches multiple rules, the

most severe IP action of all matched rules is applied." This is written about IP actions

but the same is true about usual IDP actions. It processes all rules and then

takes the most severe action.

 

Only if the rule is set to "terminal", IDP processing will stop on it (if src-dst-app match).

Best Regards,
PK

Juniper Ambassador, Juniper Networks Certified Instructor,
JNCIE-SEC #98, JNCIE-ENT #393, JNCIE-SP #2253
[Juniper Authorized Education & Support in Russia]
SRX Services Gateway

Re: SRX IDP policy rule processing order and action

03.09.12   |  
‎03-09-2012 11:04 AM

Thanks Peter