SRX Services Gateway
SRX Services Gateway

SRX IDP threshold value customization

03.17.12   |  
‎03-17-2012 12:57 AM

Hi All,

 

Below is output from SRX650 IDP enabled firewall. I enabled the DMZ Template from juniper for services running on DMZ zone. This template is blocking the Sharepoint and some other services whick run with default configuration. then i made a exempt rule for that litigmate traffic in idp rulebase. 

 

My question is how can we custimize the attack threshold value like for HTTPSmiley SurprisedVERFLOW:AUTH-OVFLW in idp rules as the only solution is that  we are exempting it. But how to customize this attack values in IDP attacks so that traffic must check against those attacks without blocking it.

 

IDP Attack Table:

Juniper Firewall Attack details:
Attack name #Hits
HTTPSmiley SurprisedVERFLOW:AUTH-OVFLW                        99741
HTTP:AUDIT:TOO-MANY-HEADERS                   2827
TCP:C2S:AMBIGSmiley SurprisedLAP-MISMATCH                     630
HTTPSmiley SurprisedVERFLOW:URL-OVERFLOW                 479
HTTP:REQERR:BIN-DATA-AUTH                        439
HTTPSmiley FrustratedQL:INJ:CONCAT                                        175
HTTP:IIS:WEBDAV:XML-HANDLER-DOS           112

 

Regards,

Zia Khan

2 REPLIES
SRX Services Gateway

Re: SRX IDP threshold value customization

03.17.12   |  
‎03-17-2012 03:40 AM

You could try applying the "Web Server" policy template to the sharepoint server.

Steve Puluka BSEET
Juniper Ambassador
Senior IP Engineer - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
JNCIA-Junos JNCIS-SEC JNCIP-SEC JNCSP-SEC
JNCIS-FWV
JNCDA JNCDS-DC JNCDS-SEC
JNCIS-SP
ACE PanOS 6 ACE PanOS 7
http://puluka.com/home
SRX Services Gateway

Re: SRX IDP threshold value customization

03.18.12   |  
‎03-18-2012 08:39 AM

Hi,

 

Yah i can apply but when u configure the Web Server template it is also generating a lot of attacks for HTTP traffic specially for sharepoint server.