I have a requirement to enforce protocol anomaly detection on high-end SRX devices.
If I create a security policy to allow application "Junos-http" and applied all the predefined IDP HTTP attack groups for HTTP it would allow TCP port 80 traffic and match on all HTTP IDP signatures.
But what happens for example, if someone attempts to SSH or FTP using this port 80, it would try and match all the IDP attack signatures for HTTP against SSH or FTP ?
Can you make IDP do protocol anomaly detection and say the security policy junos-http is for HTTP only traffic and if it detects any other type of traffic its blocked?
I'm trying to stop people using ports to tunnel different traffic and require some sort of protocol enforcement on the policy rules. I understand IDP can give me this, but how ? Is there protocol anomaly detection within IDP?