Category: idp_ips

Updating attack database of srx cluster node1

When you have an SRX cluster and you need to update/install idp attack database on the second node, you will realize that it isn’t done automatically (before 12.1 release) You can update/install the active node but not the other. The work around to do this is to manually copy attack DB files to the second
Read More »

how to block skype on SRX

To test how SRX blocks skype logins I have done the followings test and it worked; 1) Create a test IDP policy named My_Policy root@ankara# show idp-policy My_Policy rulebase-ips { rule 1 { match { source-address any; destination-address any; application default; attacks { predefined-attacks [ VOIP:SKYPE:LOGIN VOIP:SKYPE:PROBE-1 ]; } } then { action { close-client;
Read More »

How to uninstall IDP module in SRX

I would like to share my experiment on uninstalling of IDP module on an SRX100 device. Please take this as a test case and use it at your own discretion as I just test a manual removal of files and re-installed IDP module. 1) First disable IDP process root@ankara# set system processes idp-policy disable 2)
Read More »

How to write SRX IDP Custom Attack/Signature

Here is a sample configuration of a custom attack configuration on SRX. It is very basic and does only block URLs having *.exe in path and sends a RST back to the client. My regex might not be %100 correct but it has no purpose rather than showing a simple configuration; 1) Configure custom attack
Read More »

How to enable IDP on SRX

If you want to enable IDP on an SRX device, you have to issue certain number of commands which I list step by step from scratch; 1) Install license first if it hasn’t been installed yet. You can see if it is installed or not via “show system license installed” if this command doesn’t give
Read More »