Juniper Networks IDP250 manual Deployment Mode

Page 26

IDP250 Installation Guide

Deployment Mode

For each virtual router, you select the deployment mode:

Sniffer–In an out-of-path, sniffer mode deployment, the IDP appliance can detect attacks but can take only limited action. You connect the IDP traffic interfaces to a mirrored port of a network hub or switch.

Transparent–In an in-path, transparent mode deployment, traffic arrives in one interface and is forwarded through the other. The IDP appliance detects attacks and takes action according to your security policy rules. You connect the IDP traffic interfaces to firewalls or switches in the network path.

You can deploy a mix of sniffer and transparent mode virtual routers on the same IDP appliance.

For more information on deployment mode, see the IDP Concepts and Examples

Guide.

Internal Bypass

The Internal Bypass setting supports network security policies that privilege availability over security. In the event of failure or graceful shutdown, with internal bypass configured, the interfaces to enter an internal bypass state. In internal bypass, physical interfaces join mechanically to form a circuit that bypasses IDP processing. For example, if you configure internal bypass for vr0, and the IDP appliance encounters failure or is shut down, eth2 and eth3 join to form a circuit that avoids the IDP engine and forwards the traffic to the next network hop.

Internal bypass operates through a timing mechanism. When enabled, the timer on traffic interfaces counts down to a bypass trigger point. When the IDP appliance is turned on and available, it sends a reset signal to the traffic interface timer so that it does not reach the bypass trigger point. If the IDP operating system encounters failure, then it fails to send the reset signal, the timer counts down to the trigger point, and the traffic interfaces enter a bypass state. If the IDP appliance is shut down gracefully, the traffic interfaces immediately enter bypass.

Figure 6 on page 11 shows the communications path when a virtual router is in internal bypass state.

10Traffic Interface Ports

Page 25 Page 27
Image 26
Page 25 Page 27
Contents IDP250 Installation Guide North Mathilda Avenue Sunnyvale, CaliforniaPage Iii Page Page Page Table of Contents Viii Table of Contents Part Performing the InstallationIDP250 Installation Guide Part Adding the IDP Appliance to NSMPart Technical Specifications and Compliance Statements Part IndexIDP250 Installation Guide Table of Contents Audience PrefaceObjectives Documentation ConventionsText Conventions On page xii defines text conventions used in this guideOn page xii defines syntax conventions used in this guide Syntax ConventionsOn page xiii lists related NSM documentation Related DocumentationOn page xiii lists related IDP documentation Related IDP DocumentationRequesting Technical Support Self-Help Online Tools and ResourcesRequesting Technical Support Opening a Case with JtacHttp//kb.juniper.net IDP250 Installation Guide Xvi Requesting Technical Support Hardware and Software Overview Hardware and Software OverviewHardware Overview on Software Overview on IDP250 Installation Guide Hardware and Software Overview IDP250 Overview Hardware OverviewIDP250 Overview Fans Power SupplyHard Drive System Status LEDsManagement Interface Port USB PortSerial Console Port Management Port LEDsHigh Availability Interface Port High Availability Interface PortHigh Availability Port LEDs On page 8 describes copper port LED states Traffic Interface Ports Copper Ports Traffic Interface PortsFiber Ports On page 9 describes fiber port LED statesTraffic Interface Features Deployment Mode NICs Off Peer Port Modulation External BypassLayer 2 Bypass Peer Port ModulationIDP250 Installation Guide IDP On-Box Utilities Software OverviewOn-Box Software Overview Software UsageCentralized Management with NSM Overview Centralized Management with NSM OverviewSoftware Overview Security Center Updates OverviewSecurity Center Updates Overview IDP250 Installation Guide Security Center Updates Overview Performing the Installation Performing the InstallationIDP250 Installation Guide Performing the Installation Before You Begin Installation OverviewBefore You Begin Basic Steps Basic StepsRelated Topics Common Criteria EAL2 Compliance on Hardware Description Rack Mounting Kits and Required ToolsRack Mounting Hardware and Required Tools Rack Mounting Kits and Required ToolsMounting to Midmount Brackets Mounting to Midmount BracketsRelated Topics Rack Mounting Kits and Required Tools on Connecting PowerMounting to Rack Rails Mounting to Rack RailsConnecting Power Performing the Initial Configuration Performing the Initial ConfigurationGetting Started Tool You Specify Getting Started Configuration ToolsDefaults Applied Press 1 or 2 and press Enter. The following text appears Getting Started with the QuickStart Wizard Management Port Getting Started with the QuickStart Wizard Management PortType Y and press Enter. The following text appears Getting Started with the ACM Wizard Management Port Getting Started with the ACM Wizard Management PortInstalling the Product License Key Installing the Product License KeyRun the following scio command to add the license key Related Topics Basic Steps on IDP250 Installation Guide Installing the Product License Key Interface Connection Guidelines Port Cable Connection GuidelinesChoosing Cables for Traffic Interfaces Copper Ports Connecting Devices That Support Auto-MDIXChoosing Cables for Traffic Interfaces Copper Ports Connecting and Disconnecting Fiber Cables Connecting Devices That Do Not Support Auto-MDIXConnecting Devices to Support Internal Bypass Connecting and Disconnecting Fiber CablesVerifying Traffic Flow Verifying Traffic FlowAdding the IDP Appliance to NSM Adding the IDP Appliance to NSMAdding the IDP Appliance to NSM on IDP250 Installation Guide Adding the IDP Appliance to NSM Reviewing Compatibility with NSM Reviewing Compatibility with NSMAdding a Reachable IDP Device to NSM NSM Add Device Wizard Connection Settings NSM Add Device Wizard Add DeviceNSM Add Device Wizard SSH Key Fingerprint Information Command generates output similar to the following NSM Add Device Wizard Inventory InformationNSM Add Device Wizard Add Device Confirmation NSM Device Manager Viewing Device Status Upgrading Software and Installing Field Replaceable Units Upgrading Software and Installing Field Replaceable UnitsPage Upgrading Software Updating Software NSM ProcedureUpdating Software NSM Procedure From the Select OS Name list, select ScreenOS/IDPIDP250 Installation Guide Upgrading Software Upgrading Software CLI ProcedureUpgrading Software CLI Procedure NSM, select Devices Configuration Update Device Config Replacing a Power Supply Installing Field Replaceable UnitsReplacing a Power Supply IDP250 Installation Guide Reimaging and Relicensing an Appliance Reimaging the ApplianceReimaging and Relicensing an Appliance Page Technical Specifications and Compliance Statements Technical Specifications and Compliance StatementsPage On page 59 lists physical specifications Technical SpecificationsIDP250 Technical Specifications On page 59 lists power specificationsEnvironmental Specifications On page 60 list environmental specificationsPower Cord Specifications Heat Dissipation GuidelinesCategory Standards Compliance Compliance StatementsStandards Compliance IDP250 Installation Guide Standards Compliance Related Topics Standards Compliance on Common Criteria EAL2 ComplianceCommon Criteria EAL2 Compliance Common Criteria EAL2 ComplianceIDP250 Installation Guide Common Criteria EAL2 Compliance Index IndexIndex on IDP250 Installation Guide Index Symbols Mdix NSM
Related manuals
Manual 68 pages 1.06 Kb
Top Page Image Contents