IPS using jweb

Owned by Jean-luc KRIKER
Last updated: Jun 20, 2019
5 min read

1- check the licenses

2- Download and install the IPS signature ( sigpack)

3- Download and install IPS template

4- Create an IPS Policy ( global-group or Device , IPS Template and set Active )

5- create a Security Policy






license 
root@SRX340-1-Rack104> show system license
License usage:
                                 Licenses     Licenses    Licenses    Expiry
  Feature name                       used    installed      needed
  anti_spam_key_sbl                     0            1           0    2020-04-16 01:00:00 BST
  idp-sig                               0            3           0    2020-04-16 01:00:00 BST
  dynamic-vpn                           0            2           0    permanent
  av_key_sophos_engine                  0            3           0    2020-04-16 01:00:00 BST
  wf_key_websense_ewf                   0            3           0    2020-04-16 01:00:00 BST
  remote-access-ipsec-vpn-client        0          150           0    2020-04-16 01:00:00 BST



IPS Template installed in the SRX 
root@SRX340-1-Rack104> file show /var/db/scripts/commit/templates.xsl
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:junos="http://xml.juniper.net/junos/*/junos" xmlns:xnm="http://xml.juniper.net/xnm/1.1/xnm" xmlns:jcs="http://xml.juniper.net/junos/commit-scripts/1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://services.netscreen.com" version="1.0" xsi:noNamespaceSchemaLocation="http://services.netscreen.com/xmlupdate/Templates.xsd">
  <xsl:import href="../import/junos.xsl"/>
  <xsl:template match="configuration">
        <xsl:call-template name="delete-me">
          <xsl:with-param name="policy">DMZ_Services</xsl:with-param>
        </xsl:call-template>
        <xsl:call-template name="delete-me">
          <xsl:with-param name="policy">DNS_Service</xsl:with-param>
        </xsl:call-template>
        <xsl:call-template name="delete-me">
          <xsl:with-param name="policy">File_Server</xsl:with-param>
        </xsl:call-template>
        <xsl:call-template name="delete-me">
          <xsl:with-param name="policy">Getting_Started</xsl:with-param>
        </xsl:call-template>
        <xsl:call-template name="delete-me">
          <xsl:with-param name="policy">IDP_Default</xsl:with-param>
        </xsl:call-template>
        <xsl:call-template name="delete-me">
          <xsl:with-param name="policy">Recommended</xsl:with-param>
        </xsl:call-template>
        <xsl:call-template name="delete-me">
          <xsl:with-param name="policy">Web_Server</xsl:with-param>
        </xsl:call-template>
        <change>
          <security>
            <idp>
              <idp-policy>
                <name>Web_Server</name>
                <comment>This template policy is designed to protect commonly used HTTP servers from remote attacks.</comment>
                <rulebase-ips>
                  <rule>
                    <name>1</name>
                    <junos:comment>This rule drops all packets that should not occur on a clean network, and can be used by attackers to evade IDSs. This rule is necessary to harden the IDP against evasion attempts.</junos:comment>
                    <match>
                      <from-zone>any</from-zone>