Wow. If you have read this far, you’ve gone through a detailed explanation of just about every component of SRX IPS functionality. Now you can learn how to actually configure these different features within the SRX.
From here on out, you will learn the configuration of the individual elements, as well as focus on common “real-world” implementations of these features. Let’s get started.
We should perform a few steps before we configure SRX IPS. Here is a list of things to do before configuring the SRX for IPS functionality:
Install the license.
You must install an IDP license before you can download any
attack objects. If you are using only custom attack objects, you
don’t need to install a license (earlier versions had a bug where
they required it), but if you want to download Juniper predefined
attack objects, you must have this license. Juniper provides you
with the ability to download a 30-day trial license to permit this
functionality for a brief period of time to evaluate the
functionality. We covered license installation earlier in the book;
all you need is the
request system license
add command either specifying a file, or copying and
pasting it into the terminal.
Configure network access.
Before you can download the attack objects, you must have network connectivity to either the Juniper download server or a local server from which the signatures can be downloaded. This typically requires network configuration ...