beautypg.com

Figure 1: sniffer mode (passive) – Juniper Networks IDP 800 User Manual

Page 17

background image

IDP Configuration Basics

„

3

Chapter 1: Planning an Installation

To use an IDP sensor as a passive intrusion detection system without
prevention capabilities, deploy the sensor in passive sniffer mode to monitor
and log network traffic. If the sensor is attached to a network switch, you must
configure the switch to mirror all traffic to that port. The IDP sensor defaults to
sniffer mode.

„

Active mode—The gateway (inline) mode is active. This mode takes full
advantage of IDP attack prevention capabilities and multimethod detection
mechanisms.

With inline modes, the sensor is directly involved in the packet flow. The
sensor can stop attacks by dropping malicious packets before they reach their
target.

Inline sensors are typically configured in transparent mode. For other inline
modes, see “Advanced Configuration” on page 43.

One step in setting up IDP on your network is to decide on a deployment mode.
Figure 1 and Figure 2 illustrate the possible deployment modes and their primary
advantages and disadvantages.

Figure 1: Sniffer Mode (Passive)

Table 2 lists the advantages and the disadvantages of using the sensor in passive
sniffer mode.

NOTE:

For IDP 8200 Release 4.2, only transparent mode is available.

Management
Server
IP 2.2.2.4

User Interface
IP 2.2.2.5

Protected Machines

Hub or
Switch

Mirror or SPAN port, if a switch

Firewall

MGT
port

eth2

Internet

Server1
IP 1.1.1.2
GW 1.1.1.1

Server2
IP 1.1.1.3
GW 1.1.1.1

Server3
IP 1.1.1.4
GW 1.1.1.1

eth0 IP 2.2.2.7

straight-through cable

IP 2.2.2.1

IP 1.1.1.1

IDP Sensor

Hub or
Switch

This manual is related to the following products:
See also other documents in the category Juniper Networks Hardware: