Juniper SRX IDP (Intrusion Detection and Prevention) gives the capability to inspect network traffic to make sure that they are not malicious or intrusions.
In this section we will learn how to download and install IDP signatures and how they are used in security policies.
Juniper SRX application firewall provides the capability to control traffic at application layer.
In the traditional firewall that we have configured so far, we have had the ability to control traffic only at Layer 3 and Layer 4.
Application layer traffic control is possible using application signatures prepared by Juniper.
Juniper SRX global security policy gives the capability to write policies to control traffic but independent of the zones. Global policy can be also used to be applied to multiple zones at once.
It is important to notice that global policy is processed after normal inter-zone policy and before default deny-all policy.
Monitoring and troubleshooting security policies on Juniper SRX device is critical especially when you have a problem in a connection through SRX device.
In this section we will learn five practical commands, specific for the purpose of security policy monitoring and troubleshooting.
Juniper SRX security policy is the main task of the SRX device to control traffic between zones.
Unlike firewall filter it works stateful. That means you only have to permit from the initiator zone to the destination zone. Return traffic is automatically allowed based on the session table.
In this section we will learn how to configure security policy. security policy monitoring will be discussed in the next specific section because of its importance.
Juniper SRX screen options provide the ability to detect and prevent attacks primarily at Layer 3 and Layer 4. between them, the most well-known attacks are ICMP flood, UDP flood and TCP syn flood.
Juniper SRX screen policy is the first policy applied to traffic in the ingress direction of the interface for both packets from new sessions or belonging to the existing sessions.
Juniper SRX application and application-set objects are another required object in security policies.
In other words, when you configure a security policy, in addition to source address and destination address, the name of the application is also required to be configured.
Source address and destination address must be already configured in address book that we have discussed in the previous section. the application name must be also already configured in the list of applications.
The Juniper SRX address book is used to configure address range entries used in different zones in the enterprise.
To configure a security policy in Juniper SRX to control traffic between zones, address book entries must be used as source and destination addresses.
Juniper SRX security zones provide the ability to assign networks with different security requirements to different security zones, which is a prerequisite for controlling traffic between networks.
It is also possible to control traffic from different security domains to the Juniper device itself and vice versa, from the Juniper device to different security domains, which is a further discussion of this section.
Juniper SRX traffic flow knowledge is a requirement to troubleshoot connectivity over SRX device.
The way that the first packet of a new session is processed and forwarded in juniper SRX is different from processing and forwarding of a packet belonging to existing session.
In this section we will discuss how a new packet from a new session or a packet from existing session is forwarded in juniper SRX device.