Junos Security by Rob Cameron, Brad Woodberg, Patricio Giecco, Timothy Eberhard, James Quinn

Although stateful firewall technology is a powerful mechanism for controlling cyber threats and preventing denials of service, controlling targeted exploitation requires deeper inspection and control of the application layer traffic itself. The SRX platform integrates the power of stateful firewalling, routing, Network Address Translation (NAT), and virtual private networks (VPNs), along with the power of Juniper Intrusion Detection and Prevention (IDP) technology, into a single unit. Make no mistake: this is true IPS, not a subset of inspection capabilities, and it’s all done within integrated network purposed hardware so that additional types of components are not needed.

This chapter details the Juniper IPS functionality built into the SRX. It starts with an overview of IPS—what it does, why it’s necessary, and how it compares to other technologies, including Juniper’s standalone IDP and ISG with IDP platforms. Then we have some fun configuring IPS on the SRX, as well as IPS tuning and troubleshooting. After that, we’ll look at a real-world case study to help solidify the concepts we’ve discussed. And as with all the chapters in this book, questions at the end of the chapter should help those taking Juniper’s security certification to prepare for their exam.