Juniper-networks IDP 800 Manual de usuario

Juniper Networks, Inc.1194 North Mathilda AvenueSunnyvale, CA 94089USA408-745-2000www.juniper.netPart Number: 530-023834-01Juniper NetworksIntrusion D

x  List of TablesIDP 75, 250, 800, and 8200 Installation Guide

Audience  xiAbout This GuideThis guide describes the physical features of Juniper Networks Intrusion Detection and Prevention (IDP) solution: the I

IDP 75, 250, 800, and 8200 Installation Guidexii  DocumentationDocumentationThis guide is shipped in the box with all new IDP sensors. It provides t

Requesting Technical Support  xiiiAbout This GuideSelf-Help Online Tools and ResourcesFor quick and easy problem resolution, Juniper Networks has d

IDP 75, 250, 800, and 8200 Installation Guidexiv  Requesting Technical Support

Installation Roadmap  1Chapter 1Planning an InstallationThis chapter provides an overview of IDP configuration options. This chapter has the follow

IDP 75, 250, 800, and 8200 Installation Guide2  IDP Configuration Basics8. Add the sensor as an object in NSM using the Add Device wizard. Select D

IDP Configuration Basics  3Chapter 1: Planning an InstallationTo use an IDP sensor as a passive intrusion detection system without prevention capab

IDP 75, 250, 800, and 8200 Installation Guide4  IDP Configuration BasicsFigure 2: Transparent Mode (Inline Active) Table 3 lists the advantages an

IDP Configuration Basics  5Chapter 1: Planning an InstallationNetScreen-Security ManagerUse NetScreen-Security Manager to administer the sensor. Se

Copyright NoticeCopyright © 2008 Juniper Networks, Inc. All rights reserved.Juniper Networks, the Juniper Networks logo, NetScreen, and ScreenOS are r

IDP 75, 250, 800, and 8200 Installation Guide6  IDP Configuration Basics

IDP Sensors  7Chapter 2Hardware OverviewThis chapter provides detailed descriptions of the Juniper Networks IDP sensors and their components. This

IDP 75, 250, 800, and 8200 Installation Guide8  IDP SensorsIDP 75 SensorThe IDP 75 sensor is optimal for small networks or low-speed network segment

IDP Sensors  9Chapter 2: Hardware Overview One USB port Two IOC slots (each IOC containing four gigabit ports)  Two built-in copper Ethernet por

IDP 75, 250, 800, and 8200 Installation Guide10  Traffic Ports (Forwarding Interfaces)Figure 6: IDP 8200 Front PanelTraffic Ports (Forwarding Inte

Traffic Ports (Forwarding Interfaces)  11Chapter 2: Hardware OverviewNormal StateWhen the IDP is active and NICs are in the normal state, NICs only

IDP 75, 250, 800, and 8200 Installation Guide12  Traffic Ports (Forwarding Interfaces)The fiber Ethernet ports are standard interfaces and do not i

Management Ports  13Chapter 2: Hardware OverviewPeer Port ModulationAfter peer port modulation (PPM) is enabled, the sensor deactivates all the int

IDP 75, 250, 800, and 8200 Installation Guide14  IDP Sensor LEDsIDP Sensor LEDsThis section describes the LEDs for the following IDP sensor compone

IDP Sensor LEDs  15Chapter 2: Hardware OverviewFigure 8: LEDs for Management and HA Ports Traffic Port LEDsThe IDP 75, 250, 800, and 8200 sensors

Table of Contents  iiiTable of ContentsAbout This Guide xiAudience...

IDP 75, 250, 800, and 8200 Installation Guide16  IDP Sensor LEDsPower Supply LEDs on Back PanelThe back panel of the sensors provide access to powe

General Installation Guidelines  17Chapter 3Installing the SensorThis chapter describes how to install the IDP sensor in an equipment rack. This ch

IDP 75, 250, 800, and 8200 Installation Guide18  Rack Mounting the IDP SensorRack Mounting the IDP SensorThe location of the sensor and the layout

Rack Mounting the IDP Sensor  19Chapter 3: Installing the SensorFigure 9: Rail with Hinged Rear Bracket2. Rotate the hinges on both rails so that

IDP 75, 250, 800, and 8200 Installation Guide20  Connecting PowerFigure 11: 1 RU Device (IDP 75) Midmount Bracket2. Place the chassis into position

Initial Configuration Options  21Chapter 4Configuring the IDP SensorThis chapter describes how to connect to the IDP sensor and configure the devic

IDP 75, 250, 800, and 8200 Installation Guide22  Connecting to the SensorSimple Configuration ValuesA simple configuration has the following settin

Connecting to the Sensor  23Chapter 4: Configuring the IDP SensorTo configure your sensor using the console serial port, do the following:1. Connec

IDP 75, 250, 800, and 8200 Installation Guide24  Connecting to the SensorThe system configures your interfaces. The following text appears:Configur

Connecting to the Sensor  25Chapter 4: Configuring the IDP Sensor2. On a connected computer, open a Web browser. Type https://192.168.1.1.3. Type t

iv  Table of ContentsIDP 75, 250, 800, and 8200 Installation GuideMounting Using Device Rack Rails...

IDP 75, 250, 800, and 8200 Installation Guide26  Connecting to the SensorQuickStart Simple ConfigurationTable 12 provides the information you need

Connecting to the Sensor  27Chapter 4: Configuring the IDP SensorNetworking  Speed and duplex settings for IDP sensor interfaces. (Normally, these

IDP 75, 250, 800, and 8200 Installation Guide28  Connecting Forwarding InterfacesIn proxy-ARP or router mode, if you are using multiple subnets in

Adding Your Sensor to NSM  29Chapter 5Adding the Sensor to NSMThis chapter describes how to add the IDP sensor to NetScreen-Security Manager (NSM)

IDP 75, 250, 800, and 8200 Installation Guide30  Adding Your Sensor to NSMFigure 12: Begin Add Device Procedure4. On the Security Devices age, cli

Adding Your Sensor to NSM  31Chapter 5: Adding the Sensor to NSMFigure 14: Add Device Wizard - Connection Settings6. Enter the following connectio

IDP 75, 250, 800, and 8200 Installation Guide32  Adding Your Sensor to NSM7. Verify the SSH key fingerprint to prevent man-in-the-middle attacks:a.

Checking the Status of Your Sensor  33Chapter 5: Adding the Sensor to NSMFigure 18: Add Device Wizard - Importing the Device12. Click Finish to up

IDP 75, 250, 800, and 8200 Installation Guide34  Checking the Status of Your Sensor

Updating IDP Sensor Software Using NSM Firmware Manager  35Chapter 6Updating Software on the SensorThis chapter describes how to update the softwar

Table of ContentsTable of Contents  vIDP 800 Technical Specifications ... 50IDP 8200

IDP 75, 250, 800, and 8200 Installation Guide36  Updating IDP Sensor Software Without NSMUpgrading Sensor SoftwareAfter you have made the software

Reimaging the IDP Sensor  37Chapter 6: Updating Software on the Sensor7. Reboot the device when the script is finished.8. Type reboot and press Ent

IDP 75, 250, 800, and 8200 Installation Guide38  Reimaging the IDP Sensor

Replacing a Power Supply (IDP 800, and 8200 Only)  39Chapter 7Servicing the DeviceThis chapter describes the service and maintenance of various com

IDP 75, 250, 800, and 8200 Installation Guide40  Replacing a Hard Drive (IDP 800 and 8200 Only)Install a Power SupplyYou must have a power supply b

Replacing a Hard Drive (IDP 800 and 8200 Only)  41Chapter 7: Servicing the DeviceTo remove a hard drive:1. On the front of the device identify the

IDP 75, 250, 800, and 8200 Installation Guide42  Replacing a Hard Drive (IDP 800 and 8200 Only)

Advanced Deployment Modes  43Chapter 8Advanced ConfigurationThis chapter describes advanced configuration options and has the following sections:

IDP 75, 250, 800, and 8200 Installation Guide44  Advanced Deployment ModesFigure 21: Bridge Mode Table 14: Advantages and Disadvantages of Bridg

Advanced Deployment Modes  45Chapter 8: Advanced ConfigurationRouter ModeFigure 22 shows a sensor that is configured in bridge mode. Table 15 lists

vi  Table of ContentsIDP 75, 250, 800, and 8200 Installation Guide

IDP 75, 250, 800, and 8200 Installation Guide46  IDP High Availability Deployment ModesProxy-ARP ModeFigure 23 shows a sensor that is configured in

 47Appendix ASpecificationsThis appendix provides general specifications for the IDP sensors and standards for compliance. It has the following se

IDP 75, 250, 800, and 8200 Installation Guide48  IDP 75 Technical SpecificationsIDP 75 Technical SpecificationsTables 17–20 list the physical, AC p

IDP 250 Technical Specifications  49Appendix A: SpecificationsIDP 250 Technical SpecificationsTables 21–24 list the physical, AC power, power cord,

IDP 75, 250, 800, and 8200 Installation Guide50  IDP 800 Technical SpecificationsIDP 800 Technical SpecificationsTables 25–28 list the physical, AC

IDP 8200 Technical Specifications  51Appendix A: SpecificationsIDP 8200 Technical SpecificationsTables 29–32 list the physical, AC power, power cor

IDP 75, 250, 800, and 8200 Installation Guide52  Safety ComplianceSafety Compliance UL 60950, Third Edition — Safety of Information Technology Equi

Index  53IndexAACMconfiguration information...26audience for documentation ...

IDP 75, 250, 800, and 8200 Installation Guide54  Index

List of Figures  viiList of FiguresFigure 1: Sniffer Mode (Passive) ...3Figure 2:

viii  List of FiguresIDP 75, 250, 800, and 8200 Installation Guide

List of Tables  ixList of TablesTable 1: Notice Icons ..................... xiTable