Juniper Networks IDP 800 Network Card User Manual
Contents
1. 4 Types to see status information 5 Examine the following information on the screen Protocol Packets Flows Sessions Peak Peak Time Other 2 0 0 d 08 09 2006 03 08 07 ICMP 3 0 0 0 08 08 2006 18 03 51 UDP 3386 3 T 7 08 08 2006 19 31 01 TCP 151164 12 6 9 08 09 2006 07 01 36 6 Make sure the UDP or TCP values are changing Connecting the High Availability Port After you have set up both machines in the HA cluster connect their HA ports to each other using a crossover cable 28 m Connecting Forwarding Interfaces Chapter 5 Adding the Sensor to NSM This chapter describes how to add the IDP sensor to NetScreen Security Manager NSM and push the Recommended policy When you have completed the steps in this chapter your IDP sensor will be protecting your network You must have NSM installed to complete the steps in this chapter See the NetScreen Security Manager Installation Guide This chapter has the following sections m Adding Your Sensor to NSM on page 29 m Checking the Status of Your Sensor on page 33 Adding Your Sensor to NSM This procedure assumes your sensor is installed has a static IP address and is reachable using SSH If your sensor is not yet available has a dynamic IP address or is not reachable using SSH see the IDP Concepts and Examples Guide for other procedures To import an IDP 75 250 800 or 8200 sensor with a known IP address 1 In NSM select Tools gt View Update NSM Attack Database to2. Juniper Networks Intrusion Detection and Prevention IDP 75 250 800 and 8200 Installation Guide Releases 4 1r2a and 4 2 April 2008 Juniper Networks Inc 1194 North Mathilda Avenue Sunnyvale CA 94089 USA 408 745 2000 www juniper net Part Number 530 023834 01 Copyright Notice Copyright 2008 Juniper Networks Inc All rights reserved Juniper Networks the Juniper Networks logo NetScreen and ScreenOS are registered trademarks of Juniper Networks Inc in the United States and other countries All other trademarks service marks registered trademarks or registered service marks in this document are the property of Juniper Networks or their respective owners All specifications are subject to change without notice Juniper Networks assumes no responsibility for any inaccuracies in this document or for any obligation to update information in this document Juniper Networks reserves the right to change modify transfer or otherwise revise this publication without notice FCC Statement The following information is for FCC compliance of Class A devices This equipment has been tested and found to comply with the limits for a Class A digital device pursuant to part 15 of the FCC rules These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment The equipment generates uses and can radiate radio frequency energy and if not installed and
3. ssssessss 46 l icons defined HO ds don xi IDP 1100 techr cal specifications ett tap 51 IDP 200 technical specifications titres 49 IDP 50 technical specifications erene 48 IDP 600 technical specifications ereere 50 UIMUIMUNIEY Ss erea T diia 52 installing the appliance sno bete ater ie pedore 18 L LED Definitions ep see qr iS 14 mounting thie 3ppliance eet temer d s 18 N INIG BypaSSs usan teen e ee paa Usa ob t tae NIC Bypass oett aote nete cable choices notice icons defined P Peer Port Modulation PPM meine kr nn 13 ports management interfaces CONSOLE POrt arrasadas nen 13 MGT POLi eor deed eee eidh 13 power supplies Q QuIGKS tarts a n RT E NS Ea EM da 26 R rack mounting the appliance 18 re imaging the sensor S safety compliance specifications 52 sensor remando 36 sensor software Updatirig iaa 36 43 specifications EMI compliance pi e e sa Abe acies 52 IDP 1100 IDP OO 3 2 ion dt p bes et ERR SER tearoom DPS ULP EAR LM M AU LR MEL Do TE eres A etae Qo eet dee eed AA o c e a a 52 safety compliance ssssssssss 52 U updating sensor software sssssssssse 56 45 V ventilation uc aci d RR NR pP C EE a PE 18 Index m 53 IDP 75 250 800 and 8200 Installation Guide 54 m Index
4. Conrecting to thie Sensor uta ue e UO pee bed ede EG eat re hte due Using the Console Serial Port to Configure the Sensor Using the Management Port to Configure the Sensor Connecting Directly Using the Management Port Connecting Remotely Using the Management Port crre Simple or Advanced Configuration Using the Management Port QuickStart Simple Configuration ssssssssss ncncnccnninncnnn ACM Advanced Configuration sssssssssssse ee Connecting Forwarding Interfaces sssssssssssse ncccnonononinannn nano nnnncnns Verine Trato PIO Wi taa afecte erba doe mtis rte et de eta etd Connecting the High Availability Port Adding the Sensor to NSM Adding Your Sensor to NSM z 2 324 ed e eret rr eet e a re x a Checking the Status of Your Sensor ssssssssssssss nana nn nn ncnnnnns Updating Software on the Sensor Updating IDP Sensor Software Using NSM Firmware Manager Loading a Sensor Image into NSM ssssssssssss Upgrading SENSO SOMWALE cage cues erre t nhe e petet p RR cues Pee ide Updating IDP Sensor Software Without NSM ssssssss cnn nn ncnccnns Reimaging the IDP S6rnsQr oec dett rep Pel een pedi Pk boo boda Servicing the Device Replacing a Power Supply IDP 800 and 8200 Only REMOVE a PoWer Supply de cas cro erp ee ER Pe teo pede e aida rca Install a Power Supply 2 0 0 cece cece eme mener Replacing a Hard Drive IDP 800 and 82
5. IDP 75 250 800 and 8200 Installation Guide Rack Mounting the IDP Sensor Required Tools The location of the sensor and the layout of your equipment rack or wiring room are crucial for proper system operation Use the following guidelines while configuring your equipment rack m Enclosed racks must have adequate ventilation An enclosed rack should have louvered sides and a fan to provide cooling air m When mounting a chassis in an open rack ensure that the rack frame does not block the intake or exhaust ports If you install a chassis on slides check the position of the chassis when it is seated all the way into the rack m Inan enclosed rack with a ventilation fan in the top equipment higher in the rack can draw heat from the lower devices Always provide adequate ventilation for equipment at the bottom of the rack m Baffles can isolate exhaust air from intake air The best placement of the baffles depends on the airflow patterns in the rack The IDP 75 sensor occupies one rack unit RU in an equipment rack One RU is 1 75 inches 44 45 mm high The IDP 250 IDP 800 copper ports and IDP 8200 sensors occupy two rack units in an equipment rack Rack mounting requires the following tools m Flathead screwdriver m Number 2 Phillips head screwdriver m Rack compatible screws m Rack mounting brackets included Each device comes with the following brackets m Two side mounted rails for mounting to the front and back
6. Proxy ARP Mode Figure 25 shows a sensor that is configured in bridge mode Table 16 lists the advantages and disadvantages of bridge mode Figure 23 Proxy ARP Mode Hub or Firewall P22 21 Switch IP 1 1 1 1 eth2 IP 1 1 1 254 la IDP Sensor Forwarding Interface EE Management Server IP2224 eth0 IP 2 2 2 7 eth3 MGT Interface IP 1 1 1 5 Forwarding Interface N Hub or Switch 1 1 Server1 Server2 Server3 IP 1 1 1 2 IP 1 1 1 3 IP 1 1 1 4 GW 1 1 1 1 GW 1 1 1 1 GW 1 1 1 1 Protected Machines BZ User Interface IP 2 2 2 5 Table 16 Advantages and Disadvantages of Proxy ARP Mode Advantages Disadvantages m Reliably responds to and prevents m Network nodes may need to update attacks cached ARP entries m Simple transparent deployment IDP High Availability Deployment Modes You must deploy the IDP sensors in bridge router transparent or proxy ARP mode to enable a high availability solution For details on deployment modes and HA clusters see the NetScreen Security Manager Administrator s Guide IDP High Availability Deployment Modes Appendix A Specifications This appendix provides general specifications for the IDP sensors and standards for compliance It has the following sections m IDP 75 Technical Specifications on page 48 m IDP 250 Technical Specifications on page 49 m IDP 800 Technical Specifications on page 50 m IDP 8200 Techn
7. To install a power supply 1 2 Take the new power supply to the back of the device Hold the power supply with both hands with the red handle on the left side of the power supply Align the power supply with the empty bay and slide the power supply into the bay Push firmly until you see and hear the red lever snap into place If the other power supply is on and powering the sensor the sensor emits a high pitched whine and the power supply LED turns on Connect a power cord to the new power supply Attach the other end of the power cord to the power source The power supply s LED turns amber to indicate that the power supply is receiving power The LED turns green to indicate that it is receiving power and is giving power to the IDP sensor only occurs if sensor is on The high pitched whine stops and the PS FAIL light on the front of the IDP sensor turns off Replacing a Hard Drive IDP 800 and 8200 Only The IDP 800 and 8200 sensors come with two mirrored hard drives Both drives are hot swappable on failure If one fails it may be replaced without interrupting the function of the sensor Contact Juniper Networks if you want to purchase a spare hard drive A CAUTION The hard drive array is designed to provide fault tolerant redundancy in the device Do not remove a drive unless it has failed The red failure LED will turns on if a drive has failed N CAUTION When one drive is replaced it takes some t
8. used in accordance with the instruction manual may cause harmful interference to radio communications Operation of this equipment in a residential area is likely to cause harmful interference in which case users will be required to correct the interference at their own expense The following information is for FCC compliance of Class B devices The equipment described in this manual generates and may radiate radio frequency energy If it is not installed in accordance with Juniper Networks installation instructions it may cause interference with radio and television reception This equipment has been tested and found to comply with the limits for a Class B digital device in accordance with the specifications in part 15 of the FCC rules These specifications are designed to provide reasonable protection against such interference in a residential installation However there is no guarantee that interference will not occur in a particular installation If this equipment does cause harmful interference to radio or television reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one or more of the following measures Reorient or relocate the receiving antenna a Increase the separation between the equipment and receiver a Consult the dealer or an experienced radio TV technician for help a Connect the equipment to an outlet on a circuit different from that to which the
9. de tre edet 11 NIC Bypass and Cable Choices bee daoni bete ten 12 External Bypass Unit Staten harina parto alertan pelin 12 NICS OFESIAUQ at ol 12 PEER POr Modulada ed ta 13 Management Por Seran borradas dare Dor bedests 13 Hard Drives and USB POFLS iet att eed eet ee a d UP i ee 15 POWG SUDpDplieS e ada 15 ID Sensor LEDS tret rete ea gan e eet teas ines e rd pens 14 System Status LEDS etude besten tds dat oet dt ce E teu eite a 14 Management and High Availability Port LEDs 14 PAPC ROT LEDS sd esl fue et e e et Pet te Nee 15 Hard Drive EEDs on Front Pariel e at tentes reet t e e td 15 Power Supply LEDS On Back Panel iia dl eerte 16 Chapter 3 Installing the Sensor 17 General Installation Guidelines ine stin oee ee a a a a A a 17 Rack Mounting the IDP Senso toscas 18 REQuired TOOIS 5 secre ct Ua OU ea a er teet 18 Table of Contents m iii IDP 75 250 800 and 8200 Installation Guide Chapter 4 Chapter 5 Chapter 6 Chapter 7 Chapter 8 Appendix A iv m Table of Contents Mounting Using Device Rack Rails sss Mounting Using Midmount Brackets Connectinig POWOF uin erem ttem m Lone estie arde Configuring the IDP Sensor Initial Configuration Options emen Simple Configuratio necari etse tole ot Paese Gea to t Gaia te Pu Simple Configuration Setting Saue tt hec e REG Pee RE Simple Configuration Values dieo eee Advanced Configuration e e ie tut e e be dete Hee Ete reet
10. of the rack Four midmount brackets for midmounting 2 RU devices Two midmount brackets for midmounting 1 RU devices Mounting Using Device Rack Rails 18 m Rack Mounting the IDP Sensor To mount the sensor using the rails in a device rack 1 Use a flathead screwdriver to attach the rails to each side of the chassis with the bracket screws Make sure the hinged brackets are at the back of the device Make sure the rails are positioned so they reach the back of the rack when the device is mounted See Figure 9 Chapter 3 Installing the Sensor Figure 9 Rail with Hinged Rear Bracket 2 Rotate the hinges on both rails so that they allow the device to slide into the rack 3 Slide the chassis into a set of rails AN CAUTION Be sure to leave at least two inches of clearance on the sides of each chassis for the cooling air inlet and exhaust ports 4 Secure the front brackets to the rack 5 Rotate the rear brackets so they prevent the device from sliding forward 6 Secure the rear brackets to the rack Mounting Using Midmount Brackets To mount the sensor using the midmount brackets in a device rack 1 Use a flathead screwdriver to attach one rack mounting bracket to each side of the chassis with the bracket screws See Figure 10 and Figure 11 Figure 10 2 RU Device Midmount Bracket Rack Mounting the IDP Sensor m 19 IDP 75 250 800 and 8200 Installation Guide Figure 11 1 RU Device IDP 75 Midmount Brac
11. on page 9 Each sensor contains a USB port you can use for reimaging the sensors N CAUTION Both the console serial port and the management network interface port use the same RJ 45 connector Do not plug a network cable into the console serial port IDP Sensors m 7 IDP 75 250 800 and 8200 Installation Guide 8 nm IDP 75 Sensor IDP 250 Sensor IDP 800 Sensor IDP Sensors The IDP 75 sensor is optimal for small networks or low speed network segments Figure 5 shows the following features m One console serial port m One management network interface port m One USB port m Two copper Ethernet ports 10 100 1000 Mbps Figure 3 IDP 75 Front Panel e Juniper The IDP 250 sensor is optimal for medium central sites or large branch offices Figure 4 shows the following features m One console serial port One management network interface port m One dedicated high availability port One USB port m Two IOC slots each IOC containing four gigabit ports Figure 4 IDP 250 Front Panel The IDP 800 sensor is optimal for medium to large central sites or high traffic areas Figure 5 shows the following features m One console serial port One management network interface port m One dedicated high availability port Chapter 2 Hardware Overview m One USB port m Two IOC slots each IOC containing four gigabit ports wm Two built in copper Ethernet ports 10 100 1000 Mbps Figure 5 IDP 800 Fron
12. protecting your network To improve the performance and accuracy of your protection use the IDP Concepts amp Examples Guide and the NetScreen Security Manager Administrator s Guide to tailor your security policy to your network a NOTE You must update your attack objects to get the latest protection IDP Configuration Basics IDP Sensor Placement This section provides an introduction to IDP configuration basics An IDP configuration consists of the following components IDP sensor placement Decide where to position the sensor in the network IDP sensor placement mode Decide to use passive or active mode when deploying your IDP sensor NetScreen Security Manager Use NetScreen Security Manager NSM to administer the sensor Juniper Networks IDP sensor is an ideal solution to be implemented inline between gateway firewalls and DMZ or internal networks IDP sensor placement is an important part of the installation You should choose a location for your IDP sensor based on your existing network hardware and the networks you want to protect The examples provided in this guide place the IDP sensor behind the firewall or router IDP Sensor Deployment Mode IDP sensors can be installed individually or in high availability HA clusters of two or more IDP Configuration Basics For configurations without high availability you can deploy the IDP sensor as a passive sniffer or as an active gateway Passive Mode Th
13. run the attack database wizard This makes sure your attack database is up to date 2 From the domain menu select the domain in which to import the device 3 Select Device Manager gt Security Devices from the left navigation pane Figure 12 Adding Your Sensor to NSM m 29 IDP 75 250 800 and 8200 Installation Guide 30 m Adding Your Sensor to NSM Figure 12 Begin Add Device Procedure ond Log Viewer Report Manager E Security Devices Security Device Tree Securi HBS Log Investigator Device Manager E Security Devices Security Device Templates Q Policy Manager En Vsys Device jn ME B Extranet Device q 4 Object Manager E QU Server Manager Cluster E Realtime Monitor Security Monitor QR Job Manager lt P Audit Log Viewer fJ Action Manager Cluster Member 4 On the Security Devices age click the button and select Device to open the Add Device wizard Figure 15 a Typea name and select a color to represent the device in the UI b Select Device is Reachable default Figure 13 Add Device Wizard Device Name Hew Device Specify Device Name And Add Device Workflow Device Name TechPubsIDP600F 4 Color Device Exists Import Completes Workflow Device Is Reachable i e Static IP Address O Device ls Not Reachable Device Does Not Exist Update Completes Workflow O Model Device 5 Click Next to display the Specify Connection Settin
14. sensor Choose which mode you will run See Chapter 4 Installing the Sensor on page 17 4 Install the sensor on a rack See Chapter 4 Installing the Sensor on page 17 5 Log into the sensor using the console port to run the EasyConfig script This script lets you specify a sensor mode IP address netmask default gateway and date or time See Using the Console Serial Port to Configure the Sensor on page 22 You can use the default login name root and password abc1 23 for the sensor 6 Optional If you want to change your default login and password change port speeds or do more advanced configuration of the sensor use a Web browser to log into the sensor s Appliance Configuration Manager ACM You can reach it by typing https SensorlPAddress in the Address or Location box of your browser 7 Start the NSM GUI The default login ID is super Use the password you specified when you installed the NSM server Installation Roadmap mM 1 IDP 75 250 800 and 8200 Installation Guide 2 mm Add the sensor as an object in NSM using the Add Device wizard Select Device Manager Security Devices from the left navigational pane and then click the button See Adding Your Sensor to NSM on page 29 The Add Device Wizard creates a database entry in NSM for the sensor imports the sensor s configuration and loads the Juniper Networks Recommended policy onto the sensor At that point your sensor is actively
15. to Simple or Advanced Configuration Using the Management Port on page 25 Simple or Advanced Configuration Using the Management Port The IDP sensor management port provides two different but compatible configuration paths The QuickStart option lets you configure the default IDP settings quickly while the Appliance Configuration Manager ACM option lets you make more advanced changes to the sensor configuration After you log into the Web based tools using the management port you are presented with two options QuickStart and ACM If you want to do a simple configuration click QuickStart and fill out the fields based on the information in Table 12 on page 26 If you want to do an advance configuration click ACM and then click Start Configuration Wizard Fill out the fields in the wizard based on the information in Table 13 on page 26 Connecting to the Sensor m 25 IDP 75 250 800 and 8200 Installation Guide 26 m Connecting to the Sensor QuickStart Simple Configuration Table 12 provides the information you need for a simple configuration Table 12 Information Needed for QuickStart Configuration Field Configuration Information Device QuickStart offers the two most popular deployment modes If you want to Deployment use one of the other deployment modes use the ACM instead mode W Sniffer You want the sensor to report on security events but not take action to prevent them m Inline transpar
16. to be authenticated using RADIUS You can enable RADIUS authentication for CLI access ACM access or both m Enable configure SSH access This is optional Set if you want to access the sensor using a terminal window or if you want to be able to upload upgrade files to the sensor See the ACM online help for more information on system settings Management m IP address of the primary and secondary NSM GUI servers for this sensor and a one time password These values need to be set only if you are using the IP unreachable method of adding devices to NSM See the NetScreen Security Manager Administrator s Guide m Enable configure ACM access Set if you want ACM to start automatically when the sensor boots Otherwise you have to start ACM from the command line before you access it m Instant Virtual Extranet IVE communications Select Reset IVE OTP if you want to generate a one time password for IVE IDP communications Complete information for configuring IVE IDP communications is in the IVE documentation Done View the current configuration and then save and apply the configuration to the IDP sensor The Save Only option button tells the sensor to save the configuration into a working file but not to apply the configuration to the sensor The Save amp Apply option button tell the sensor to apply the changes You need to click Confirm Configuration and then reboot the IDP sensor for the changes to take effect Connecting to the Senso
17. 00 Only ssssssm REMOVE a Hard rye eoe utet pedo ere o OE Huet Installa Mard DIME ce emer Ee tai as Advanced Configuration Advanced Deployment Modes sssssssss eee Bridge Modes tddi a B t M m co o de ROUteLMOGE ster tinent ed eR sedeat eA et ME EIOXV ARP MOGQG pet t bete oet toten ed eese na dtes inet ide aa naa IDP High Availability Deployment Modes eee He Specifications IDP 75sTechnical Specifications t eee er REPRE RES IDP 250 Technical Specifications scs seiis hitann iena akaieie Table of Contents IDP 800 Technical Specifications ssssssssssssssss 50 IDP 8200 Technical Specifications sssssssssssssss cnn nn nn nnn cnn 51 AANA OIN Ta E t 52 EMI Compliance s ttt D e tet a e apt e e dabat 52 TEIN e E 52 Index 53 Table of Contents M v IDP 75 250 800 and 8200 Installation Guide vi m Table of Contents List of Figures Elguresiis onitter Mode Passive iets tet cioe Mm et eet a e te e UNE 5 Figure 2 Transparent Mode Inline Active Mikserda ae aeae 4 Figure 3 DE 75 Br nt Panel eoe cte sa deans ont te ie beet deste td 8 Figure 4 IDP 250 Front Patel ete tette bett EERS 8 Elgure 5 IDP 800 Front Panel ette deed edet edes ire tnn 9 Fig re 6 IDP 8200 Front Panels i uh e RU c ere 10 Eig re T Tae POTS tdt e t dee Reo dts 10 Figure 8 LEDs for Management and HA Ports 15 Figure 9 Rail with Hinged Rear Bracket oscilo eisi e aa eea 19 Figure 10 2 RU Devic
18. 15 Connecting Directly Using the Management Port You can configure your sensor by directly connecting to the management port with a crossover Ethernet cable The default IP address of the sensor is 192 168 1 1 in the Address or Location box To connect directly to the management port 1 Connect your computer directly to the sensor using an Ethernet cable Chapter 4 Configuring the IDP Sensor 2 Onaconnected computer open a Web browser Type https 192 168 1 1 gt NOTE Because the ACM uses an SSL connection you must type https before the IP address 3 Type the default user name root and password abc123 4 Skip to Simple or Advanced Configuration Using the Management Port on page 25 Connecting Remotely Using the Management Port To connect to the management port remotely over the network you must first have configured an IP address for the sensor See Using the Console Serial Port to Configure the Sensor on page 22 To connect remotely to the management port 1 Onaconnected computer open a Web browser 2 Type the URL of the ACM wizard using the IP address you configured For example if you configured the IP address 10 100 200 1 on the IDP sensor type https 10 100 200 1 in the browser s Address or Location box Ge NOTE Because the ACM uses an SSL connection you must type https before the IP address 3 Type the default user name root and password abc123 4 Go
19. 2 2 5 Protected Machines Table 14 Advantages and Disadvantages of Bridge Mode Advantages Disadvantages m Reliably responds to and prevents attacks m Cannot connect IP networks with different E Simple transparent deployment address spaces m Allows Layer 2 broadcasts W No changes to routing tables or network equipment 44 m Advanced Deployment Modes Router Mode Chapter 8 Advanced Configuration Figure 22 shows a sensor that is configured in bridge mode Table 15 lists the advantages and disadvantages of bridge mode Figure 22 Router Mode Firewall Internet Hub or Switch IDP Sensor 4 lt nk ethO IP 2 2 2 7 MGT Interface IP 192 168 0 2 eth2 IP 192 168 0 1 Forwarding Interface eth3 IP 1 1 1 1 Forwarding Interface SN Management Server IP 2 2 2 4 Hub or Switch 0 Server1 Server2 Server3 IP 1 1 1 2 IPA IP 1 1 1 4 GW 1 1 1 1 GW 1 1 1 1 Protected Machines GW 1 1 1 1 User Interface IP 2 2 2 5 Table 15 Advantages and Disadvantages of Router Mode Advantages Disadvantages m Reliably responds to and prevents attacks W Connects IP networks with different address spaces W Affects Layer 5 IP networks routing tables W Interfaces cannot be used in stealth mode The sensor itself can be the target of attacks Advanced Deployment Modes m 45 46 nm IDP 75 250 800 and 8200 Installation Guide
20. 3 lists the advantages and the disadvantages of using the sensor in active transparent inline mode Chapter 1 Planning an Installation Table 3 Advantages and Disadvantages of Transparent Mode Inline Active Advantages Disadvantages m Reliably responds to and prevents attacks W Cannot connect IP networks with different E Simple transparent deployment address spaces m Allows Layer 2 broadcasts W No changes to routing tables or network equipment W Forwards non IP traffic NetScreen Security Manager Use NetScreen Security Manager to administer the sensor See the NetScreen Security Manager Administrator s Guide to tailor your security policy to your network See the IDP Concepts amp Examples Guide to improve the performance and accuracy of your protection IDP Configuration Basics m 5 IDP 75 250 800 and 8200 Installation Guide 6 m DP Configuration Basics Chapter 2 Hardware Overview This chapter provides detailed descriptions of the Juniper Networks IDP sensors and their components This chapter has the following sections m IDP Sensors on page 7 m Traffic Ports Forwarding Interfaces on page 10 m Management Ports on page 15 m Hard Drives and USB Ports on page 15 m Power Supplies on page 15 m IDP Sensor LEDs on page 14 IDP Sensors This section provides an overview of the following IDP sensors m DP 75 Sensor on page 8 m IDP 250 Sensor on page 8 m IDP 800 Sensor on page 8 m IDP 8200 Sensor
21. Front Panel System Status LEDs Color Function LED Action Status Description Green Power W Stays on when powered on W Stays off when powered off Yellow Hard drive activity Flickers with activity Red Fault m Blinks slowly when a fan fails m Blinks quickly when system is overheated W Stays on when the power supply fails W Stays off when the system is functioning at a normal temperature Management and high availability HA ports each have two LEDs LINK and TX RX Figure 8 Management ports are on all sensors HA ports are available on the IDP 250 800 and 8200 sensors only Table 8 describes the LEDs for management and HA ports Chapter 2 Hardware Overview Figure 8 LEDs for Management and HA Ports LINK TX RX LINK TX RX Table 8 IDP Sensor Management and High Availability Port LED Port LED Description Status LINK Port connection Blinks amber to indicate activity on the port activity indicator TX RX Speed indicator m Stays off for 10 Mbps m Glows green for 100 Mbps m Glows amber for 1000 Mbps Traffic Port LEDs The IDP 75 250 800 and 8200 sensors each have two traffic status LEDs on each traffic port Table 9 IDP Sensor Traffic Port LEDs Indicator Location Color Status Speed Description Link Activity Left LED Green W Stays on when there is a link W Stays off when there is no link W Blinks when there is activity Link Speed Right LED None 10 M
22. bps Green 100 Mbps Yellow 1 Gbps Orange 10 Gbps Hard Drive LEDs on Front Panel The front panel of the sensors provide access to hard disk drives for 800 and 8200 sensors only Table 10 shows the hard drive LED definitions for the 800 and the 8200 sensors IDP Sensor LEDs m 15 IDP 75 250 800 and 8200 Installation Guide 16 nm Table 10 Hard Drive LED Definitions Front Panel LED Description Hard drive failure 800 and 8200 only The left LED on the hard drive The LED is off if the hard drive is functioning normally The LED is red if the hard drive has failed In addition the system emits a high pitch noise if a hard drive has failed The LED flashes red if the drive is being rebuilt Do not turn the power off unplug the unit or remove either drive while the drive is being rebuilt Hard drive activity 800 and 8200 only The right LED on the hard drive The LED flashes green to indicate hard drive activity Power Supply LEDs on Back Panel The back panel of the sensors provide access to power supplies on the 800 and 8200 sensors only Table 11 shows the power supply LED definitions for the 800 IDP Sensor LEDs and the 8200 sensors Table 11 Power Supply LED Definitions Back Panel LED Description Power Supply Status 800 and 8200 only The LED is located on the power supply above the plug socket It glows amber to indicate that the power supply is receiving power It g
23. chapter describes the service and maintenance of various components in your IDP sensors It has the following sections Replacing a Power Supply IDP 800 and 8200 Only on page 39 Replacing a Hard Drive IDP 800 and 8200 Only on page 40 Replacing a Power Supply IDP 800 and 8200 Only The power supplies on the IDP 75 and 250 sensors are in a fixed configuration so you cannot replace them The IDP 800 sensor has two hot swappable power supplies while the IDP 8200 sensor has three If a device has two replaceable power supplies you can hot swap one while the device is running Contact Juniper Networks if you want to purchase a spare power supply Remove a Power Supply To remove a power supply it 2 Go to the back of the device and locate the power supply you want to remove Locate the horizontal handle and the red lever in the upper left corner of the power supply Lift the handle and push the lever to the right to unlatch the power supply With the lever pushed to the right pull on the handle firmly to dislodge the power supply from its seating Let go of the lever and slide out the power supply from the handle Let go of the handle and use both hands to slide the power supply the rest of the way out Replacing a Power Supply IDP 800 and 8200 Only m 39 IDP 75 250 800 and 8200 Installation Guide Install a Power Supply You must have a power supply bay available before you can install a power supply
24. de One virtual router created for each pair of interfaces m DNS Disabled m NTP Disabled m SSH on management port Enabled m Run ACM process on sensor startup Enabled Advanced Configuration If you wish to use a sensor mode other than inline transparent or passive sniffer or if you do not want to use the default options for the other settings you will have to use the Appliance Configuration Manager See ACM Advanced Configuration on page 26 Connecting to the Sensor Your sensor has two management interfaces a console serial port and a management Ethernet port You can use either one to set the sensor IP address and other basic configuration parameters The console serial port is used only for configuring and troubleshooting After the sensor is configured you can disconnect the console port The management port however must be able to reach the NSM device server over the network For this reason you must give the sensor an IP address that the NSM device server can reach Using the Console Serial Port to Configure the Sensor Use this procedure if you want to set up your sensor in simple configuration or if you just want to set an IP address so the sensor is reachable over the network After the sensor s management interface settings are in place you can reconfigure the sensor over the network 22 m Connecting to the Sensor Chapter 4 Configuring the IDP Sensor To configure your sensor using the console ser
25. e Midmount Bracket eresi teera are arais enai 19 Figure 11 1 RU Device IDP 75 Midmount Bracket sssssse 20 Figure 12 Begin Add Device Procedure sssssssssssss 50 Figure 15 Add Device Wizard Device Name cerceii 30 Figure 14 Add Device Wizard Connection Settings 0 eee 31 Figure 15 Add Device Wizard Verification Settings 31 Figure 16 Add Device Wizard Retrieved Settings 32 Figure 17 Add Device Wizard Adding the Device 32 Figure 18 Add Device Wizard Importing the Device si nien ronie aiae 55 Figure 19 Viewing DEVICE SLatlls ita eer dri e e ene ede Plata doge I 55 Figure 20 Hard Drive Latch in Closed Position sicoiir eee 41 Figure 21 Bridge Mode exce alte e e o A Ae Ces 44 Figure 22 Ro ter Mode at AL e etg at need e ete 45 Figure 25 Proxy ARP Modes adeo e rig rb e ipd C 46 List of Figures m vii IDP 75 250 800 and 8200 Installation Guide viii m List of Figures List of Tables Tab Tab Tab Tab Tab Tab Tab Tab Tab Tab Tab Tab Tab Tab Tab Tab Tab Tab Tab Tab Tab Tab Tab Tab Tab Tab Tab Tab Tab Tab Tab Tab el e2 e 3 e4 e5 e6 eT e 8 e9 000000000 0 10 FI 12 13 14 15 16 17 18 19 e 20 e 21 e 22 e 23 e 24 e 25 e 26 e 27 e 28 e 29 e 30 e3l e32 Notice M eoque S xi Advantages and Disadvantages of Sniffer Mode Passive 4 Advantages and Disadvantages of Tra
26. e hard drive is rebuilt Rebuilding the hard drive could take 30 minutes or longer N CAUTION Leave both drives in place until the hard drive array is rebuilt Removing either drive while the hard drive array is rebuilding can damage the system Replacing a Hard Drive IDP 800 and 8200 Only m 41 IDP 75 250 800 and 8200 Installation Guide 42 m Replacing a Hard Drive IDP 800 and 8200 Only Chapter 8 Advanced Configuration This chapter describes advanced configuration options and has the following sections m Advanced Deployment Modes on page 45 m IDP High Availability Deployment Modes on page 46 Advanced Deployment Modes Most IDP sensors are configured in passive sniffer or transparent mode However the IDP 75 250 and 800 sensors can also be configured in bridge router or proxy ARP mode Bridge Mode Figure 21 shows a sensor that is configured in bridge mode Table 14 lists the advantages and disadvantages of bridge mode Advanced Deployment Modes m 43 IDP 75 250 800 and 8200 Installation Guide Figure 21 Bridge Mode Internet Hub or Firewall Switch IP 1 1 1 1 eth2 No ip address IDP Sensor Forwarding Interface Management Server 3 IP 2 2 2 4 ethO IP 2 2 2 7 MGT eth3 Interface No IP address Forwarding Interface N Hub or Switch u u l Server1 Server2 Server3 IP 1 1 1 2 IP 1 1 1 3 IP 1 1 1 4 GW 1 1 1 1 GW 1 1 1 1 GW 1 1 1 1 User Interface IP 2
27. e sniffer mode is passive In sniffer mode the IDP is not directly involved with packet flow While it can send resets protection is not guaranteed as attacks may have already happened before the reset can be acted upon In addition attacker machines may ignore resets Chapter 1 Planning an Installation To use an IDP sensor as a passive intrusion detection system without prevention capabilities deploy the sensor in passive sniffer mode to monitor and log network traffic If the sensor is attached to a network switch you must configure the switch to mirror all traffic to that port The IDP sensor defaults to sniffer mode m Active mode The gateway inline mode is active This mode takes full advantage of IDP attack prevention capabilities and multimethod detection mechanisms With inline modes the sensor is directly involved in the packet flow The sensor can stop attacks by dropping malicious packets before they reach their target Inline sensors are typically configured in transparent mode For other inline modes see Advanced Configuration on page 43 gt NOTE For IDP 8200 Release 4 2 only transparent mode is available One step in setting up IDP on your network is to decide on a deployment mode Figure 1 and Figure 2 illustrate the possible deployment modes and their primary advantages and disadvantages Figure 1 Sniffer Mode Passive a on Firewall AA IP 1 1 1 1 Hub or Mirror
28. enabled When sensor becomes unavailable ports mechanically join in a crossover Traffic continues to flow but sensor does not examine traffic External Transparent Sensor failure only While sensor is active it passes NSRP bypass unit mode only packets even if Layer 2 bypass is disabled On failure external bypass unit passes traffic around the sensor Note This is a global setting If set for any NIC NSRP packets are allowed for all NICs NICS off All inline W Sensor failure While sensor is active it does not pass modes m Graceful NSRP packets unless Layer 2 bypass is shutdown enabled for transparent mode When sensor fails or when the sensor software is shut down NICs turn off even if sensor still has power Normal State When the IDP is active and NICs are in the normal state NICs only pass Layer 2 traffic if in transparent mode and if Layer 2 bypass is enabled NSRP packets are not passed so external bypass units do not behave correctly NIC Bypass State Ethernet copper ports on the IDP 75 250 800 and 8200 sensors all have built in port bypass with crossover Port bypass only works if the sensor is configured for transparent mode If a sensor fails or is shut down while in transparent mode the pair of copper ports will automatically fail into a crossover connected state and traffic will flow through them to and from the rest of the network without being analyzed NIC bypass works using a watchdog timer Each p
29. ent You want traffic to flow through the sensor In this mode the sensor can block or drop traffic that violates security parameters Management The IP address of the sensor management interface Interface IP Address Management The netmask for the management interface IP address Interface Netmask Default Route Your network s default route Time Timezone Date The time zone date and time where the sensor resides Other settings All other settings are the same as for Simple Configuration on page 21 ACM Advanced Configuration The ACM controls advanced configuration options such as RADIUS DNS and SSH configurations The sections listed in Table 15 correspond to sections in the ACM wizard To start the wizard open ACM then select ACM from the initial page For detailed information about ACM see the ACM online help Table 13 Information Needed for ACM Configuration Section Configuration Information Setup W IDP sensor root and admin passwords default is abc123 W The new passwords you want to assign to the root and admin accounts m The fully qualified domain name that you want to assign to the sensor Example Sensor1 example com Mode m Deployment mode you have chosen sniffer router bridge transparent or proxy ARP If the mode you wish to use is already selected select it again to progress to the next screen The following modes are not available on the IDP 8200 sen
30. ess Enter 9 Reconnect the HA cable after upgrading all of the sensors in the cluster 10 In NSM right click the sensor in Device Manager and then select Adjust OS Version Reimaging the IDP Sensor Each IDP sensor comes with software preinstalled However if you need to reload the software onto your sensor you can use the USB stick that was shipped with the sensor This process is known as imaging Ss NOTE You will need to reinstall the license when reimaging the IDP sensor Contact JTAC for information on how to obtain your license information Go to Requesting Technical Support on page xii for information on how to contact JTAC To reimage the IDP sensor 1 Connect a PC to the console serial port of the device using the serial cable provided with the IDP sensor 2 Power off the IDP sensor 3 Insert the Restore Media USB stick into the USB flash drive on the front of the sensor 4 Power on the IDP sensor The sensor boots from the USB stick and runs the reimaging process Follow any prompts on the serial console When instructed to do so at the end of the imaging process reboot or power cycle the IDP sensor 5 When the process is complete configure the IDP sensor according to the instructions in Chapter 5 Configuring the IDP Sensor on page 21 Reimaging the IDP Sensor m 37 IDP 75 250 800 and 8200 Installation Guide 38 m Reimaging the IDP Sensor Chapter 7 Servicing the Device This
31. gs dialog box Figure 14 Chapter 5 Adding the Sensor to NSM Figure 14 Add Device Wizard Connection Settings Hew Device Specify Connection Settings IP Address 10 100 37 224 Admin User Name admin sid Root User Password for IDP Device p Oooo Connect To Device With BissHversin2 Port Number Click Next to continue 6 Enter the following connection information Ge NOTE All passwords handled by NetScreen Security Manager are case sensitive a Enter the IP address of the sensor b Enter admin in the Admin User Name box c Enter the password for the admin user name The default password is abc1 23 d Enter the password for the device root user The default password is abc1 23 e Select SSH Version 2 as the connection method Leave the port number as 22 f Click Next to open the Verify Device Authenticity dialog box Figure 15 After a moment the wizard displays the SSH key fingerprint information Figure 15 Add Device Wizard Verification Settings Hew Device Verify Device Authenticity Device SSH Key 14 91 00 04 b7 61 00 77 45 c3 cc bd af b3 5b a2 Click Next to amp ccept the Device SSH Key Adding Your Sensor to NSM m 31 IDP 75 250 800 and 8200 Installation Guide 7 Verify the SSH key fingerprint to prevent man in the middle attacks a Connect a PC or terminal to the IDP sensor using the console serial port b Log in as root c Type cd etc
32. ial port do the following 1 Connect one end of the provided RJ 45 null modem serial cable to the CONSOLE port located on the front of the sensor chassis Connect the other end of the cable to the serial port of your workstation Open a terminal emulation package such as Microsoft Windows HyperTerminal or XModem The settings for the software should be as follows m 9600 bps m 8 data bits m No parity generation or checking m 1 stop bit m No flow control m The serial port number where you connected the cable Turn on the IDP sensor If nothing appears in the terminal window press Enter to display the boot messages Log into the IDP sensor as name root and password abc1 23 The EasyConfig script runs automatically The following text appears Configuring the deployment mode The currently supported deployment modes in EasyConfig are the following 1 Sniffer default 2 Inline transparent Choose the deployment mode 1 Press 1 or 2 depending on which mode you want to use and then press Enter The following text appears Configuring Management interface The management interface is currently configured as IP 192 168 1 1 Mask 255 255 255 0 What IP address do you want to configure for the management interface 192 168 1 1 Type an IP address and press Enter The following text appears What netmask do you want to configure for the management interface 255 255 255 0 Type your netmask and pres
33. ical Specifications on page 51 m Safety Compliance on page 52 m EMI Compliance on page 52 m Immunity on page 52 47 IDP 75 250 800 and 8200 Installation Guide IDP 75 Technical Specifications Tables 17 20 list the physical AC power power cord and environmental technical specifications for the IDP 75 sensor Table 17 Physical Specifications Specification Value Height 1 RU 1 3 inches Width 17 inches Depth 15 inches Weight 14 5 lbs Table 18 AC Power Specifications Specification Nominal Value Acceptable Range AC input voltage 110 220 VAC single phase 90 to 255 VAC AC input line frequency 50 60 Hz 47 to 63 Hz AC input current 4 A 110 VAC 2 A 220 VAC Table 19 Power Cord Specifications Country Specifications United States and Canada W UL approved and CSA certified m Flexible cord minimum spec No 18 1 5 mm Type SVT or SJT 3 conductor m Current capacity of 10 A minimum m Earth grounding attachment plug with NEMA 5 15P 10 A 125 V configuration Table 20 Environmental Specifications Specification Value Operating environment 0 to 35 C ambient Non operating environment 10 to 709 C 48 m DP 75 Technical Specifications Appendix A Specifications IDP 250 Technical Specifications Tables 21 24 list the physical AC power power cord and environmental technical specifications for the IDP 250 sensor Table 21 Physical Specificati
34. ides the basic procedures for getting your IDP system running With each major software release Juniper Networks provides the IDP Documentation CD The CD contains the documentation set in PDF format The IDP documentation set includes the following books Release Notes Contain the latest information about features changes known problems and resolved problems If the information in the Release Notes differs from the information found in the documentation set follow the Release Notes Intrusion Detection and Prevention Concepts amp Examples Guide Explains basic concepts of the IDP system and provides examples of how to use the system IDP 75 250 800 and 8200 Installation Guide this manual Describes the hardware components of the IDP 75 250 800 and 8200 sensors Provides instructions for rack mounting cabling basic configuration management server installation and user interface installation Online Help Available through the IDP Appliance Configuration Manager ACM The online help provides explanations for sensor configuration options as well as step by step directions for performing common tasks Web Access for Documentation To view the documentation on the Web go to http www juniper net techpubs software management idp Requesting Technical Support W Documentation Technical product support is available through the Juniper Networks Technical Assistance Center JTAC If you are a customer with an ac
35. ime for all the data from the second drive to be mirrored over to the new drive Do not remove either drive during a rebuild Remove a Hard Drive SCSI hard drives are accessible from the front panel of the sensor L 2b OTE We recommend replacing a hard drive only when the sensor is powered n 40 m Replacing a Hard Drive IDP 800 and 8200 Only Chapter 7 Servicing the Device To remove a hard drive 1 On the front of the device identify the hard drive you want to remove 2 Locate the blue release latch on the right side of the drive See Figure 20 Figure 20 Hard Drive Latch in Closed Position 3 Press and hold down the latch to release the handle and then pull the handle open 4 Use one hand to hold the drive from underneath and the other hand to remove the drive completely from the bay Install a Hard Drive To install a hard drive 1 Unclip the latch on the right side of the handle 2 Open the handle to its fully extended position 3 Begin to slide the drive into the bay 4 Gently slide the drive the rest of the way into the bay and snap it into place 5 Close the drive handle up until the latch clicks into place After a few moments the warning noise ceases The red failure LED on the new drive begins to flash indicating that the hard drive is rebuilding Then the hard drive activity LED on both drives will flash indicating activity on both drives When the red failure LED stops flashing th
36. ions ssssssssssssss iaria 50 Environmental SpecitiCcationis kde m mdr Be NE 50 Physical Specifications aieo ia 51 AC Power Specifications ux ord o ee tendo R 51 Power Cord Specifications c ose dee e e eletti testes 51 Environmental SpecitiCatiotis ide ete sicker eee 51 List of Tables W ix IDP 75 250 800 and 8200 Installation Guide X W List of Tables About This Guide Audience Conventions This guide describes the physical features of Juniper Networks Intrusion Detection and Prevention IDP solution the IDP 75 IDP 250 IDP 800 and IDP 8200 sensors It also explains how to install configure update reimage and service the IDP system This preface has the following sections Audience on page xi Conventions on page xi Documentation on page xii Requesting Technical Support on page xii This guide is intended for experienced system and network specialists The term sensor is used to denote an IDP 75 250 800 or 8200 appliance Table 1 defines notice icons used in this guide Table 1 Notice Icons Icon Meaning Description gt Informational note Indicates important features or instructions Caution Indicates that you may risk losing data or damaging your N hardware Warning Alerts you to the risk of personal injury Ay Audience m xi xii IDP 75 250 800 and 8200 Installation Guide Documentation This guide is shipped in the box with all new IDP sensors It prov
37. ket 2 Place the chassis into position between rack posts in the equipment rack and align the rack mounting bracket holes with the rack post holes AN CAUTION Be sure to leave at least two inches of clearance on the sides of each chassis for the cooling air inlet and exhaust ports 3 Attach the rack mounting brackets on each chassis to the rack with the appropriate rack screws 4 For 2 RU devices only Attach the other two midmount brackets to the chassis and the back of the rack to hold the device securely in place Connecting Power E NOTE Power is provided to the IDP sensor using 90 264 VAC from your facility To connect power to your sensor 1 Connect the provided power cable to the receptacle on the power supply at the rear of each chassis 2 Connect the other end of the power cable to the electrical outlet 3 For IDP 800 and 8200 sensors only Connect the second power cable to the receptacle on the second power supply This step is optional for the IDP 8200 sensor 4 For IDP 800 and 8200 sensors only Connect the other end of the second power cable to the electrical outlet This step is optional for the IDP 8200 sensor NOTE If you have two power supplies and do not connect both of them the PS FAIL warning light illuminates and the sensor emits a warning tone when it is turned on 20 m Connecting Power Chapter 4 Configuring the IDP Sensor This chapter describes how to connect t
38. lows green to indicate that the power supply is powering the unit If a power supply has failed or is not receiving power the system emits a high pitched whine Chapter 3 Installing the Sensor This chapter describes how to install the IDP sensor in an equipment rack This chapter has the following sections m General Installation Guidelines on page 17 m Rack Mounting the IDP Sensor on page 18 m Connecting Power on page 20 General Installation Guidelines Observing the following precautions can prevent injuries equipment failures and shutdowns A WARNING Never assume that the power supply is disconnected from a power source Always check first N CAUTION Room temperature might not be sufficient to keep equipment at acceptable temperatures without an additional circulation system Ensure that the room in which you operate the IDP sensor has adequate air circulation m Do not work alone if potentially hazardous conditions exist m Look carefully for possible hazards in your work area such as moist floors ungrounded power extension cables frayed power cords and missing safety grounds G NOTE Although you can place the IDP sensor on a desktop for operation we do not recommend deploying it in this manner N CAUTION To prevent abuse and intrusion by unauthorized personnel it is extremely important to install the IDP sensor in a locked room environment General Installation Guidelines m 17
39. nsparent Mode Inline Active 5 INIC StateODtlOnsio states Sige tines Moe dt oeste Mas tae M ec eset Pat 11 IDP Sensor DIVES 8 iei iet hte ber lo bred Pe lll ste edente etd 15 IDP Sensor Power Supplies sssssssss tees een eeaeeenenes 14 Front Panel System Status LEDS sssssssssse 14 IDP Sensor Management and High Availability Port LED 15 IDP Sens r Tratfic Port LEDS dl e 15 Hard Drive LED Definition S alii da 16 Power Supply LED Definitions ccc eee ee eee eetennetteeeeees 16 Information Needed for QuickStart Configuration 26 Information Needed for ACM Configuration 26 Advantages and Disadvantages of Bridge Mode ssse 44 Advantages and Disadvantages of Router Mode 45 Advantages and Disadvantages of Proxy ARP Mode 46 Physical Specifications ie o e e eret E emer EH i as 48 AC Power Specifications x ee eget e ote aa ts 48 Power Cord Specifications sssssssssssssss nono no nonnnnnnnnnos 48 Environmental Specifications ssssss 48 Phiysical Sp cificationisss see eher ec entere recita 49 AC Power Specifications uir de tore e eer opo qu eset 49 Power Cord Specifications sssssssssssssss nono no nononnnnnnnns 49 Environmental SpecifiCatiONS ooooooonoococccccccccccoconcnnnnnonnnnnnnnnnnnnnnnnnos 49 Physical Sp cificationissss sente eee es eds 50 AC Power Specifications uer d tope eed e petes 50 Power Cord Specificat
40. nt 4 A 110 VAC 2 A 220 VAC Table 27 Power Cord Specifications Country Specifications United States and Canada W UL approved and CSA certified m Flexible cord minimum spec No 18 1 5 mm Type SVT or SJT 3 conductor m Current capacity of 10 A minimum m Earth grounding attachment plug with NEMA 5 15P 10 A 125 V configuration Table 28 Environmental Specifications Specification Value Operating environment 0 to 35 C ambient Non operating environment 10 to 709 C 50 m DP 800 Technical Specifications Appendix A Specifications IDP 8200 Technical Specifications Tables 29 32 list the physical AC power power cord and environmental technical specifications for the IDP 8200 sensor Table 29 Physical Specifications Specification Value Height 2 RU 2 9 inches Width 17 inches Depth 20 5 inches Weight 36 5 lbs Table 30 AC Power Specifications Specification Nominal Value Acceptable Range AC input voltage 110 220 VAC single phase 90 to 255 VAC AC input line frequency 50 60 Hz 47 to 63 Hz AC input current 4 A 110 VAC 2 A 220 VAC Table 31 Power Cord Specifications Country Specifications United States and Canada W UL approved and CSA certified m Flexible cord minimum spec No 18 1 5 mm Type SVT or SJT 3 conductor m Current capacity of 10 A minimum m Earth grounding attachment plug with NEMA 5 15P 10 A 125 V config
41. o the IDP sensor and configure the device for your network After you have configured the sensor you need to connect the device in your network This chapter has the following sections Initial Configuration Options on page 21 Connecting to the Sensor on page 22 Connecting Forwarding Interfaces on page 28 Verifying Traffic Flow on page 28 Connecting the High Availability Port on page 28 Initial Configuration Options When you first configure your sensor you can choose a simple configuration that sets options to the most commonly used settings or you can do an advanced configuration that allows you to choose each option individually Simple Configuration A simple configuration can be done using the console serial port and the EasyConfig utility or through the management port and the QuickStart utility Simple Configuration Settings A simple configuration lets you specify the following settings Sensor mode inline transparent or passive sniffer IP address Netmask Default gateway Time and time zone Initial Configuration Options m 21 IDP 75 250 800 and 8200 Installation Guide Simple Configuration Values A simple configuration has the following settings and values m Root password abcl 23 m Fully qualified domain name Blank m High availability mode Disabled m RADIUS support Disabled m Network interfaces Auto m Virtual routers m Sniffer mode One virtual router created vrO m Transparent mo
42. omate ADM Transformation to automatically update the Abstract Data Model ADM for the device after NSM installs the firmware If you clear the Automate ADM Transformation checkbox the firmware is installed onto the device but you cannot manage the device from NSM until the device ADM is updated Click Finish to display upgrade status in the Job Information dialog box When the upgrade finishes click Close to exit the Job Information dialog box Updating IDP Sensor Software Without NSM New versions of the IDP sensor software may be made available online or on a CD ROM To install the new software Verify that you have SSH enabled for the Management Port ethO To enable SSH access ACM by typing https sensorlPaddress in the Address or Location box of the Web browser Then select Modify SSH Access from the ACM home page and follow the prompts access ACM by typing https sensorlPaddress in the Address or Location box of the Web browser Download the sensor software from Juniper Networks and copy the file to the tmp directory of the sensor Unplug the HA port cable if one is attached Log into the IDP sensor as root using the console serial port Change to the tmp directory Type sh sensor_ lt version gt sh and press Enter The sensor update script runs 36 m Updating IDP Sensor Software Without NSM Chapter 6 Updating Software on the Sensor 7 Reboot the device when the script is finished 8 Type reboot and pr
43. ons Specification Value Height 2 RU 2 9 inches Width 17 inches Depth 20 5 inches Weight 29 5 lbs Table 22 AC Power Specifications Specification Nominal Value Acceptable Range AC input voltage 110 220 VAC single phase 90 to 255 VAC AC input line frequency 50 60 Hz 47 to 63 Hz AC input current 4 A 110 VAC 2 A 220 VAC Table 23 Power Cord Specifications Country Specifications United States and Canada W UL approved and CSA certified m Flexible cord minimum spec No 18 1 5 mm Type SVT or SJT 3 conductor m Current capacity of 10 A minimum m Earth grounding attachment plug with NEMA 5 15P 10 A 125 V configuration Table 24 Environmental Specifications Specification Value Operating environment 0 to 35 C ambient Non operating environment 10 to 709 C IDP 250 Technical Specifications m 49 IDP 75 250 800 and 8200 Installation Guide IDP 800 Technical Specifications Tables 25 28 list the physical AC power power cord and environmental technical specifications for the IDP 800 sensor Table 25 Physical Specifications Specification Value Height 2 RU 2 9 inches Width 17 inches Depth 20 5 inches Weight 33 5 lbs Table 26 AC Power Specifications Specification Nominal Value Acceptable Range AC input voltage 110 220 VAC single phase 90 to 255 VAC AC input line frequency 50 60 Hz 47 to 63 Hz AC input curre
44. or SPAN port if a switch Switch straight through cable 39 IDP Sensor User Inte IP 2 2 2 5 MGT ethO IP 2 2 2 7 port 0 U 0 Serveri Server2 Server3 IP 1 1 1 2 IP 1 1 1 3 IP 1 1 1 4 GW 1 1 1 1 GW 1 1 1 1 GW 1 1 1 1 Protected Machines Table 2 lists the advantages and the disadvantages of using the sensor in passive sniffer mode IDP Configuration Basics m 3 IDP 75 250 800 and 8200 Installation Guide 4 m IDP Configuration Basics Table 2 Advantages and Disadvantages of Sniffer Mode Passive Advantages Disadvantages m Seamlessly replaces the current intrusion W Passively monitors with limited prevention detection only W Causes minimal network changes m Requires a hub or the Switched Port Analyser W Does not create an additional SPAN port of a switch point of failure gateway W Monitors and logs suspicious network activity Figure 2 Transparent Mode Inline Active IDP Sensor DESIT ethO IP 2 2 2 7 MGT eth3 Interface Internet Hub or Firewall Switch IP 2 2 2 1 a IP 1 1 1 1 eth2 No ip address Forwarding Interface SEED Management Server IP 2 2 2 4 No IP address Forwarding Interface Hub or Switch BEE User Interface Server1 IP 1 1 1 2 GW 1 1 1 1 r Server2 Server3 IP 1 1 1 3 IP 1 1 1 4 GW 1 1 1 1 GW 1 1 1 1 Protected Machines Table
45. ort pair has a timer The sensor sends each timer a reset signal every second If a timer does not receive a reset signal for three seconds or the configured time period the bypass is activated After the bypass is activated the timer continues listening for a reset signal When IDP becomes active again it sends a reset signal When the timer receives the reset signal the bypass deactivates automatically and the sensor goes back to normal operation When NICs are in NIC bypass state prior to shutdown or failure they only pass Layer 2 traffic if in transparent mode and if Layer 2 bypass is enabled NSRP packets are not passed Traffic Ports Forwarding Interfaces m 11 IDP 75 250 800 and 8200 Installation Guide The fiber Ethernet ports are standard interfaces and do not incorporate the integrated bypass feature Automatic bypass is available for fiber ports through third party devices NIC Bypass and Cable Choices When NIC bypass becomes active it physically connects the pair of forwarding interfaces to each other with a crossover cable If you are connecting devices that support auto MDIX medium dependent interface crossover to automatically switch to the proper configuration after a cable is connected and then you can use whatever cables you want because auto MDIX negotiates the correct connection However if neither of the devices supports auto MDIX and then you need to take special care to choose the right cables S
46. r 2 bypass is enabled The difference is this when the sensor software becomes unavailable because of graceful shutdown or unexpected failure the NICs turn off and no longer appear live to other devices on the network This setting is not global It must be selected for each interface pair and in each mode after system unavailability and after graceful shutdown 12 m Traffic Ports Forwarding Interfaces Chapter 2 Hardware Overview Peer Port Modulation After peer port modulation PPM is enabled the sensor deactivates all the interfaces in that virtual router if the link goes down for any of the interfaces in a virtual router All devices connected to the virtual router will detect a port failure and must be configured to take appropriate action You cannot enable NIC bypass and PPM on the same sensor On the IDP 75 250 800 and 8200 sensors m PPM works on both copper and fiber interfaces m PPM works by turning off appropriate interfaces Because of this interface speeds can be set to auto on the sensor and on attached switches Management Ports These ports are provided on all IDP sensors Console Serial Port The console serial port provides access using an RJ 45 connector to the sensor s command line interface CLI Management Port The management port provides access to the ACM to the sensor through 10 100 1000 Mbps Ethernet The ACM is accessed from the management port and entering the correct URL in a brow
47. r m 27 IDP 75 250 800 and 8200 Installation Guide In proxy ARP or router mode if you are using multiple subnets in your protected network you must configure static routes on the IDP sensor to these subnets Without static routes incoming traffic to those subnets can be lost Alternatively you can create a static route from the IDP sensor to an internal gateway that contains inbound routes to the protected subnets This does not apply to the IDP 8200 sensor Connecting Forwarding Interfaces Connect the ports on the sensor to either the protected network or the external network See Planning an Installation on page 1 for the configuration you chose to implement See NIC Bypass and Cable Choices on page 12 for information on using NIC bypass with transparent mode Inline transparent mode makes use of pairs of interfaces On most sensors the pairs are horizontal port pairs O 1and 2 3 on each NIC Traffic in inline transparent mode only flows between paired interfaces You cannot have traffic flow from port O to port 2 for example in inline transparent mode Other modes such as router and proxy ARP mode do support non paired interfaces Verifying Traffic Flow To verify that traffic is flowing through your sensor 1 Make sure your sensor is connected to a live traffic feed 2 Logonto the sensor as root using the console serial port or open an SSH connection to the management port 5 Type sctop and press Enter
48. receiver is connected Caution Changes or modifications to this product could void the user s warranty and authority to operate this device Disclaimer THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY CONTACT YOUR JUNIPER NETWORKS REPRESENTATIVE FOR A COPY Table of Contents About This Guide xi O xi CONVE Si A A va ened a d nde ee Meo xi Docurnentatlorm x aia xii Web Access for Documentation sssssssssssss emen xii Requesting Technical Support icon iii an edes rens hp ove ade e EUREN VE xii Self Help Online Tools and Resources ssssssssssss xiii Chapter 1 Planning an Installation 1 IDP Configuratior BASICOS es eve cie erede tede tie ia 2 IDP SENSOr Placement tod ere t a 2 IDP Sensor Deployment Mod s rte ere E Haro ee re tees 2 Netser en Security Manager ns a ee setae 5 Chapter 2 Hardware Overview 7 IDP SCM SOLS cs 3c se Senate eu a rh ERE ve eR 7 IDP SENS e it iii 8 IAS te cse BA ee ee Ge HR VE oun eas 8 IDP 800 SenSOr ecce sac c s sedem ideni e YR He S LERRA 8 IDP 8200 Sensotz ccc eee ER EIN ada 9 Traffic Ports Forwarding Interfaces 2 teet em ee Pct t tea Pl nes 10 Contigurable NIC States settore tte tta p ete nd 10 Normal Stater Treinee tees bone 11 NIC Bypass Stale tee Pte me eb O de ETE
49. s Enter Connecting to the Sensor m 23 IDP 75 250 800 and 8200 Installation Guide The system configures your interfaces The following text appears Configuring default route The current default route is X X X X Do you want to change the default route y n n 9 Type Y and then press Enter The following text appears What IP address do you want to configure as default route X X X X 10 Type your default route gateway address and press Enter The system asks if you want to change the system time Configuring system time Currently configured time is Wed Jan 18 16 32 32 PST 2006 Do you want to change the system time y n n 11 Type N if the time is correct If the time is not correct type Y and follow the prompts to change the system time Configuration of the management port is now complete EasyConfig does not run the next time you log into the sensor Using the Management Port to Configure the Sensor 24 m Connecting to the Sensor You can choose a simple or advanced configuration for the sensor using the management port To connect the dedicated management port 1 Attach your Ethernet cable to the dedicated management RJ 45 port MGT located at the front of the chassis 2 Connect the other end of your Ethernet cable to a switch or hub recommended or to a standalone computer Verify that the link LED on the management port is green indicating a proper connection See Table 8 on page
50. s Recommended policy The Job Information dialog shows box the status of the Update Device job Checking the Status of Your Sensor When the update device job finishes move the mouse pointer over the device in Device Manager to check the device status The configuration state Managed indicates that the device is connected and that the management system has successfully imported the device configuration Figure 19 Figure 19 Viewing Device Status Security Devices Security Device Tree Security Device List 88 EI Security Devices qa TechPubsIDPSOOF A TechPubsIDP600F A Device Type NS IDP 600F Managed OS Yersion IDP4 1 Running OS Version IDP4 1 93690 IP Address 10 100 37 224 Domain global Connection State Up Configuration State Managed Validation status Valid NSM is now managing your sensor See the IDP Concepts amp Examples Guide for more information on managing your sensor Checking the Status of YourSensor m 33 IDP 75 250 800 and 8200 Installation Guide 34 m Checking the Status of Your Sensor Chapter 6 Updating Software on the Sensor This chapter describes how to update the software on an IDP sensor It has the following sections m Updating IDP Sensor Software Using NSM Firmware Manager on page 35 m Updating IDP Sensor Software Without NSM on page 36 m Reimaging the IDP Sensor on page 57 Updating IDP Sensor Software Using NSM Firmware Manager You can
51. se Manager http www juniper net customers cm To verify service entitlement by product serial number use our Serial Number Entitlement SNE Tool https tools juniper net SerialNumberEntitlementSearch Opening a Case with JTAC You can open a case with JTAC on the Web or by telephone Use the Case Manager tool in the CSC at http www juniper net customers cm Call 1 888 314 JTAC 1 888 314 5822 toll free in USA Canada and Mexico For international or direct dial options in countries without toll free numbers visit us at http www juniper net customers support requesting support Requesting Technical Support m xiii IDP 75 250 800 and 8200 Installation Guide xiv m Requesting Technical Support Chapter 1 Planning an Installation This chapter provides an overview of IDP configuration options This chapter has the following sections m Installation Roadmap on page 1 m IDP Configuration Basics on page 2 Installation Roadmap This section provides a high level roadmap of an IDP sensor installation With each step is a reference to more information 1 Install the NetScreen Security Manager NSM server onto a dedicated host or hosts See the NetScreen Security Manager Installation Guide for installation instructions 2 Install the NSM GUI on a Windows or Linux client machine See the NetScreen Security Manager Installation Guide for installation instructions 3 Decide on a place in your network for the
52. ser window https SensorlPAddress ec NOTE Although both the console serial port and the management port use RJ 45 connectors do not plug the network cable into the console serial port Hard Drives and USB Ports Power Supplies Table 5 describes the hard drives and USB ports available on each sensor Table 5 IDP Sensor Drives IDP Sensor Drives 75 250 m One USB port W One internal hard drive 800 8200 m One USB port W Two externally accessible hot swappable RAID 1 mirrored hard drives Table 6 describes the types of power supplies available on each sensor Management Ports m 13 IDP 75 250 800 and 8200 Installation Guide 14 m IDP Sensor LEDs System Status LEDs Management and High Availability Port LEDs IDP Sensor LEDs Table 6 IDP Sensor Power Supplies IDP Sensor Power Supplies 75 One fixed power supply 250 One removable power supply 800 8200 Two removable hot swappable power supplies Both sensors are shipped with the AC power supply The DC power supplies are optional as FRUs This section describes the LEDs for the following IDP sensor components m System status m Management and high availability ports m Traffic ports m Hard drives m Power supply back panel The IDP 75 250 800 and 8200 sensors each have three system status lights on the front panel to indicate power hard drive activity and overheating See Table 7 Table 7
53. sor router bridge and proxy For transparent mode specify whether to enable Layer 2 bypass Your need for HA See Planning an Installation on page 1 More information on HA modes can be found in the NetScreen Security Manager Administrator s Guide Chapter 4 Configuring the IDP Sensor Table 13 Information Needed for ACM Configuration continued Section Configuration Information Networking m Speed and duplex settings for IDP sensor interfaces Normally these can be set to auto detect With some switches the speed and duplex settings have to be set manually m The VLAN interfaces you want to configure Virtual LANs are not available for transparent or sniffer mode though security policies can apply rules based on VLAN tagging in these modes m The virtual router information you want to configure More information on virtual routers can be found in the NetScreen Security Manager Administrator s Guide m The IP address and netmask for the management interface m Forwarding interface information such as which ports will be connected to which external devices m Routing table System m Enable configure DNS This is optional Set if you want the sensor to be able to do DNS lookups W Time and time zone m Enable configure NTP This is optional Set if you want the IDP device to get its time information from an NTP server m Enable configure RADIUS support This is optional Set if you want certain users
54. ssh and press Enter d Type ssh keygen 1 f ssh_host_dsa_key and press Enter You see something similar to this 1024 f4 91 d0 04 b7 61 00 77 45 c3 cc bd af b3 5b a2 ssh_host_dsa_key pub 8 After you have verified the key click Next to display device information retrievable by NSM Figure 16 This takes a moment Figure 16 Add Device Wizard Retrieved Settings Hew Device Auto Detecting Device IP Address 10 100 37 224 Device Type NS IDP 600F Managed OS Version IDP4 1 Running OS Version IDP4 1 93690 Support Level Full Support Serial Number 0148032005000004 IDP Mode Transparent Device autodetected successfully Click Next To Proceed 9 Verify that the device type OS version device serial number and device mode are correct 10 Click Next to add the sensor to NSM as a managed device See Figure 17 Figure 17 Add Device Wizard Adding the Device New Device Adding device Device has been added to NSM and is ready for Import Click Next to Import Device Config 11 Click Next to have NSM import settings already present on the sensor See Figure 18 32 m Adding Your Sensor to NSM Chapter 5 Adding the Sensor to NSM Figure 18 Add Device Wizard Importing the Device New Device Importing Device Device Imported Successfully to NSM Click Finish to Update the Device with Recommended Policy 12 Click Finish to update the sensor with the Juniper Network
55. t Panel IDP 8200 Sensor The IDP 8200 sensor is optimal for large central sites or high traffic areas Figure 6 shows the following features m One console serial port One management network interface port m One dedicated high availability port m One USB port m Four IOC slots each IOC supports 16 copper fiber 1 Gbit ports one 10Gbit card with copper fiber 1Gbit ports or two 10Gbit cards with copper fiber 1 Gbit ports IDP Sensors m 9 IDP 75 250 800 and 8200 Installation Guide Figure 6 IDP 8200 Front Panel Goa GOL ooo m Traffic Ports Forwarding Interfaces The IDP 75 250 800 and 8200 sensors have traffic ports forwarding interfaces which are located on the front of each device Sensors can have a combination of copper and fiber ports Figure 7 Traffic Ports Configurable NIC States Copper port pairs on the IDP 75 250 800 and 8200 can be configured to take specified actions when the sensor becomes unavailable Using the Appliance Configuration Manager ACM you can configure how the sensor responds when it is shut down gracefully and how it responds when there is a failure 10 m Traffic Ports Forwarding Interfaces Chapter 2 Hardware Overview Table 4 NIC State Options ACM Settings Modes Availability Description NIC bypass Transparent W Sensor failure While sensor is active it does not pass mode only m Graceful NSRP packets unless Layer 2 bypass is shutdown
56. tive J Care or JNASC support contract or are covered under warranty and need post sales technical support you can access our tools and resources online or open a case with JTAC JTAC policies For a complete understanding of our JTAC procedures and policies review the JTAC User Guide located at http www juniper net customers support downloads 710059 pdf Product warranties For product warranty information visit http www juniper net support warranty JTAC hours of operation The JTAC centers have resources available 24 hours a day 7 days a week 365 days a year About This Guide Self Help Online Tools and Resources For quick and easy problem resolution Juniper Networks has designed an online self service portal called the Customer Support Center CSC that provides you with the following features Find CSC offerings http www juniper net customers support Search for known bugs http www2 juniper net kb Find product documentation http www juniper net techpubs Find solutions and answer questions using our Knowledge Base http kb juniper net Download the latest versions of software and review your release notes http www juniper net customers csc software Search technical bulletins for relevant hardware and software notifications http www juniper net alerts Join and participate in the Juniper Networks Community Forum http www juniper net company communities Open a case online in the CSC Ca
57. uppose two devices one connected to one sensor port and the other connected to the other sensor port are instead connected directly together m If the two devices are connected with a straight through cable use one straight through cable and one crossover cable to connect the sensor to these devices When NIC bypass starts the resulting effect is to create one long straight through cable connecting the devices m If the two devices are connected with a cross over cable use two straight through cables to connect the sensor to these two devices When NIC bypass starts the resulting effect is to create one long straight through cable connecting the devices External Bypass Unit State This state is only available when the sensor is in transparent mode It behaves the same as normal state except that NSRP packets are passed even if Layer 2 bypass is not enabled uy NOTE The External Bypass Unit setting is global Selecting it for any interface pair enables it for all interface pairs on the sensor If enabled for one interface pair all interface pairs pass NSRP packets regardless of their individual settings The external bypass unit state appears only in the after system unavailability list of the ACM However selecting it there enables it globally for all states NICs Off State During sensor operation this state behaves the same as normal state NSRP heartbeats are not passed unless the sensor is in transparent mode and Laye
58. uration Table 32 Environmental Specifications Specification Value Operating environment 0 to 35 C ambient Non operating environment 10 to 709 C IDP 8200 Technical Specifications m 51 IDP 75 250 800 and 8200 Installation Guide Safety Compliance EMI Compliance Immunity 52 m Safety Compliance UL 60950 Third Edition Safety of Information Technology Equipment CSA C2 22 No 60950 Third Edition Safety of Information Technology Equipment EN 60950 2000 Safety of Information Technology Equipment including Electrical Business Equipment IEC 60950 Third Edition Safety of Information Technology Equipment including Electrical Business Equipment EN 55022 1998 Class A FCC Part 15 Class A Industry Canada ICES 005 Class A VCCI Class A EN 55024 1998 index A ACM configuration information ssssse 26 audience for documentation sssssssss xi B bypass mode internal Dypass custo tete erbe ppt 11 c cable choices usaste dl bm HUE EN 12 Configurable NICS tuoniboma len n Re t ee Rec gea 10 conventions defined CO Sata reete lea ata xi D deployment modes ANN nd ta dd anda 43 high availability sss 46 PLOXV AIDS isl iod ss Aet LE eL ELE 46 drives CD ROM ElV6S esee See dee oles eh RH RES cose 15 hardidrives en sp eate petalis comte ap PE RUE 15 E EMI compliance specifications 52 H high availability deployment modes
59. use NSM to upgrade your IDP sensors First you must load a new sensor image to NSM Then use NSM to load the new image onto your sensors Loading a Sensor Image into NSM To make the sensor software available to NSM 1 Download firmware image files from Juniper Networks onto the computer running the NSM GUI 2 In NSM select Device Manager gt Security Devices from the left navigation pane 3 From the menu bar select Tools gt Firmware Manager The Firmware Manager dialog box appears 4 Click the button to open the Open dialog box 5 Select the image file on the computer running NSM and click Open The image file appears in the Firmware Manager dialog box displaying the image name version and applicable devices 6 Click OK Updating IDP Sensor Software Using NSM Firmware Manager m 35 IDP 75 250 800 and 8200 Installation Guide Upgrading Sensor Software After you have made the software available to NSM you can use NSM to upgrade the sensor To upgrade the sensor using NSM 1 From the menu bar select Devices gt Firmware gt Change Device Firmware to open the Change Device Firmware dialog box Select the devices whose firmware you want to upgrade Select the firmware you want installed on the device in the Select Target Firmware Version box Click Next to display the device s and firmware that NetScreen Security Manager is to install in the Firmware Update Availability dialog box Select Aut
Download Pdf Manuals
Related Search