Juniper Networks IDP 800 Manuel D’Utilisation

IDP Configuration Basics 

„ 

3

Chapter 1: Planning an Installation

To use an IDP sensor as a passive intrusion detection system without 
prevention capabilities, deploy the sensor in passive sniffer mode to monitor 
and log network traffic. If the sensor is attached to a network switch, you must 
configure the switch to mirror all traffic to that port. The IDP sensor defaults to 
sniffer mode.

„

Active mode—The gateway (inline) mode is active. This mode takes full 
advantage of IDP attack prevention capabilities and multimethod detection 
mechanisms.

With inline modes, the sensor is directly involved in the packet flow. The 
sensor can stop attacks by dropping malicious packets before they reach their 
target.

Inline sensors are typically configured in transparent mode. For other inline 
modes, see “Advanced Configuration” on page 43. 

One step in setting up IDP on your network is to decide on a deployment mode. 
Figure 1 and Figure 2 illustrate the possible deployment modes and their primary 
advantages and disadvantages.

Figure 1:  Sniffer Mode (Passive) 

Table 2 lists the advantages and the disadvantages of using the sensor in passive 
sniffer mode.

NOTE: 

For IDP 8200 Release 4.2, only transparent mode is available.

Management 
Server 
IP 2.2.2.4

User Interface  
IP 2.2.2.5

Protected Machines

Hub or 
Switch

Mirror or SPAN port, if a switch

Firewall

MGT  
port

eth2

Internet

Server1
IP 1.1.1.2
GW 1.1.1.1

Server2
IP 1.1.1.3
GW 1.1.1.1

Server3
IP 1.1.1.4
GW 1.1.1.1

eth0 IP 2.2.2.7

straight-through cable

IP 2.2.2.1

IP 1.1.1.1

IDP Sensor

Hub or 
Switch