Juniper Networks IDP250 Home Security System User Manual

Open as PDF

of 84

Deployment Mode

For each virtual router, you select the deployment mode:

■ Sniffer–In an out-of-path, sniffer mode deployment, the IDP appliance can detect

attacks but can take only limited action. You connect the IDP traffic interfaces

to a mirrored port of a network hub or switch.

■ Transparent–In an in-path, transparent mode deployment, traffic arrives in one

interface and is forwarded through the other. The IDP appliance detects attacks

and takes action according to your security policy rules. You connect the IDP

traffic interfaces to firewalls or switches in the network path.

You can deploy a mix of sniffer and transparent mode virtual routers on the same

IDP appliance.

For more information on deployment mode, see the IDP Concepts and Examples

Guide.

Internal Bypass

The Internal Bypass setting supports network security policies that privilege availability

over security. In the event of failure or graceful shutdown, with internal bypass

configured, the interfaces to enter an internal bypass state. In internal bypass, physical

interfaces join mechanically to form a circuit that bypasses IDP processing. For

example, if you configure internal bypass for vr0, and the IDP appliance encounters

failure or is shut down, eth2 and eth3 join to form a circuit that avoids the IDP engine

and forwards the traffic to the next network hop.

Internal bypass operates through a timing mechanism. When enabled, the timer on

traffic interfaces counts down to a bypass trigger point. When the IDP appliance is

turned on and available, it sends a reset signal to the traffic interface timer so that

it does not reach the bypass trigger point. If the IDP operating system encounters

failure, then it fails to send the reset signal, the timer counts down to the trigger

point, and the traffic interfaces enter a bypass state. If the IDP appliance is shut down

gracefully, the traffic interfaces immediately enter bypass.

Figure 6 on page 11 shows the communications path when a virtual router is in

internal bypass state.

10 ■ Traffic Interface Ports

IDP250 Installation Guide

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Juniper Networks IDP250 Home Security System User Manual