Deployment mode, Layer 2 bypass, Internal bypass – Juniper Networks IDP SERIES IDP250 User Manual

Deployment Mode

You specify a deployment mode for each virtual router. You have two options:

•

Transparent—In an in-path, transparent mode deployment, traffic arrives in one
interface and is forwarded through the other. The IDP Series appliance detects attacks
and takes action according to your security policy rules. You connect the IDP Series
traffic interfaces to firewalls or switches in the network path.

•

Sniffer—In an out-of-path, sniffer mode deployment, the IDP Series appliance can
detect attacks but can take only limited action. You connect the IDP Series traffic
interfaces to a mirrored port of a network hub or switch.

Layer 2 Bypass

You enable or disable Layer 2 bypass to determine how the IDP Series device handles
Layer 2 packets.

When the IDP Series appliance is deployed in the path of network traffic, it can take three
types of actions on the packets it receives:

•

Drop it.

•

Pass it through.

•

Process it according to IDP OS rules to determine whether to drop it, forward it, rate
limit, and so forth.

The IDP Series appliance processes Layer 2 traffic as follows:

•

Processes address resolution protocol (ARP) and Layer 2 packets related to internet
protocol (IPv4) traffic.

•

Drops all other Layer 2 traffic, unless the Layer 2 bypass setting is enabled.

•

When Layer 2 bypass is enabled, the IDP Series device passes through Layer 2 packets
related to bypass and high availability deployments (such as heartbeats or Bridge
Protocol Data Unit (BPDU) packets), and non-IPv4 packets and packets related to
switching and routing protocols, such as IPv6, internetwork packet exchange (IPX),
Cisco Discovery Protocol (CDP), and interior gateway routing protocol (IGRP), and so
forth.

The IDP Series appliance processes TCP/IP traffic according to implicit rules related to
traffic anomaly detection and explicit rules specified in the security policy.

Internal Bypass

The Internal Bypass feature is intended for deployments where a network security policy
privileges availability over security. In the event of failure or graceful shutdown, traffic
bypasses the IDP processing engine and is passed through the IDP Series device
uninspected.

The Internal Bypass feature operates through a timing mechanism. When enabled, the
timer on traffic interfaces counts down to a bypass trigger point. When the IDP Series

Copyright © 2012, Juniper Networks, Inc.

10

IDP250 Installation Guide