IDP Series Intrusion Detection and Prevention Appliances IDP250 Installation Guide Release 5.0 Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, California 94089 USA 408-745-2000 www.juniper.
This product includes the Envoy SNMP Engine, developed by Epilogue Technology, an Integrated Systems Company. Copyright © 1986-1997, Epilogue Technology Corporation. All rights reserved. This program and its documentation were developed at private expense, and no part of them is in the public domain. This product includes memory allocation software developed by Mark Moraes, copyright © 1988, 1989, 1993, University of Toronto.
END USER LICENSE AGREEMENT READ THIS END USER LICENSE AGREEMENT (“AGREEMENT”) BEFORE DOWNLOADING, INSTALLING, OR USING THE SOFTWARE. BY DOWNLOADING, INSTALLING, OR USING THE SOFTWARE OR OTHERWISE EXPRESSING YOUR AGREEMENT TO THE TERMS CONTAINED HEREIN, YOU (AS CUSTOMER OR IF YOU ARE NOT THE CUSTOMER, AS A REPRESENTATIVE/AGENT AUTHORIZED TO BIND THE CUSTOMER) CONSENT TO BE BOUND BY THIS AGREEMENT.
6. Confidentiality. The Parties agree that aspects of the Software and associated documentation are the confidential property of Juniper. As such, Customer shall exercise all reasonable commercial efforts to maintain the Software and associated documentation in confidence, which at a minimum includes restricting access to the Software to Customer employees and contractors having a need to use the Software for Customer’s internal business purposes. 7. Ownership.
agreements relating to the Software, whether oral or written (including any inconsistent terms contained in a purchase order), except that the terms of a separate written agreement executed by an authorized Juniper representative and Customer shall govern to the extent such terms are inconsistent or conflict with terms contained herein. No modification to this Agreement nor any waiver of any rights hereunder shall be effective unless expressly assented to in writing by the party to be charged.
vi ■
Table of Contents Preface xi Objectives ......................................................................................................xi Audience ........................................................................................................xi Documentation Conventions ..........................................................................xi Related Documentation ................................................................................xiii Requesting Technical Support ..........
IDP250 Installation Guide Part 2 Performing the Installation Chapter 3 Installation Overview 21 Before You Begin ...........................................................................................21 Basic Steps ....................................................................................................22 Chapter 4 Installing the Appliance to Your Equipment Rack and Connecting Power 23 Rack Mounting Kits and Required Tools ........................................................
Table of Contents Part 4 Upgrading Software and Installing Field Replaceable Units Chapter 8 Upgrading Software 49 Updating Software (NSM Procedure) .............................................................49 Upgrading Software (CLI Procedure) ..............................................................51 Chapter 9 Installing Field Replaceable Units 53 Replacing a Power Supply .............................................................................
IDP250 Installation Guide x ■ Table of Contents
Preface This preface includes the following topics: ■ Objectives on page xi ■ Audience on page xi ■ Documentation Conventions on page xi ■ Related Documentation on page xiii ■ Requesting Technical Support on page xiv Objectives This guide explains how to install, configure, update, and service an IDP Series Intrusion Detection and Prevention appliance. Audience This guide is intended for experienced system and network specialists.
IDP250 Installation Guide Table 2 on page xii defines text conventions used in this guide. Table 2: Text Conventions Convention Description Bold typeface like this ■ Represents commands and keywords in text. ■ Represents keywords ■ Represents UI elements Examples ■ Issue the clock source command. ■ Specify the keyword exp-msg. ■ Click User Objects Bold typeface like this Represents text that the user must type.
Preface Related Documentation Table 4 on page xiii lists related IDP documentation. Table 4: Related IDP Documentation Document Description Release notes Contains information about what is included in a specific product release: supported features, unsupported features, changed features, known problems, and resolved problems. If the information in the release notes differs from the information found in the documentation set, follow the release notes.
IDP250 Installation Guide Table 5: Related NSM Documentation (continued) Document Description Network and Security Manager Configuring Intrusion Detection and Prevention Devices Guide Describes how to configure and manage IDP devices using NSM. This guide also helps in understanding of how to configure basic and advanced NSM functionality, including adding new devices, deploying new device configurations, updating device firmware, viewing log information, and monitoring the status of IDP devices.
Preface ■ Find solutions and answer questions using our Knowledge Base: http://kb.juniper.net/ ■ Download the latest versions of software and review release notes: http://www.juniper.net/customers/csc/software/ ■ Search technical bulletins for relevant hardware and software notifications: https://www.juniper.net/alerts/ ■ Join and participate in the Juniper Networks Community Forum: http://www.juniper.net/company/communities/ ■ Open a case online in the CSC Case Management tool: http://www.
IDP250 Installation Guide xvi ■ Requesting Technical Support
Part 1 Hardware and Software Overview ■ Hardware Overview on page 3 ■ Software Overview on page 15 Hardware and Software Overview ■ 1
IDP250 Installation Guide 2 ■ Hardware and Software Overview
Chapter 1 Hardware Overview This chapter includes the following topics: ■ IDP250 Overview on page 3 ■ Power Supply on page 4 ■ Hard Drive on page 4 ■ Fans on page 4 ■ System Status LEDs on page 4 ■ USB Port on page 5 ■ Serial Console Port on page 5 ■ Management Interface Port on page 5 ■ High Availability Interface Port on page 6 ■ Traffic Interface Ports on page 7 IDP250 Overview The IDP250 appliance is optimal for medium central sites or large branch offices.
IDP250 Installation Guide ■ Traffic Interface Ports on page 7 ■ IDP250 Technical Specifications on page 59 Power Supply The appliance has one power supply. It is a field replaceable unit (FRU). Related Topics Replacing a Power Supply on page 53 ■ Hard Drive The appliance has one 80 GB hard drive. It is not a field replaceable unit (FRU). Fans When the system is cool, appliance fans spin at a slower speed to reduce noise and save energy. As the system heats up, the fans run at a faster speed.
Chapter 1: Hardware Overview USB Port The appliance has a USB port you can use to reimage the appliance, if necessary. Serial Console Port The console serial port provides access, using an RJ-45 connector, to the command-line interface (CLI). NOTE: Although both the console serial port and the management port use RJ-45 connectors, do not plug the network cable into the console serial port. Management Interface Port The management interface port is a 10/100/1000 Mbps Ethernet port.
IDP250 Installation Guide Table 7: Management Port LEDs (continued) LED State Description TX/RX Orange Connection is 1000 Mbps. Green Connection is 100 Mbps. Off If LINK indicates activity, TX/RX off indicates connection is 10 Mbps. If LINK indicates no activity, TX/RX off indicates no activity as well. High Availability Interface Port The high availability interface port is a 10/100/1000 Mbps Ethernet port. In the configuration and logs, the port is eth1.
Chapter 1: Hardware Overview Table 8: High Availability Port LEDs (continued) LED State Description TX/RX Orange Connection is 1000 Mbps. Green Connection is 100 Mbps. Off If LINK indicates activity, TX/RX off indicates connection is 10 Mbps. If LINK indicates no activity, TX/RX off indicates no activity as well. Traffic Interface Ports You use the traffic interface ports to connect the appliance to your network. The interfaces receive and forward traffic.
IDP250 Installation Guide Table 9: Copper Port LEDs LED State Description LINK ACT Glows green Link is present. Blinks green Activity. Off No link present. Green Connection is 100 Mbps. Yellow Connection is 1 Gbps. Off If LINK ACT is on, the connection is 10 Mbps. If LINK ACT is off, LINK SPD off indicates no link is present as well. Green Interface is not in bypass mode. Yellow Interface is in bypass mode. Off Interface is turned off (NICs off state).
Chapter 1: Hardware Overview Table 10: Fiber Port LEDs LED State Description LINK ACT Glows green Link is present. Flashes green Activity. Off No link present. Green Connection is 100 Mbps. Yellow Connection is 1 Gbps. Orange Connection is 10 Gbps. Off If LINK ACT is on, the connection is 10 Mbps. If LINK ACT is off, LINK SPD off indicates no link is present as well. Green Interface is not in bypass mode. Yellow Interface is in bypass mode.
IDP250 Installation Guide Deployment Mode For each virtual router, you select the deployment mode: ■ Sniffer–In an out-of-path, sniffer mode deployment, the IDP appliance can detect attacks but can take only limited action. You connect the IDP traffic interfaces to a mirrored port of a network hub or switch. ■ Transparent–In an in-path, transparent mode deployment, traffic arrives in one interface and is forwarded through the other.
Chapter 1: Hardware Overview Figure 6: Internal Bypass When the IDP operating system resumes healthy operations, it sends a reset signal to the traffic interfaces, and the interfaces resume normal operation. NOTE: All copper port traffic interfaces support internal bypass. Some, but not all, fiber port traffic interfaces support internal bypass. Check with your sales contact for applicable part numbers.
IDP250 Installation Guide External Bypass The External Bypass setting supports third-party external bypass units. When the IDP appliance is turned on and available, it sends NetScreen Redundancy Protocol (NSRP) heartbeats to the external bypass unit. When the NSRP packets flow, the external bypass unit allows connections to proceed through the IDP appliance. If IDP encounters failure or is shut down, it cannot send the NSRP packets. IDP traffic interfaces enter a bypass state.
Chapter 1: Hardware Overview When PPM is enabled, a PPM daemon monitors the health of IDP traffic interfaces belonging to the same virtual router. If a traffic interface loses link, the PPM process turns off any associated network interfaces in the same virtual router so that other network devices detect that the virtual router is down and route around it. For example, assume you have enabled PPM and configured IDP virtual routers as shown in Figure 8 on page 13.
IDP250 Installation Guide 14 ■ ■ If you enable Layer 2 bypass, the interfaces pass through IPv6, internetwork packet exchange (IPX), Cisco Discovery Protocol (CDP), and interior gateway routing protocol (IGRP). ■ If you enable internal bypass, the interfaces do not pass through NetScreen Redundancy Protocol (NSRP) packets even if Layer 2 bypass is enabled. ■ If you enable external bypass, all interfaces pass through the NSRP packets that are used in communication with the external bypass unit.
Chapter 2 Software Overview This chapter includes the following topics: ■ On-Box Software Overview on page 15 ■ Centralized Management with NSM Overview on page 16 ■ J-Security Center Updates Overview on page 17 On-Box Software Overview You use on-box software to get the appliance up and running in the desired deployment mode, to configure appliance interfaces, and to establish communication with Network and Security Manager (NSM).
IDP250 Installation Guide Table 11: IDP On-Box Utilities (continued) Software Usage idp.sh utility You can use the idp.sh utility to start, stop, or get status information on appliance processes. For details, see the IDP Administration Guide. sctop utility You can use the sctop utility to monitor connection tables and view status. For details, see the IDP Administration Guide.
Chapter 2: Software Overview For IDP deployments, centralized management provides the following benefits: ■ Centralized management for IDP appliances and other network devices ■ Consolidated logs from different devices in a single repository ■ Centralized management of enterprise security policies ■ Simplified management for attack signature updates ■ Role-based administration For information about installing NSM and using NSM distributed management features, management objects (such as address o
IDP250 Installation Guide 18 ■ J-Security Center Updates Overview
Part 2 Performing the Installation ■ Installation Overview on page 21 ■ Installing the Appliance to Your Equipment Rack and Connecting Power on page 23 ■ Performing the Initial Network Configuration and Licensing Tasks on page 27 ■ Connecting the IDP Traffic Interfaces to Your Network and Verifying Traffic Flow on page 35 Performing the Installation ■ 19
IDP250 Installation Guide 20 ■ Performing the Installation
Chapter 3 Installation Overview This chapter includes the following topics: ■ Before You Begin on page 21 ■ Basic Steps on page 22 Before You Begin The location of the device, the layout of the mounting equipment, and the security of your wiring room are crucial for proper system operation. CAUTION: To prevent abuse and intrusion by unauthorized personnel, install the appliance in a secure environment.
IDP250 Installation Guide Related Topics ■ Common Criteria EAL2 Compliance on page 63 Basic Steps Take the following basic steps to install the appliance and connect it to your network: 1. Read the release notes for your release. Release notes make you aware of supported and unsupported features, known issues, and fixed issues. Go to http://www.juniper.net/techpubs/software/management/idp/ and download the release notes for your release. 2.
Chapter 4 Installing the Appliance to Your Equipment Rack and Connecting Power This chapter includes the following topics: ■ Rack Mounting Kits and Required Tools on page 23 ■ Mounting to Midmount Brackets on page 24 ■ Mounting to Rack Rails on page 25 ■ Connecting Power on page 25 Rack Mounting Kits and Required Tools Table 12 on page 23 describes the rack mounting hardware included in a standard shipment and required tools that are not included in a standard shipment.
IDP250 Installation Guide Mounting to Midmount Brackets To mount the appliance using the midmount brackets: 1. Attach one rack-mounting bracket to each side of the chassis with the bracket screws. Figure 10: 1-RU Midmount Bracket 2. With another person, place the chassis into position between rack posts in the equipment rack and align the rack-mounting bracket holes with the rack post holes.
Chapter 4: Installing the Appliance to Your Equipment Rack and Connecting Power Related Topics ■ Rack Mounting Kits and Required Tools on page 23 Mounting to Rack Rails To mount the device to equipment rack rails: 1. Attach the rails to each side of the chassis with the bracket screws. Make sure the hinged brackets are at the back of the device. Make sure the rails are positioned so they reach the back of the rack when the device is mounted. Figure 11: Rail with Hinged Rear Bracket 2.
IDP250 Installation Guide 2. 26 ■ Connecting Power Connect the other end of the power cable to the electrical outlet.
Chapter 5 Performing the Initial Network Configuration and Licensing Tasks This chapter includes the following topics: ■ Performing the Initial Configuration on page 27 ■ Getting Started with the EasyConfig Wizard (Serial Console Port) on page 29 ■ Getting Started with the QuickStart Wizard (Management Port) on page 30 ■ Getting Started with the ACM Wizard (Management Port) on page 31 ■ Installing the Product License Key on page 32 Performing the Initial Configuration We recommend the following w
IDP250 Installation Guide Table 13: Getting Started Configuration Tools Getting Started Tool You Specify: EasyConfig wizard (Serial port) ■ Management interface IP address and netmask Fully qualified domain name: Blank ■ RADIUS support: Disabled ■ Time zone, date, and time ■ ■ Deployment mode (sniffer or transparent) for the default virtual router(s) Network interfaces: Auto-negotiate speed/duplex ■ Virtual routers: ACM wizard (Management port) ■ Management interface IP address and netmas
Chapter 5: Performing the Initial Network Configuration and Licensing Tasks Getting Started with the EasyConfig Wizard (Serial Console Port) We recommend you get started by running the EasyConfig wizard to assign an IP address to the management interface. Then, you can access the ACM Wizard from a remote location to complete the appliance configuration. To perform the initial configuration with the EasyConfig wizard: 1.
IDP250 Installation Guide Mask: 255.255.255.0 What IP address do you want to configure for the management interface? [192.168.1.1] 7. Type an IP address and press Enter. The following text appears: What netmask do you want to configure for the management interface? [255.255.255.0] 8. Type your netmask and press Enter. The system configures your interfaces. The following text appears: Configuring default route... The current default route is: X.X.X.
Chapter 5: Performing the Initial Network Configuration and Licensing Tasks To get started with the QuickStart wizard: 1. Connect one end of an Ethernet cable to the management interface port and the other end to the Ethernet port of your laptop. 2. On your laptop, open a Web browser. 3. In the browser Address or Location box, enter https://192.168.1.1. NOTE: ACM access uses SSL, so you must type https:// and not http://. 4. Log in as the user root with the default password (abc123).
IDP250 Installation Guide Related Topics 6. Type the default user name (root) and password (abc123). 7. Click ACM to start the ACM wizard. Complete the wizard steps as described in the online Help. ■ Performing the Initial Configuration on page 27 Installing the Product License Key IDP 4.1 and later releases require you to install a permanent license key. To install the permanent license key: 1.
Chapter 5: Performing the Initial Network Configuration and Licensing Tasks [root@localhost ~] scio lic add lic.txt 9.
IDP250 Installation Guide 34 ■ Installing the Product License Key
Chapter 6 Connecting the IDP Traffic Interfaces to Your Network and Verifying Traffic Flow This chapter includes the following topics: ■ Guidelines for Connecting IDP Interfaces to Your Network Devices on page 35 ■ Choosing Cables for Traffic Interfaces (Copper Ports) on page 36 ■ Connecting and Disconnecting Fiber Cables on page 37 ■ Verifying Traffic Flow on page 38 Guidelines for Connecting IDP Interfaces to Your Network Devices We recommend you deploy the IDP appliance between gateway firewalls
IDP250 Installation Guide Table 14: Interface Connection Guidelines (continued) Port Cable Connection Guidelines Traffic interface ports Sniffer Mode – Copper Ports 1. Connect one end of a CAT-5 straight-through cable to a traffic interface port located at the front of the chassis. 2. Connect the other end to the Switched Port Analyzer (SPAN) port of a switch or a hub. Transparent Mode – Copper Ports 1.
Chapter 6: Connecting the IDP Traffic Interfaces to Your Network and Verifying Traffic Flow NOTE: IDP75, IDP250, IDP800, and IDP8200 support auto-MDIX. Connecting Devices That Do Not Support Auto-MDIX For connections to a firewall or server, use a crossover cable. For connections to a switch or hub, use a straight-through cable. NOTE: Conventionally, crossover cables have an orange outer jacket.
IDP250 Installation Guide 3. Slide the clip into the transceiver port until it clicks into place. Because the fit is close, you may have to apply some pressure to seat the clip. Apply pressure evenly and gently to avoid clip breakage. To remove a Gigabit Ethernet cable from a transceiver: 1. Hold the cable clip firmly but gently between your thumb and forefinger with your thumb on top of the clip and your finger under the clip. 2. Use your thumb to gently press the clip ejector on top of the clip.
Part 3 Adding the IDP Appliance to NSM ■ Adding the IDP Appliance to NSM on page 41 Adding the IDP Appliance to NSM ■ 39
IDP250 Installation Guide 40 ■ Adding the IDP Appliance to NSM
Chapter 7 Adding the IDP Appliance to NSM This chapter includes the following topics: ■ Reviewing Compatibility with NSM on page 41 ■ Adding a Reachable IDP Device to NSM on page 41 Reviewing Compatibility with NSM Review the release notes for information regarding compatibility between your IDP Series release and NSM release. In some cases, you might be required to install a schema update on NSM to support the IDP Series release.
IDP250 Installation Guide To import an IDP device with a known IP address: 1. In the NSM navigation tree, select Device Manager > Devices. Figure 12: NSM Add Device Wizard: Add Device 2. Click the + icon and select Device to display the Add Device wizard. 3. Select Device Is Reachable (default) and click Next to display the page where you configure connection settings. Figure 13: NSM Add Device Wizard: Connection Settings 4.
Chapter 7: Adding the IDP Appliance to NSM ■ Enter the password for the device admin user. You set the password for admin when you ran the ACM Wizard. ■ Enter the password for the device root user. You set the password for root when you ran the ACM Wizard. NOTE: In NSM, passwords are case-sensitive. ■ Select SSH Version 2 and port 22. Click Next. The Wizard displays a page where you can verify the integrity of the connection between the IDP appliance and NSM.
IDP250 Installation Guide 5. Log into the IDP command-line interface and verify the SSH key fingerprint. Comparing the SSH key fingerprint information enables you to detect man-in-the-middle attacks: a. Connect to the IDP command-line interface: ■ Use SSH to connect to the IP address or hostname for the management interface. Log in as admin and enter su – to switch to root. ■ If you prefer, make a connection through the serial port and log in as root. b. Enter cd /etc/ssh. c.
Chapter 7: Adding the IDP Appliance to NSM Figure 16: NSM Add Device Wizard: Add Device Confirmation 8. Click Next to import the configuration from the IDP device. Upon success, NSM displays the following message: Figure 17: NSM Add Device Wizard: Configuration Import Confirmation 9. Click Finish. For IDP 4.1 and later devices, NSM next runs a job to update the IDP device with the Recommended IDP security policy. The Job Information dialog box shows the status of the Update Device job. 10.
IDP250 Installation Guide Figure 18: NSM Device Manager: Viewing Device Status Related Topics 46 ■ ■ Reviewing Compatibility with NSM on page 41 ■ Basic Steps on page 22 Adding a Reachable IDP Device to NSM
Part 4 Upgrading Software and Installing Field Replaceable Units ■ Upgrading Software on page 49 ■ Installing Field Replaceable Units on page 53 ■ Reimaging the Appliance on page 55 Upgrading Software and Installing Field Replaceable Units ■ 47
IDP250 Installation Guide 48 ■ Upgrading Software and Installing Field Replaceable Units
Chapter 8 Upgrading Software This chapter includes the following topics: ■ Updating Software (NSM Procedure) on page 49 ■ Upgrading Software (CLI Procedure) on page 51 Updating Software (NSM Procedure) To update IDP software: 1. Add the IDP software to the NSM GUI server. 2. Push the IDP software from the NSM GUI server to one or more IDP devices. To add an IDP software image to the NSM GUI server: 1. Download the software image: a. Go to https://www.juniper.
IDP250 Installation Guide 3. From the Select Software Image list, select the image file you just added to the NSM GUI server. 4. In the Select Devices list, select the IDP devices on which to install the software update. 5. Click Next and complete the wizard steps. 6. Select Automate ADM Transformation to automatically update the Abstract Data Model (ADM) for the device after NSM installs the update.
Chapter 8: Upgrading Software 3. Related Topics ■ Push a security policy update job to update attack objects in use in your security policy: a. In NSM, select Devices > Configuration > Update Device Config. b. Select devices to which to push the updates and set update job options. c. Click OK. Upgrading Software (CLI Procedure) on page 51 Upgrading Software (CLI Procedure) To upgrade IDP software from the CLI: 1. 2. Download the software image to a host that runs an FTP server.
IDP250 Installation Guide Next Steps: 1. Download the IDP detector engine and NSM attack database updates to the NSM GUI server: From the NSM main menu, select Tools > View/Update NSM attack database and complete the wizard steps. 2. Push the updated IDP detector engine to IDP devices: From the NSM main menu, select Devices > IDP Detector Engine > Load IDP Detector Engine for ScreenOS and complete the wizard steps.
Chapter 9 Installing Field Replaceable Units This chapter includes the following topics: ■ Replacing a Power Supply on page 53 Replacing a Power Supply The following procedure applies to models for which the power supply is a field replaceable unit (FRU). For information on obtaining spares, contact your Juniper Networks sales representative. To remove a power supply: 1. Go to the back of the device and locate the power supply you want to remove. 2.
IDP250 Installation Guide The power supply LED turns amber to indicate that the power supply is receiving power. The LED turns green to indicate that it is receiving power and is giving power to the appliance (only occurs if appliance is on). The high-pitched whine stops and the PS FAIL light on the front of the appliance turns off.
Chapter 10 Reimaging the Appliance This chapter includes the following topic: ■ Reimaging and Relicensing an Appliance on page 55 Reimaging and Relicensing an Appliance The appliance comes with software preinstalled. If needed, you can reinstall the factory image. This process is known as reimaging the appliance. The reimaging process rewrites the disk except for the partition containing /var/idp. If necessary and if possible, you should save a copy of data or custom configuration files before reimaging.
IDP250 Installation Guide 56 ■ Reimaging and Relicensing an Appliance
Part 5 Technical Specifications and Compliance Statements ■ Technical Specifications on page 59 ■ Compliance Statements on page 61 ■ Common Criteria EAL2 Compliance on page 63 Technical Specifications and Compliance Statements ■ 57
IDP250 Installation Guide 58 ■ Technical Specifications and Compliance Statements
Chapter 11 Technical Specifications This chapter includes the following topics: ■ IDP250 Technical Specifications on page 59 IDP250 Technical Specifications Table 15 on page 59 lists physical specifications. Table 15: Physical Specifications Specification Value Form Factor 1 RU Height 1.69 in. (4.3 cm) Width 17 in. (43.2 cm) Depth 15 in. (38.1 cm) Weight 16.5 lb (7.48 kg) Table 16 on page 59 lists power specifications.
IDP250 Installation Guide Table 17: Power Cord Specifications Country Specifications United States and Canada ■ UL-approved and CSA-certified ■ Flexible cord minimum spec: No. 18 (1.5 mm2SVT or SJT, 3-conductor ■ Current capacity of 10A minimum ■ Earth-grounding attachment plug with NEMA 5-15P (10A, 125V) configuration Table 18 on page 60 list environmental specifications.
Chapter 12 Compliance Statements This chapter includes the following topic: ■ Standards Compliance on page 61 Standards Compliance Table 20: Category Standards Compliance Safety ■ UL 60950, Third Edition — Safety of Information Technology Equipment ■ CSA C2.22 No.
IDP250 Installation Guide 62 ■ Standards Compliance
Chapter 13 Common Criteria EAL2 Compliance This chapter includes the following topics: ■ Common Criteria EAL2 Compliance on page 63 Common Criteria EAL2 Compliance Table 21 on page 63Table 21 on page 63 provides guidelines you must observe to deploy and use the IDP appliance in compliance with the Common Criteria EAL2. In addition, you must observe compliance guidelines for Network and Security Manager (NSM), listed in the Network and Security Manager Administration Guide.
IDP250 Installation Guide 64 ■ Common Criteria EAL2 Compliance
Part 6 Index ■ Index on page 67 Index ■ 65
IDP250 Installation Guide 66 ■ Index
Index Symbols EN 60950 compliance..................................................61 EN 61000-3-2 compliance............................................61 environmental specifications.......................................59 1998 Class A compliance.............................................61 F A ACM ......................................................................15, 31 ACM Online Help.........................................................xiii adding a device to NSM............................
IDP250 Installation Guide LEDs fault........................................................................4 HA port...................................................................6 hard drive...............................................................4 IDP250...................................................................3 power.....................................................................4 traffic interface...................................................
