Table of Contents
Advertisement
Table 14: Firewall Data Elements (continued)
Data Element
auths
schedule
ha_session_backup
no-idle-reset
traffic
Copyright © 2010, Juniper Networks, Inc.
Description
You must include HTTP, FTP, or Telnet service objects in the Service column of the rule to enable
remote users to authenticate themselves using Authentication. You can include other services
as well, or specify all services.
If authentication succeeds, the NSM allows the remote user to establish a connection to the
destination address. If authentication fails, NSM drops the initial connection.
If the source address supports multiple remote user accounts (for example, a Unix host running
Telnet) or it is located behind a NAT device that uses a single IP address for all NAT assignments,
only the first remote user from that source address must initiate and authenticate an HTTP, FTP,
or Telnet connection. All subsequent remote users from that source address do not have to
authenticate, and can pass matching network traffic to the destination address.
If you use WebAuth, to make a connection to the destination address in the rule, the remote user
must first initiate an HTTP connection to the WebAuth server. Your security device responds
with a login prompt. After the remote user provides a user name and password, NSM attempts
to authenticate the user credentials. If authentication succeeds, NSM permits the remote user
to establish a connection to the destination address. If authentication fails, NSM drops the initial
connection. The possible values:
no-auth
infranet-auth
auth
webauth
You can determine when a security device applies a rule to network traffic by defining a schedule
for the rule.
If you select HA Session Backup, a rule with the Permit action will not be active when the session
switches to the modern link. When this happens, the rule takes the Deny action.
Disable modem idle timer reset. (default = false)
Traffic shaping enables you to control the amount of bandwidth that is available to the matching
network traffic in a rule. It also enables you to set a priority that determines how the security
device handles matching network traffic that exceeds the defined maximum bandwidth. For
security devices running ScreenOS 5.3 or later, you can also manage the flow of traffic through
the security device by limiting bandwidth at the incoming point. The possible values:
gbw
priority
mbw
Chapter 5: Security Data Model
37
Advertisement
Table of Contents
Subscribe to Our Youtube Channel
Related Manuals for Juniper NETWORK AND SECURITY MANAGER 2010.4 - API GUIDE REV 1
Related Products for Juniper NETWORK AND SECURITY MANAGER 2010.4 - API GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING J SERIES SERVICES ROUTERS AND SRX SERIES SERVICES GATEWAYS GUIDE REV
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - NSMXPRESS SERIES II REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - M-SERIES AND MX-SERIES DEVICES GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.3
- Juniper NETWORK AND SECURITY MANAGER 2010.2
- Juniper MEDIA FLOW MANAGER 2.0.2 - ADMINISTRATOR S GUIDE AND CLI
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CATEGORY OFFENSE INVESTIGATION GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT ADMINISTRATION GUIDE REV 1
- Juniper MEDIA FLOW CONTROLLER 2.0.5
- Juniper SSG 20-WLAN
Need help?
Do you have a question about the NETWORK AND SECURITY MANAGER 2010.4 - API GUIDE REV 1 and is the answer not in the manual?
Questions and answers