Configuring An Infranet Controller To Connect To A Screenos Enforcer - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INFRANET CONTROLLER GUIDE REV 01 Manual

Configuring infranet controllers guide

Hide thumbs Also See for NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INFRANET CONTROLLER GUIDE REV 01:

Manual (444 pages)

Administration manual (1026 pages)

Installation manual (244 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

Table of Contents

Documentation

Configuring an Infranet Controller to Connect to a ScreenOS Enforcer (NSM Procedure)

Table 31: Source Interface Policy Configuration Details (continued)

Option

Applies to roles

Configuring Infranet Controller Source IP Access Restrictions (NSM Procedure) on

page 61

Configuring Infranet Controller Host Enforcer Policies (NSM Procedure) on page 105

The ScreenOS Enforcer connects to the Infranet Controller over an SSH connection that

uses the NetScreen Address Change Notification (NACN) protocol.

The Infranet Controller uses the NACN password and serial number for a connection

from the ScreenOS Enforcer. When the ScreenOS Enforcer first turns on, it sends an

NACN message containing the NACN password and serial number to the Infranet

Controller. The Infranet Controller uses the serial number to determine which ScreenOS

Enforcer is attempting to connect, and then the Infranet Controller uses the NACN

password to authenticate the ScreenOS Enforcer. The Infranet Controller then begins

communicating with the ScreenOS Enforcer using SSH.

To configure the Infranet Controller to accept a connection from the ScreenOS Enforcer:

In the NSM navigation tree, select Device Manager > Devices.

Click the Device Tree tab, and then double-click the Infranet Controller that you want

to configure.

Click the Configuration tab. In the configuration tree, select UAC > Infranet Enforcer

> Connection.

Click New (+). The New Infranet Enforcer dialog box appears.

Select the ScreenOS option button from the Platform area. The ScreenOS Enforcer

page appears.

Enter a name for the ScreenOS Enforcer.

Chapter 10: Configuring Infranet Enforcer Policies

Function

Specifies the policies that

apply to the roles.

Your Action

Select Policy applies to ALL roles

to apply this Source Interface policy

to all users.

Select Policy applies to SELECTED

roles to apply this Source Interface

policy only to users who are mapped

to roles in the Members list.

Select Policy applies to roles

OTHER THAN those selected to

apply this Source Interface policy to

all users except those who map to

the roles in the Members list.

NOTE: Select the policies from the

Non-members list and click Add to

move it to the Members list before

applying the policies to the roles.

101

Table of Contents

Configuring An Infranet Controller To Connect To A Screenos Enforcer - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INFRANET CONTROLLER GUIDE REV 01 Manual

Related Manuals for Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INFRANET CONTROLLER GUIDE REV 01

Related Content for Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INFRANET CONTROLLER GUIDE REV 01

Table of Contents