Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INFRANET CONTROLLER GUIDE REV 01 Manual page 124

NSM Infranet Controller Configuration Guide
Related
Documentation
106
Table 32: Host Enforcer Policy Configuration Details (continued)
Option
Applies to roles
Action
Table 33: Examples of Specifying Resources in a Host Enforcer Policy
Specify This Protocol
tcp_out://*:21,80,443
tcp_in://10.11.0.0/255.255.0.0:*:20
udp_in://*:*
icmp://*:*
Configuring Infranet Enforcer Resource Access Policies (NSM Procedure) on page 93
Configuring Infranet Controller IP Address Pool Policies (NSM Procedure) on page 98
Configuring Infranet Controller IPsec Routing Policies (NSM Procedure) on page 95
Function
Specifies the roles to
which this policy is
applicable.
Specifies whether you
want this policy to allow or
deny the traffic you
specified for resources. For
example, you can create a
policy that denies outgoing
TCP traffic for a particular
role.
To Allow
Outgoing TCP traffic on ports 21, 80, and 443
only.
Incoming FTP traffic from
10.11.0.0/255.255.0.0 on FTP server port 20
to all ports on the endpoint.
Incoming UDP traffic from all IP addresses to
all ports on the endpoint.
Incoming and outgoing ICMP traffic from all
IP addresses to all ports on the endpoint.
Your Action
Select Policy applies to ALL roles
to apply the Host Enforcer policy to
all users.
Select Policy applies to SELECTED
roles to apply the Host Enforcer
policy only to users who are
mapped to roles in the Members list.
Select Policy applies to roles
OTHER THAN those selected to
apply the Host Enforcer policy to all
users except those who map to the
roles in the Members list.
NOTE: Select the policies from the
Non-members list and click Add to
move it to the Members list before
applying the policies to the roles.
Select this option.
Copyright © 2010, Juniper Networks, Inc.