Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INFRANET CONTROLLER GUIDE REV 01 Manual page 128

NSM Infranet Controller Configuration Guide
110
Add or modify settings as specified in Table 34 on page 110.
4.
Click one:
5.
OK—Saves the changes.
Cancel—Cancels the modifications.
You must create corresponding session-import policies that allow IF-MAP client Infranet
Controllers that are connected to an Infranet Enforcer in front of protected resources to
collect IF-MAP data from the IF-MAP server.
Table 34: IF–MAP Session-Export Policy Configuration Details
Option Function
Name Specifies a unique name for
the policy.
Description Describes the policy.
Administrative Identifies the IP address,
Domain username, or MAC address
data.
In a large network
environment with several
domains, a username, an IP
address, or a MAC address
could be duplicated. By
entering the domain, you
ensure that the correct user
is identified.
Roles Determines the roles for
which this policy should
apply.
Stop on match Stops matching the roles
when an IF-MAP client has
successfully matched the
roles selected for this policy
to roles based on
session-import policies
configured on the target
device.
Identity tab
Your Action
Enter a name for the policy.
Enter a brief description for the policy.
Type the administrative domain for the session
export policy. If you want different aspects of a
user session to be exported with different
administrative domains, you then create several
export rules.
Select roles from the Non-members area and add
the roles to the Members area.
Select this option to stop matching roles after a
successful match is found.
Copyright © 2010, Juniper Networks, Inc.