Configuring If-Map Session Import Policy On The Infranet Controller - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INFRANET CONTROLLER GUIDE REV 01 Manual

Configuring infranet controllers guide

Hide thumbs Also See for NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INFRANET CONTROLLER GUIDE REV 01:

Manual (444 pages)

Administration manual (1026 pages)

Installation manual (244 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

Table of Contents

NSM Infranet Controller Configuration Guide

Documentation

Configuring IF-MAP Session Import Policy on the Infranet Controller (NSM Procedure)

112

Table 34: IF–MAP Session-Export Policy Configuration Details (continued)

Option

Function

Set IF-MAP

Specifies a passed Host

Device

Checker policy on the

Attributes

Infranet Controller or SA

appliance.

Configuring IF-MAP Client Settings on the Infranet Controller (NSM Procedure) on

page 108

Configuring IF-MAP Server Settings on the Infranet Controller (NSM Procedure) on

page 107

Configuring IF-MAP Session Import Policy on the Infranet Controller (NSM Procedure)

on page 112

Configuring IF-MAP Server Replicas (NSM Procedure) on page 114

The session-export policies that you create allow IF-MAP data that represents a session

to be stored on the IF-MAP server. Session-import policies specify how the Infranet

Controller derives a set of roles and a username from the IF-MAP data in the IF-MAP

server. Session-import policies establish rules for importing user sessions from a different

Infranet Controller or SA appliance. Import policies allow you to match authenticated

users with corresponding roles on the target device. For example, you might configure

an import policy to specify that when IF-MAP data for a session includes the "Contractor"

capability, the imported session should have the "limited" role. Session-import policies

allow the Infranet Controller to properly assign roles based on information that the IF-MAP

server provides.

You configure session-import policies on IF-MAP client Infranet Controllers that are

connected to an Infranet Enforcer in front of protected resources.

To configure a session-import policy:

In the NSM navigation tree, select Device Manager > Devices.

Click the Device Tree tab, and then double-click the Infranet Controller for which you

want to configure a session-import policy.

Click the Configuration tab. In the configuration tree, select System > IF–MAP

Federation > Session-Import Policies.

Your Action

Select this action and the following options

appear.

Copy Host Checker policy names—Select this

option to copy the name of each Host Checker

policy that passed for the session to a device

attribute.

Set device attributes specified below—Select

this option to set the specified device

attributes. The Device Attributes option

appears. From Device Attributes, click New and

enter a specified device attribute.

Table of Contents

Configuring If-Map Session Import Policy On The Infranet Controller - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INFRANET CONTROLLER GUIDE REV 01 Manual

Related Manuals for Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INFRANET CONTROLLER GUIDE REV 01

Related Content for Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INFRANET CONTROLLER GUIDE REV 01

Table of Contents