Adding Static Dns Host Addresses - Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1 Administration Manual

Copyright © 2010, Juniper Networks, Inc.
since the value is fixed and set to 8. NSM validates your entries and prompts a
correction in case of an error.
Click OK to add the multicast group address.
8.

Adding Static DNS Host Addresses

This ScreenOS 5.3 or later feature lets you create a static host name with multiple IP
addresses. You can use this feature to create dynamic addressing in NSM.
To add multiple static host addresses:
In the navigation tree,
1.
Double-click the device you want to configure. The device must be running ScreenOS
2.
5.3 or later.
In the navigation tree of the new dialog box, select Network > DNS.
3.
Click Settings to open the Device Settings dialog box.
4.
Click the Add icon, enter the host name and host IP address, then click OK.
5.
Click OK to save the changes and close the dialog box.
6.
Example: Using Static Addresses to Share a FW Policy
Static addresses allow two sites with different IP addresses to share a single firewall
policy. For example, each site might have a Web server, each with a different IP address.
If you define an address object using the hostname "webserver" and then using that
object in the firewall policy, the device will resolve the address object's hostname to the
correct IP for that device as defined by its static host entry.
In the navigation tree, select Object Manager > Address Objects.
1.
Click the Add icon, then select Host to open the New Host dialog box.
2.
Enter the same name in the Name field that you entered for the Device host name
3.
in the previous section. These values are case sensitive and must match exactly.
Click OK to save the name and close the dialog box.
4.
Return to the navigation tree and select Security Policy.
5.
Click the Add icon and enter the security policy name, then click OK.
6.
Double-click the name of the security policy you just created.
7.
Right-click the value in the Source column or the Destination column.
8.
Select the address object you just created, click Add, then click OK. When the address
9.
object is pushed to a device, the host name resolves dynamically. One policy can be
assigned to multiple devices.
NOTE: If an address object is used in multiple zones, NSM pushes the address object
into the zones without changing its name. When you import a device, NSM combines
address objects with the same name and same content from different zones into a
single address object.
Chapter 8: Configuring Objects
329