Table of Contents
Advertisement
Defining Metadata
Adding Custom Detail Object to Rules
Copyright © 2010, Juniper Networks, Inc.
This information will be exported using the Policy Export tool, if the user selects Expanded
Mode when exporting data.
Policy filtering is supported on individual values in the Custom Details column.
The metadata is defined using the Policy Details node located in the navigation tree.
Users can see all metadata definitions as well as add, edit, or delete definitions. Existing
metadata is displayed in table format and supported at the domain level. Definitions in
the global domain are accessible in subdomains for creating objects that comply with
the global domain.
Deleting a metadata definition forces all objects to comply with the definition and lists
all usages of those objects. When deleting a metadata definition, all the objects complying
that metadata are also deleted. In addition, it removes all usages of the changed objects
from the security policy rules that referred to them.
Instantiating New Objects
As with metadata definitions, you can also create custom policy objection on the domain
level. Objects you create in the global domain will be available for all subdomains, while
objects created in the subdomains will only be available within the subdomain in which
it was created.
When you delete an object, NSM displays all the usages of that object in the security
policy rules, and will ask you for confirmation of the command. Once you confirm that
you want to delete the object, NSM will remove all usages of the object you are deleting
from the security policy rules that refer to the deleted object.
You can add custom detail objects to a rule in the policy using the same mechanism as
other shared objects, such as service or address objects. You can use multiple selections
for objects using the Shared data type. This allows you to add multiple objects complying
with the same metadata. For example, you can add multiple e-mail addresses or phone
number for each rule.
Once you have added custom objects to the rules, NSM displays the custom object along
with the metadata name. For example, after adding an address to a rule, the value
displayed in the rule could look like the following:
Email Address: admin@juniper.net
Requisition Number: JN0001
NSM will sort the entries in the Custom Details cell by the metadata name appended to
the custom object value. NSM will be copy and paste data in the Custom Details column
along with other rule data when a rule is copied and pasted.
Objects with a String data type will provide a special edit dialog that allow you to change
the string value contained within. The dialog allowing for this information is accessible
by right-clicking on the selected value in the Context Menu. Objects with a Shared data
Chapter 8: Configuring Objects
377
Advertisement
Table of Contents
