Table of Contents
Advertisement
Network and Security Manager Administration Guide
Using the Policy Filter Tool
Using a Predefined IDP Policy
436
Naming of Address Objects in a Security Policy That References Devices Running
ScreenOS or JUNOS Software
Device updates might fail when a policy that references address objects for ScreenOS
devices is assigned to a J Series device or an SRX Series device because the address
object naming conventions in JUNOS Software are more restrictive than the naming
conventions in ScreenOS . For devices running JUNOS Software, the address object name
must be a string that begins with a letter and consists of letters, numbers, dashes, and
underscores. For devices running ScreenOS, the address object name can include numbers,
characters, and symbols. To ensure that a device running JUNOS Software can use the
address objects referenced by the security policy that is assigned to the device, all address
objects in that policy must follow the address object naming conventions for JUNOS
Software. If the policy that is assigned to a device running JUNOS Software contains
preexisting address objects for ScreenOS devices, these address objects must be renamed
to follow the address object naming conventions for JUNOS Software.
NSM provides a Policy Filter tool to filter policy rules-based on one or more filter conditions
specified for rule attributes. One filter can contain several filter conditions for different
attributes. The filter only applies to the current selected rulebase. The filter results are
displayed in the same rulebase. Rules that do not match filter conditions are hidden. In
the firewall rulebase, only open rule groups are filtered. When a filter is set and a closed
rule group is expanded, only rules that match the filter will be displayed in the group. For
information about using the Policy Filter tool, refer to the NSM Online Help.
Filtering the Comment Field
You can use filters for the comments field of your policy. By default, search finds an exact
match unless used with a regular expression.
For example, you have two rules with the following two comments: test1 and
juniper,\ntest1. If you want to find all the rules that have test1 in the comments field, you
must use a regular expression. If you do not use the regular expression checkbox, the
search returns rules with comment test1 only.
If you want to find all rules that end with the string test1, you can use one of the following
regular expressions:
.*test1|.*\ntest1
(.*|.*\n)test1
When you create a new IDP security policy, you can select from the following predefined
policies or use the Policy Creation Wizard, as described in the next section.
NOTE: IDP predefined policies are empty after an attack update. Relaunch the GUI to
reinstate the policies.
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
