Comments For Firewall Rules; Configuring Multicast Rules - Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1 Administration Manual

Table of Contents

Advertisement

Comments for Firewall Rules

Configuring Multicast Rules

Copyright © 2010, Juniper Networks, Inc.
the situation in order to do so. If the TCP keep-alive option is activated on the server, it
can be used to query the status of the connection.
NSM offers the option of configuring the SSG Series Secure Services Gateways, ISG
Series Integrated Security Gateways, and the NetScreen Series Security Systems running
ScreenOS 6.3 and later to send a notification to both the client and the server when a
TCP session is closed. By default, this option is disabled. Before you can enable the
Session Close Notification feature on NSM for a device, you must first set the following
options:
a.
From
>
Device
Advanced
Disable
Skip TCP sequence number check.
Enable one or both of these options:
Check TCP SYN bit before create/refresh session after TCP handshake
Check TCP SYN bit before Create session
Set the number of seconds in the option
b.
From
Device
>
Network
Configuring the Session Close Notification option:
Select
Policy Manager
1.
Close Notification
. A
Session Close Notification
Check the option –
Notify both ends if TCP session isn't normally terminated
2.
Click
OK
.
3.
configure the Session Close Notification option by selecting
>
>
Policy
Policy on device
The Comments column of a rule contains the rule title, which is also the ScreenOS policy
name (the name of the policy when viewing the device configuration using the WebUI).
You can also enter comments in the Comment Field, if desired.
A multicast rule is a statement that defines a specific type of multicast control traffic.
When multicast control traffic passes through a security device, the device attempts to
match that traffic against its list of rules. If a rule is matched, the device permits the traffic
to pass through.
On security devices, you secure multicast control traffic using access lists. First, you create
an access list, which defines one of the following:
The multicast groups a host can join.
The sources from which traffic can be received.
>
>:
Packet flow
Notify threshold.
>
Edit the From / To Zone
>
>
Security Policy
Policy on device
window opens.
>
Rule Options
Configure All Options Session Close Notification
Chapter 9: Configuring Security Policies
, enable
TCP/RST
.
>
>
Rule Options
Session
>
Policy Manager
Security
.
.
455

Advertisement

Table of Contents
loading

This manual is also suitable for:

Network and security manager 2010.2

Table of Contents