Table of Contents
Advertisement
Network and Security Manager Administration Guide
502
NOTE: You can also enable/disable session rematch in the system-wide device update
settings. To configure, from the menu bar, select Tools > Preferences > Device Update.
The system-wide setting (enabled or disabled) becomes the default setting for all
device updates, but you can change the setting as needed for each individual update.
After you have selected the devices you want to update (and configured session rematch,
if desired), click OK to begin the update process. The Job Manager dialog box appears
and displays the progress of the policy installation. As the update is performed, the main
display area of the Job Manager dialog box displays the CLI commands that the
management system is sending to the physical device. In some cases, you might see that
the policy is unset, then reset on the device.
NSM does not need to reset the policy when:
The security policy you are installing does not exists on the physical device. The update
installs the security policy on the device.
The security policy you are installing already exists on the physical device. The update
modifies the policy on the physical device, without resetting the policy.
NSM must reset the policy when the security policy you are installing already exists on
the physical device, but an object within the policy has changed in NSM. The update first
unsets the current policy on the device, deletes the old object, adds the new changed
object, then installs the entire security policy again on the physical device.
NOTE: Additionally, NSM must reset the policy during an import when the security
policy exists on the device, but does not exist in the management system.
After the updated has completed, close the Job Manager window. The rules in the policy
become active on the devices you selected in the Install On column of the rule. To see
the exact rules that were applied to a specific device, in Device Manager, right-click a
device and select Policy > View Pending Device Policy.
Updating Only the IDP Rulebases on ISG Devices
On ISG devices with IDP, you can elect to push only the IDP rulebases, not the entire
policy.
To push only the IDP rulebases, not the firewall or multicast rulebases, select the Update
IDP Rulebase Only check box in the Update Device Options dialog box.
The IDP-on-ISG rulebases are as follows:
IDP
Backdoor
Exempt
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
Need help?
Do you have a question about the NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1 and is the answer not in the manual?
Questions and answers