Table of Contents
Advertisement
Network and Security Manager Administration Guide
Reimporting Devices and Security Policies
506
NOTE: You cannot drag an object into a column that is not appropriate for that object.
For example, you cannot drop a service object into the "Install On" column; you cannot
drop a standalone IDP device into the "Install On" column for a zone-based firewall
rulebase. Dragging and dropping objects is also not supported on any predefined IDP
policy.
Deleting a Rule
To delete a rule, right-click inside the No. column (the first column) of the rule and select
Delete. You can also delete a rule group; however, deleting the rule group also deletes
all rules within the rule group.
Disabling a Rule
To disable a rule, right-click inside the No. column (the first column) of the rule and select
Disable. The rule remains in the rulebase, but a gray diagonal stripe indicates that it has
been disabled. While the rule is disabled, NSM does not install the rule on any devices.
To enable a rule, right-click inside the No. column (the first column) of the rule and select
Disable again to clear the checkbox. You can disable rule groups using the same method.
Using Rule Groups
To create a rule group, select the rules you want to include in the group, then right-click
and select create rule group. Enter a name and description for the rule group, then click
OK.
Combining rules into a rule group can help you better manage rules. For example, you
might want to create rule group for:
VPN rules or VPN links
Rules that manage traffic from a specific zone or interface on the security device
Rules for a specific device or device group
Rules that provide attack or AV protection
Rules that manage VoIP traffic with GTP objects
You can add, edit, and delete rule groups; however, deleting a rule group also deletes all
rules within that group. If necessary, you can also ungroup a rule group.
You can create multiple rule groups (40,000 rules maximum in a security policy). NSM
supports one level of rule groups; you cannot create a rule group within a rule group.
Occasionally, you might need to delete and then again add a security device to NSM.
After you reimport the device configuration for a device that was previously managed by
NSM:
If you made no changes to the device policies using the WebUI or CLI, when you reimport
the device, NSM does not create a new security policy.
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
