Table of Contents
Advertisement
Chapter 10
Chapter 11
Copyright © 2010, Juniper Networks, Inc.
Disabling a Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 510
Using Rule Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 510
Reimporting Devices and Security Policies . . . . . . . . . . . . . . . . . . . . . . . . . . 510
Merging Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 511
Importing SRX Series Devices That Contain Inactive Policies . . . . . . . . . . . . 513
Exporting Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 513
Automatic Policy Versioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 514
Setting NSM to Automatic Policy Versioning . . . . . . . . . . . . . . . . . . . . . 514
Viewing Existing Policy Versions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 514
Creating a New Policy Version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 515
Using a Filter to Search for a Policy Version . . . . . . . . . . . . . . . . . . . . . . 515
Editing Comments for an Existing Policy Version . . . . . . . . . . . . . . . . . . 515
Comparing Two Versions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 516
Restore an Older Version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 516
Viewing, Editing, Filtering, and Sorting Database Versions . . . . . . . . . . . 517
Displaying the Differences Between Database Versions . . . . . . . . . . . . 518
Update Device with an Older Database Version . . . . . . . . . . . . . . . . . . . 518
Pre and Post Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 519
Rule Application Sequence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 520
ScreenOS Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 520
Validation of prerules and postrules . . . . . . . . . . . . . . . . . . . . . . . . . . . . 520
Install-On Column for prerules and postrules . . . . . . . . . . . . . . . . . . . . . 521
Managing prerules and postrules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 521
Add prerules and postrules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 521
Push prerules and postrules to Regional Server . . . . . . . . . . . . . . . . . . . 521
Modify prerules and postrules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 522
Delete prerules and postrules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 522
Polymorphic Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 522
Customizing Polymorphic Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 522
Access Control of Polymorphic Object . . . . . . . . . . . . . . . . . . . . . . . . . . 523
Validation of Polymorphic Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 523
Supported Polymorphic Object Categories . . . . . . . . . . . . . . . . . . . . . . 523
Manage Polymorphic Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 524
Create a Polymorphic Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 524
Add a Polymorphic Object to a Pre/Post Rule . . . . . . . . . . . . . . . . . . . . 524
Map a Polymorphic Object to a Real Value . . . . . . . . . . . . . . . . . . . . . . 525
Mapping Polymorphic Objects Before Importing or Updating Affected
Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 525
Configuring Voice Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 527
Adding a BSG Transaction Rulebase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 527
Adding Rules to the BSG Transaction Rulebase . . . . . . . . . . . . . . . . . . . . . . . . . . 528
Configuring Junos NAT Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 531
Source NAT Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 531
Adding a Source NAT Rulebase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 532
Adding a Rule Set to the Source NAT Rulebase . . . . . . . . . . . . . . . . . . . . . . . 532
Adding a Rule to a Source NAT Rule Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . 533
Table of Contents
xxv
Advertisement
Table of Contents
Related Manuals for Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
Related Products for Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - API GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING J SERIES SERVICES ROUTERS AND SRX SERIES SERVICES GATEWAYS GUIDE REV
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - NSMXPRESS SERIES II REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - M-SERIES AND MX-SERIES DEVICES GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.2
- Juniper MEDIA FLOW MANAGER 2.0.2 - ADMINISTRATOR S GUIDE AND CLI
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CATEGORY OFFENSE INVESTIGATION GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT ADMINISTRATION GUIDE REV 1
- Juniper MEDIA FLOW CONTROLLER 2.0.5
- Juniper 200 Series