Table of Contents
Advertisement
User Groups
OR
AND
NOT
Group Expressions
OR
Copyright © 2010, Juniper Networks, Inc.
using the operator OR, AND, or NOT to combine user objects, user group objects, or other
group expressions to define:
Alternatives for authentication ("a" OR "b" )
Requirements for authentication "a" AND "b" )
Exclusions of a user group, or another group expression (NOT "c" ).
NOTE: The user and user groups you reference in the group expressions must be external
users that are stored on an external RADIUS server. (A RADIUS server enables a user
to belong to more than one user group).
The operators have different meanings depending on the type of user object you are
using in the security policy, as listed in Table 40 on page 405.
Table 40: Group Expression Operators
User Objects
OR
If the security policy defines authentication for "a" or "b" user objects, the security
device authenticates the user if it is either "a" or "b" .
AND
Requires one of the two objects in the expression to be either a user group or a group
expression (a single user cannot be both user "a" and user "b" ). If the security policy
defines authentication for "a" AND a member of group "b" , the security device
authenticates the user only if those two conditions are met.
NOT
If the security policy defines authentication for any user object that is not the "c" user
(NOT "c" ), the security device authenticates all users except the "c" user.
If the security policy defines authentication for user group " a" or user group " b"
, the security device authenticates the user if it belongs to either " a" or " b" user
group.
If the security policy defines authentication for user group " a" AND user group "b"
, the security device authenticates the user only if it belongs to both user groups.
If the security policy defines authentication for any user group that is not group
"c" (NOT "c" ), the security device authenticates all users except those that belong
to the "c" user group.
If the security policy defines authentication for user objects that match the
description of group expression "a" OR group expression "b" , the security device
authenticates the user if either group expression references that user.
Chapter 8: Configuring Objects
405
Advertisement
Table of Contents
Related Manuals for Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
Related Products for Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - API GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING J SERIES SERVICES ROUTERS AND SRX SERIES SERVICES GATEWAYS GUIDE REV
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - NSMXPRESS SERIES II REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - M-SERIES AND MX-SERIES DEVICES GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.2
- Juniper MEDIA FLOW MANAGER 2.0.2 - ADMINISTRATOR S GUIDE AND CLI
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CATEGORY OFFENSE INVESTIGATION GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT ADMINISTRATION GUIDE REV 1
- Juniper MEDIA FLOW CONTROLLER 2.0.5
- Juniper 200 Series
Need help?
Do you have a question about the NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1 and is the answer not in the manual?