Table of Contents
Advertisement
Configuring CRLs
Configuring Extranet Policies
Copyright © 2010, Juniper Networks, Inc.
After you have obtained a CRL file (.crl) from your CA, use this file to create a Certificate
Revocation object.
In Object Manager, select CRLs, then click the icon to display the New CRL dialog box.
Enter a name for the CRL, then click Load CRL and load the appropriate .crl file. NSM
uses the information in the .crl file to automatically complete the Issued By and Expire
On fields. Click OK to complete the CRL object.
Extranet policies enable you to configure and manage extranet devices (that is, third-party
router).
In this example, you want to update an existing policy on a third-party router to deny
certain ftp traffic from a specific IP address. You can do this by creating a script that
performs the required actions when you update the extranet device. You also need to
create your rule in an Extranet Policy object.
To create an Extranet Policy object:
In the Object Manager, select Extranet Policies. The New ExtranetPolicyObject
1.
window appears.
Enter the name of the Extranet Policy, for example, Extranet Policy1. Add a comment
2.
in the Comments field.
Configure the Extranet Policy object:
3.
Click New. The New - Rule window appears.
Use the up/down arrow to specify an ID for the rule.
Add a comment for the rule.
Click Deny in the Action field.
Select a source address in the Source tab.
Select a destination address in the Destination tab.
Select FTP in the Service tab.
Select the integer IDs that you created in the Custom Policy Field object in the
Options tab.
Click OK.
4.
When you create the extranet device in NSM, bind the policy to the appropriate interface
and specify the script you want to perform the required update actions. When you update
the device, NSM invokes the script. Any XML output appears in the Job Information
window.
Chapter 8: Configuring Objects
419
Advertisement
Table of Contents
