Table of Contents
Advertisement
Network and Security Manager Administration Guide
Enabling IPSec Null Encryption for IDP Inspection
Managing Security Policies
Creating a Security Policy
438
In NSM release 2007.3 and later, you can enable or disable de-capsulation of IPSec
packets with null encryption. This feature applies to ISG devices with IDP functionality
running ScreenOS 6.1 and later..
To enable IPSec null encryption for IDP inspection:
In the NSM main navigation tree, click Device Manager > Devices.
1.
Select an ISG device with IDP functionality running ScreenOS 6.1 or later, and click
2.
the Edit icon. The Devices dialog box appears.
Click Security > IDP SM Settings.
3.
Click the Run-time Parameters tab.
4.
Enable IPSec null encryption by selecting the Enable IPSec ESP-NULL decapsulation
5.
support check box, and then click OK.
After you have created a security policy, you can:
Modify individual rules in each rulebase, such as changing rule order (determine the
order that rules are applied to network traffic by placing the rules in the desired
sequential order), disabling a rule, negating source or destination addresses (ScreenOS
5.x devices only), and so on.
Validate a security policy before installing it on your managed devices.
Merge multiple security policies into a single policy for easier management. For example,
after importing (or re-importing) devices into the management system, you might
want to merge their imported policies into a single policy for all devices.
Export the policy to an HTML file.
For information about managing your security policies, see "Managing Rules and Policies"
on page 507.
When creating a security policy, consider the following:
Objects—Before creating a security policy, you should first use Object Manager to
create objects representing your network components, custom services, custom attack
objects, and so on. You use these objects when configuring rules within the policy.
If you are running an IDP-enabled device, you can use the profiler to monitor the traffic
of interest on your network.
Pre-Existing Policies—When creating a new policy, you can use an existing policy as a
template. NSM comes with a collection of predefined IDP policies that you can use, or
you can use a policy that was created earlier by your organization.
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
Need help?
Do you have a question about the NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1 and is the answer not in the manual?
Questions and answers