Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1 Administration Manual page 79

Copyright © 2010, Juniper Networks, Inc.
Configure AutoKey IKE, L2TP, and L2TP-over-AutoKey IKE VPNs in policy-based or
route-based modes. You can also create an AutoKey IKE mixed mode VPN to connect
policy-based VPN members with route-based VPNs members.
Configure AutoKey IKE and L2TP policy-based VPNs for remote access services (RAS)
and include multiple users.
NSM supports VPN management for ScreenOS devices, IDP sensors, J Series devices,
and SRX Series devices.
UAC Manager
The UAC Manager enables you to create and view associations between Infranet
Controllers (IC) and Enforcement Points (EP) in a network. You can choose between IC
views and EP views. The IC view provides a list of EPs associated with the IC and their
location groups. You can associate or disassociate EPs from a particular IC. The EP view
provides a list of associated ICs and their port details. You can use this feature to resolve
configuration conflicts, and enable or disable 802.1X ports on enforcement points.
Object Manager
The Object Manager contains objects, which are reusable, basic NSM building blocks
that contain specific information. You use objects to create device configurations, policies,
and VPNs. Objects are shared by all devices and policies in a domain.
You can create the following objects in NSM:
Access Profiles—An access profile consists of a set of attributes that defines access
to a device. You can create access profile objects and share them across security
policies that are assigned to J Series Services Routers and SRX Series Services Gateways
managed by NSM.
Address objects—Represent components of your network—hosts, networks, servers.
Attack objects—Define DI profiles and IDP attack objects.
DI Profiles—Define the attack signature patterns, protocol anomalies, and the action
you want a security device to take against matching traffic.
IDP attack objects—Define attack patterns that detect known and unknown attacks.
You use IDP attack objects within IDP rules.
Custom Policy Fields objects—Represent metadata information that you can store
and use in a structured manner. Users can add custom objects to the policy table, such
as ticket number, vendor contact, and so on, for each rule in the rulebase. NSM provides
a shared object to store these custom details while the table contains a column that
corresponds to these custom details.
AV objects—Represent the AV servers, software, and profiles available to devices
managed by NSM.
ICAP objects—Represents the Internet Content Adaptation Protocol (ICAP) servers
and server groups used in ICAP AV objects.
GTP objects—Represent GTP client connections.
Chapter 1: Introduction to Network and Security Manager
29