General Report Settings For Screenos Devices Overview - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01 Manual

Configuring ScreenOS Devices Guide
Table 37: Infranet Settings (continued)
Infranet Settings
Action on Timeout
Enforcer Mode
Infranet Controllers
Related
Documentation

General Report Settings for ScreenOS Devices Overview

168
Description
For any reason, if your connection to the Infranet Controller times out, the device
terminates the SSH connection and clears all Infranet Controller related context. You
can change this behavior by setting the timeout action to "Open," in which case the
Infranet Enforcer allows all traffic; or "No Change," in which case the Infranet Enforcer
preserves the current state of all existing tunnel sessions.
This setting takes the Infranet Enforcer out of regular mode and into Test mode. Test
mode is recommended before you actually deploy the Infranet Enforcer enabling you to
evaluate how the solution works. In this mode, the Infranet Enforcer allows all traffic that
matches the Infranet policy. Logs are created indicating the behavior of the Infranet
Enforcer as if it were operating in Regular mode.
You can configure up to eight (8) Infranet Controllers. The order in which these are entered
is used by the Infranet Enforcer to contact each Infranet Controller. Devices permit only
one redirect URL per Infranet Controller.
In devices running ScreenOS 6.2 or later, when UAC is deployed through a ScreenOS
firewall, the firewall acts as the Infranet Enforcer and redirects unauthorized access to a
configured URL (captive portal). The device configures the redirect URL through a policy,
which means that more than one redirect URL can be configured for the same Infranet
Controller.
You can also configure security devices to authenticate using Infranet Controllers in a
rule in a security policy. Refer to the Network and Security Manager Administration Guide
for more information.
General Report Settings for ScreenOS Devices Overview on page 168
Configuring Syslog Host Using NSM (NSM Procedure) on page 169
Setting ScreenOS Authentication Options Using Default Servers Overview on page 167
The Report Settings screens contain reporting options that you can set for the device. In
the Device dialog box, open the Report Settings heading to see the configuration options.
For information about configuring reporting settings, "General Report Settings for
ScreenOS Devices Overview" on page 168.
For more information about reporting concepts for the security devices, see the
"Administration" volume in the Concepts & Examples ScreenOS Reference Guide.
Use the General Report settings to configure the severity levels of the messages you
want to log and where you want those messages sent. As of ScreenOS 6.3, there are
about nine destinations for log messages. You can enable or disable the option to include
serial numbers in log messages. Each system event on a security device is assigned a
level of severity. By default, packets that are dropped on the security device are logged
to the self log. In the Firewall Options, you can disable or enable logging of dropped
packets for specific traffic types, including ICMP, IKE, SNMP, and multicast packets.
Copyright © 2010, Juniper Networks, Inc.