Access List Overview - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01 Manual
Configuring screenos devices guide
Hide thumbs
Also See for NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01:
- Manual (340 pages) ,
- Administration manual (1026 pages) ,
- Installation manual (244 pages)
Table of Contents
Advertisement
Configuring ScreenOS Devices Guide
Related
Documentation
Access List Overview
298
Table 73: Virtual Router General Properties (continued)
Property
Description
Shared VR
You can make the VR accessible from any virtual system (vsys) on the
device. By default, only the untrust-vr is a shared VR that is accessible
by any vsys. You can configure other root-level VRs to be sharable.
Route Exporting
(For the trust-vr only) You can enable or disable automatic route exporting
to the untrust-vr for interfaces configured in Route mode.
Consider Active
You can direct the virtual router to consider active routes on inactive
Routes
interfaces for redistribution or export. By default, only active routes defined
on active interfaces can be redistributed to other protocols or exported
to other virtual routers.
SNMP Private Traps
You can specify the use of SNMP private traps for managing virtual router
objects, including objects in the dynamic routing MIB. This option is only
available for the default root-level virtual router.
Ignore Overlapping
You can direct the virtual router to ignore overlapping subnet addresses
Subnets
for interfaces in the virtual router. By default, you cannot configure
overlapping subnet IP addresses on interfaces in the same virtual router.
Next Hop
(For the trust-vr only) You can direct the virtual router to use the untrust-vr
as the next hop for the default route.
For instructions for configuring virtual router general properties, see the Network and
Manager Security Manager Online Help.
Configuring Virtual Routers Overview on page 294
Route Types Overview on page 295
Virtual Routers Overview on page 296
Access List Overview on page 298
An access list is a sequential list of statements against which a route is compared. Each
entry in the list specifies the IP address or netmask of a network prefix and the forwarding
status (whether to permit or deny the route).
For example, an entry in an access list can permit routes for the 1.1.1.0/24 subnetwork,
while another entry in the same access list can deny routes for the 2.2.2.0/24 subnetwork.
If a route matches an entry in the access list, the specified forwarding status is applied.
If the two entries are in an access list, a route to the host at 1.1.1.10 is permitted, while the
route to the host at 2.2.2.10 is denied.
You can also use access lists to control the flow of multicast control traffic. You can
create an access list to restrict the multicast groups that hosts can join or the sources
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
Need help?
Do you have a question about the NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01 and is the answer not in the manual?