Object Manager - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01 Manual

Configuring ScreenOS Devices Guide

Object Manager

Table 8: Objects in Object Manager
Objects
Address Objects
QoS Profiles
Schedule Objects
DI Objects
18
NOTE: In ScreenOS 6.1 or later, users can set "group 14" for phase 1 and 2
proposals.
Configure AutoKey IKE, L2TP, and L2TP-over-AutoKey IKE VPNs in policy-based or
route-based modes. You can also create an AutoKey IKE mixed mode VPN to connect
policy-based VPN members with route-based VPNs members.
Configure AutoKey IKE and L2TP policy-based VPNs for remote access server (RAS)
and include multiple users.
NOTE: In ScreenOS 6.1 or later, AutoKey IKE VPN and AutoKey IKE RAS
VPN are supported in IKEv2 parameters.
The Object Manager contains objects, which are reusable, basic NSM building blocks
that contain specific information. You use objects to create device configurations, policies,
and VPNs. All objects are shared, meaning they can be shared by all devices and policies
in the domain.
Table 8 on page 18 describes the objects that you can create in NSM.
Description
Represent components of your network (hosts, networks, servers). On devices running
ScreenOS 6.3, he new policy appears in the security policy list and supports IPv6 in policy
rule bases, IDP, address and attack objects. After you have created a security policy, you can
add rules to the new policy. Rules include IPv4, IPv6, VPN, and also VPN link. For more
information, see the IDP Concepts & Examples guide. A rule with combination of IPv4 or IPv6
address objects is not allowed.
Represent the resource reservation control mechanisms rather than the achieved service
quality. You can provide different priority to different applications, users, or data flows, or to
guarantee a certain level of performance to a data flow. You can configure QoS into a policy
role, using role options. There are two types of QoS profiles and they are DSCP and IP
precedence.
Represent specific dates and times. You can use schedule objects in firewall rules to specify
a time or time period that the rule is in effect.
Define the attack signature patterns, protocol anomalies, and the action you want a security
device to take against matching traffic. On devices running ScreenOS 6.3, you can also set
IPv6 version signature information while editing IP settings and header matches of a custom
attack.
Copyright © 2010, Juniper Networks, Inc.