Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01 Manual page 43

Table 8: Objects in Object Manager (continued)
Objects
IDP Attack Objects
AV Objects
ICAP Objects
Web Filtering Objects (Web
Profiles)
Service Objects
SCTP Objects
User Objects
IP Pools
Authentication Servers
Group Expressions
Remote Settings
NAT Objects
GTP Objects
CA Objects
Copyright © 2010, Juniper Networks, Inc.
Description
Represent attack patterns that detect known and unknown attacks. You use IDP attack
objects within IDP rules. On devices running ScreenOS 6.3, you can also set IPv6 version
signature information while editing IP settings and header matches of a custom attack. When
you select the IPv6 option, the Protocol tab displays the ICMP6 Packet Header Fields value,
and then you can also modify the respective configurable parameters.
Represent the AV servers, software, and profiles available to devices managed by NSM.
Represent the Internet Content Adaptation Protocol (ICAP) servers and server groups used
in ICAP AV objects.
Define the URLs, the Web categories, and the action you want a security device to take against
matching traffic.
Represent services running on your network, such as FTP, HTTP, and Telnet. NSM contains
a database of Service Objects for well-known services; you can also create Service Objects
to represent the custom services you are running on your network.
Provide a reliable transport service that supports data transfer across the network, in sequence
and without errors. s of ScreenOS 6.3, the existing SCTP stateful firewall supports protocol
filtering.
NOTE: You can configure the security device to perform stateful inspection on all SCTP
traffic without performing deep inspection (DI). If you enable stateful inspection of SCTP
traffic, the SCTP ALG drops any anomalous SCTP packets.
Represent the remote users that access the network protected by the security device. To
provide remote users with access, create a user object for each user, and then create a VPN
that includes those user objects.
Represent a range of IP addresses. You use IP pools when you configure a DHCP server for
your managed devices.
Represent external authentication servers, such as RADIUS and SecureID servers. You can
use an authentication server object to authenticate NSM administrators (RADIUS only),
XAuth users, IKE RAS users, L2TP users, and IKEv2 EAP users. NSM provides configuration
support for Authentication Manager version 5 or later. This provision has introduced the
concept of a primary server with up to 10 replica servers. In the Primary/Replica version, each
server can process authentication requests. The more current agents will send to the server,
the faster the responder.
Are OR, AND, and NOT statements that set conditions for authentication requirements.
Represent DNS and WINS servers. You use remote settings object when configuring XAuth
or L2TP authentication in a VPN.
Represent MIPs, VIPs, and DIPs.
Represent GTP client connections.
Represent the certificate authority's certificate.
Chapter 1: NSM User Interface and NSM Key Management Features
19