Table of Contents
Advertisement
Network and Security Manager Administration Guide
Using Configuration Groups
Merging Policies
Using a Naming Convention
56
Apply these templates to a single device to instantly configure the DNS, PKI, and
Authentication settings for the device.
NOTE: You cannot create VPNs between devices in different domains.
For details about device templates, see "Using Device Templates" on page 198.
Configuration groups are similar to device templates in that you define configuration
data to be used multiple times. Configuration groups, which are used only in Junos devices,
are different in that the configuration data is used within the same device but at several
levels in the configuration. A special use of configuration group is to apply configuration
data in different members of a cluster.
For details about configuration groups, see "Using Configuration Groups" on page 223.
You can create new policies for all your managed devices from the central NSM UI and
deploy them with a single click. Alternatively, NSM can import all existing policies from
your device. You can import all security and access policies from your devices, and import
all VPN tunnels (route-based and policy-based) from your devices.
Each time you import a policy from a managed device, that policy appears in NSM as a
separate, individual policy in the Security Policies list. To simplify policy management
and maintenance, you can merge two policies into a single policy. For details on merging
policies, see "Configuring Security Policies" on page 435.
A naming convention is a method for assigning names to your network devices (firewalls,
servers, workstations, and so on) that enables you to quickly identify where the device
is and what its purpose is.
If your network is small, you might choose a simple naming convention, such as planet
names, car models, or mountain names. When using this type of informal method to
name your network components, be sure to choose a theme that is easily understood
by your users and administrators, and that still has room to grow. For example, you might
use the naming convention. <city><name>, with a naming theme of Greek mythology
figures; some sample device names might be la_ns5gt_Athena, sf_ns5XT_Zeus, or
oak_ns204_Hermes.
If your network is larger, however, you need a more formal naming schema that is more
descriptive of the network component's location and purpose. Having a logical and
standardized naming convention can help you quickly identify the appropriate
administrator for the component, as well as quickly identify the component location
without having to review subnet tables.
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
