Table of Contents
Advertisement
Copyright © 2010, Juniper Networks, Inc.
About Firewall Rulebases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 440
Firewall Rules (Zone and Global) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 440
VPN Links and Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 441
About Rule Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 442
About the Multicast Rulebase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 442
About IDP Rulebases on ISG Family Devices . . . . . . . . . . . . . . . . . . . . . . . . . 442
About IDP Rulebases on Standalone IDP Sensors . . . . . . . . . . . . . . . . . . . . 443
Enabling IPSec Null Encryption for IDP Inspection . . . . . . . . . . . . . . . . . . . . 444
Managing Security Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 444
Creating a Security Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 444
Configuring Objects for Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 445
Applying the Same Object to Multiple Rules . . . . . . . . . . . . . . . . . . . . . 445
Naming of Address Objects in a Security Policy That References Devices
Running ScreenOS or Junos OS . . . . . . . . . . . . . . . . . . . . . . . . . . . 446
Using the Policy Filter Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 446
Filtering the Comment Field . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 446
Using a Predefined IDP Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 446
Using the Policy Creation Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 447
Adding Rulebases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 448
Configuring Firewall Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 448
Defining Match for Firewall Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 449
Configuring Source and Destination Zones for Firewall Rules . . . . . . . . 449
Support for Any-IPv6 as a Source Address . . . . . . . . . . . . . . . . . . . . . . . 451
Configuring Services for Firewall Rules . . . . . . . . . . . . . . . . . . . . . . . . . . 452
Defining Actions for Firewall Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 452
Selecting Devices for Firewall Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 453
Configuring Firewall Rule Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 454
Enabling NAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 454
Enabling GTP for Firewall Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 455
Configuring Traffic Shaping in a Security Policy . . . . . . . . . . . . . . . . . . . 455
Enabling Logging and Counting for Firewall Rules . . . . . . . . . . . . . . . . . 457
Miscellaneous . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 458
ID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 459
Configuring Web Filtering for Firewall Rules . . . . . . . . . . . . . . . . . . . . . 460
Configuring Authentication for Firewall Rules . . . . . . . . . . . . . . . . . . . . . 461
Configuring Antivirus for Firewall Rules . . . . . . . . . . . . . . . . . . . . . . . . . 462
Configuring a DI Profile/Enable IDP for Firewall Rules . . . . . . . . . . . . . . 463
Limiting Sessions per Policy from Source IPs . . . . . . . . . . . . . . . . . . . . 464
Configuring the Session Close Notification Rule . . . . . . . . . . . . . . . . . . 465
Comments for Firewall Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 465
Configuring Multicast Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 466
Configuring Source and Destination Zones . . . . . . . . . . . . . . . . . . . . . . . . . . 466
Configuring Source and Destination Groups . . . . . . . . . . . . . . . . . . . . . . . . . 466
Configuring Rule Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 466
Configuring Antivirus Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 467
Configuring Antispam Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 468
Table of Contents
xxi
Advertisement
Table of Contents
Related Manuals for Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1
Related Products for Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - API GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING J SERIES SERVICES ROUTERS AND SRX SERIES SERVICES GATEWAYS GUIDE REV
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - NSMXPRESS SERIES II REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - M-SERIES AND MX-SERIES DEVICES GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.3
- Juniper NETWORK AND SECURITY MANAGER 2010.2
- Juniper MEDIA FLOW CONTROLLER 2.0.4 -
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - AQL EVENT AND FLOW QUERY CLI GUIDE
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - EVENT CATEGORY CORRELATION REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - SNMP AGENT GUIDE REV 1
- Juniper STRM LOG MANAGEMENT 2008.2 - S 6-2008
Need help?
Do you have a question about the NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1 and is the answer not in the manual?
Questions and answers