Editing And Deleting Service Objects; Replacing Service Objects - Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1 Administration Manual

Network and Security Manager Administration Guide

Editing and Deleting Service Objects

Replacing Service Objects

394
You can edit a service object by right-clicking on the object and selecting Edit. You can
also delete a service object by right-clicking on the object and selecting Delete. For more
information on editing and deleting service objects, refer to the NSM Online Help.
You can replace a service object by right-clicking on the object and selecting Replace
With. Replacing service objects simplifies making redundant changes to a service object
that is referenced in multiple security policies. If you have permission to view the global
domain objects for the objects you are replacing, then all objects for the selected category
in the current domain and the global domain are displayed in the Replace With wizard,
but the object to be replaced is not shown. When replacing service objects however, keep
the following in mind:
There is no validation check when replacing service objects; an error appears for any
service objects that are not valid for specific policies. For example, you cannot assign
a SUN-RPC-ANY service object to an IDP policy.
You cannot replace a service object with a service group object that contains the
replaced service object.
You cannot undo or roll back a Replace With operation.
NOTE: Replacing service objects only applies to those objects in the domain
in which you are working. Custom Services created in the global domain
are not available for Replace With operations in subdomains.
After replacing service objects, it is good practice to check your security policies for any
errors that may result. You can always edit or remove any duplicate objects in the security
policy.
In this example, you want to replace all references to HTTP with HTTPS in your security
policies.
To replace HTTP with HTTPS:
In the navigation tree, select the Object Manager and click Service Objects to open
1.
the service object tree.
Click on Predefined Service Objects.
2.
In the Service Tree or Service Table, right-click on the HTTP service object and select
3.
Replace With. The Replace With wizard appears displaying a list of objects you can
replace the selected service object with.
Select the HTTPS service object. Click Next. The wizard next displays the objects
4.
affected by the Replace With operation.
As an optional step, you can delete any replaced custom service objects by clicking
on them and then selecting Delete Replaced Object.
Copyright © 2010, Juniper Networks, Inc.