Table of Contents
Advertisement
Network and Security Manager Administration Guide
Configuring Group Expressions
410
For Start IP, enter 1.1.1.1.
For End IP, enter 1.1.1.10.
In the IP Pool dialog box, click the Add icon to configure the second IP pool range. The
4.
New IP Pool Name dialog box appears. Configure the Start IP and End IP, then click
OK:
For Start IP, enter 2.2.2.2.
For End IP, enter 2.2.2.20.
Click OK again to save the IP Pool object and return to Object Manager.
5.
Group expressions are statements that set conditions for authentication requirements,
enabling you to combine multiple external user objects. You can create group expressions
using the operator OR, AND, or NOT to combine user objects, user group objects, or other
group expressions to define:
Alternatives for authentication ("a" OR "b" )
Requirements for authentication "a" AND "b" )
Exclusions of a user group, or another group expression (NOT "c" ).
NOTE: The user and user groups you reference in the group expressions
must be external users that are stored on an external RADIUS server. (A
RADIUS server enables a user to belong to more than one user group).
The operators have different meanings depending on the type of user object you are
using in the security policy, as listed in Table 40 on page 410.
Table 40: Group Expression Operators
User Objects
OR
If the security policy defines authentication for "a" or "b" user objects, the security
device authenticates the user if it is either "a" or "b" .
AND
Requires one of the two objects in the expression to be either a user group or a group
expression (a single user cannot be both user "a" and user "b" ). If the security policy
defines authentication for "a" AND a member of group "b" , the security device
authenticates the user only if those two conditions are met.
NOT
If the security policy defines authentication for any user object that is not the "c" user
(NOT "c" ), the security device authenticates all users except the "c" user.
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
Related Manuals for Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1
Related Products for Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - API GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING J SERIES SERVICES ROUTERS AND SRX SERIES SERVICES GATEWAYS GUIDE REV
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - NSMXPRESS SERIES II REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - M-SERIES AND MX-SERIES DEVICES GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.3
- Juniper NETWORK AND SECURITY MANAGER 2010.2
- Juniper MEDIA FLOW CONTROLLER 2.0.4 -
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - AQL EVENT AND FLOW QUERY CLI GUIDE
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - EVENT CATEGORY CORRELATION REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - SNMP AGENT GUIDE REV 1
- Juniper STRM LOG MANAGEMENT 2008.2 - S 6-2008
Need help?
Do you have a question about the NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1 and is the answer not in the manual?
Questions and answers