Table of Contents
Advertisement
Network and Security Manager Administration Guide
About Rulebases
438
In extended mode, every custom field is displayed as a separate column nested under a
header named
Custom Field.
single
column. Filters set in the
Optional Field
custom fields.
Right-click on an individual custom field to edit or filter that particular value. A dialog box
appears, displaying the values of the custom field in a tree structure. You can then search,
add, delete or filter any value in that field.
A rulebase is a set of rules that define how the managed device handles traffic. NSM
supports three firewall rulebases and six IDP rulebases, as detailed in the following
sections. A security policy can contain only one instance of any rulebase type.
By default, the predefined roles System Administrator, Domain Administrator, and IDP
Administrator can view and edit all rulebases. The Read-Only System Administrator and
Read-Only Domain Administrator can only view rulebases. When creating a custom role,
you can include permissions to view or edit individual rulebases.
NSM supports the following firewall rulebases:
Zone—Contains rules that apply to traffic from one specific zone to another. Create a
firewall rule in the zone-specific rulebase when you need to control traffic between
specific zones. The zone-specific rulebase can contain firewall rules and VPN rules
and links.
Global—Contains rules that are valid across all zones. Create a firewall rule in the global
rulebase when you need to control specific traffic across the entire firewall. The global
rulebase can contain only firewall rules.
Multicast—Contains rules that enable IGMP proxy or PIM-SM multicast control traffic
between zones.
NSM supports different kinds of IDP-capable devices that can provide firewall and IDP
functionality: standalone IDP appliances, ISG gateways, J Series routers, SRX Series
gateways, and MX Series routers.
NSM supports the following IDP rulebases:
IDP—This rulebase protects your network from attacks by using attack objects to detect
known and unknown attacks. Juniper Networks provides predefined attack objects
that you can use in IDP rules. You can also configure your own custom attack objects.
NOTE: Juniper Networks updates predefined attack objects on a regular
basis to keep current with newly-discovered attacks.
APE—This rulebase is used by IDP devices to detect network traffic based on application
signatures and to take specified action.
Exempt —This rulebase works in conjunction with the IDP rulebase to prevent
unnecessary alarms from being generated. You configure rules in this rulebase to
In compact mode, the custom field values are listed in a
Optional Fields
Copyright © 2010, Juniper Networks, Inc.
column do not impact the
Advertisement
Table of Contents
