Table of Contents
Advertisement
Network and Security Manager Administration Guide
Adding the Exempt Rulebase
Defining a Match
492
Before you can configure a rule in the Exempt rulebase, you need to add the Exempt
rulebase to a security policy.
In the main navigation tree, select Policies. Open a security policy by double-clicking
1.
the policy name in the security policies window or click the policy name and then
select the Edit icon.
Click the Add icon in the upper right corner of the Security Policy window and select
2.
Add Exempt Rulebase to enable the Exempt rulebase tab.
To configure an exempt rule, click the Add icon on the left side of the Security Policy
3.
window to open a default exempt rule. You can modify this rule as necessary.
You specify the traffic you want to exempt from attack detection. The Match columns
From Zone, Source, To Zone, and Destination are required for all rules in the exempt
rulebase.
The following sections detail the Match columns of an exempt rule.
Configuring Source and Destination Zones
You can select multiple zones for the source and destination, however these zones must
be available on the security devices on which you will install the policy. You can specify
"any" for the source or destination zones to monitor network traffic originating or destined
for any zone.
NOTE: You can create custom zones for some security devices. The list of
zones from which you can select source and destination zones includes the
predefined and custom zones that have been configured for all devices
managed by NSM. Therefore, you should only select zones that are applicable
for the device on which you will install the security policy.
Configuring Source and Destination Address Objects
In the NSM system, address objects are used to represent components on your network:
hosts, networks, servers, etc. You can specify "any" to monitor network traffic originating
from any IPv4 address and "AnyIPv6" to monitor network traffic originating from any
IPv6 address. You can also negate the address objects listed in the Source or Destination
column to specify all sources or destinations except the excluded object.
You can create address objects either before you create an exempt rule or while creating
or editing an exempt rule. To select or configure an address object, right-click either the
Source or Destination column of a rule and select Select Address. In the Select Source
Addresses dialog box, you can either select an already-created address object or click
the Add icon to create a new host, network, or group object.
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
