Installing Security Policies; Assigning A Security Policy To A Device; Validating Security Policies - Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1 Administration Manual

Table of Contents

Advertisement

Installing Security Policies

Assigning a Security Policy to a Device

Validating Security Policies

Copyright © 2010, Juniper Networks, Inc.
After you have successfully verified your security policy, you must:
Assign the policy to your managed devices.
1.
Validate the policy.
2.
Install the policy on your managed devices.
3.
The following sections detail each step.
New devices do not have an existing or default security policy. However, when you import
a device configuration, NSM automatically imports all existing policies for the device. To
simplify policy management, you can merge these multiple device policies into a single
security policy that you install on several devices at one time. For details, see "Merging
Policies" on page 518.
After you have created a security policy, you must assign that policy to a device. Assigning
a policy to a device links the device to that policy, enabling NSM to install the policy on
that device. To assign an existing policy to a device, use one of the following methods:
Right-click a device and select Policy > Assign Policy. Select the policy you want to
assign to the device.
Double-click a device to open the device configuration. In the Info tab, under Policy for
device, select the policy you want to assign to the device.
You can use a single security policy to control multiple security devices. Each rule in a
security policy contains an Install On column that specifies the devices the rule is applied
to. This means that you can assign a security policy to a device, but only some of the
rules in that policy are actually installed on that device during a device update.
You can also create multiple policies for a single device, but only one security policy can
be active on the device. When you update a device configuration, NSM installs the active
policy on the security device. By default, NSM considers the active policy to be the policy
that was most recently edited.
NOTE: If you delete and then re-import a device, you must reassign a policy
to the device.
You should validate a security policy to identify potential problems before you install it.
NSM contains a Policy Validation tool to help you locate common problems, such as:
Chapter 9: Configuring Security Policies
509

Advertisement

Table of Contents
loading

This manual is also suitable for:

Network and security manager 2010.4

Table of Contents