Reimporting Devices And Security Policies; Merging Policies - Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1 Administration Manual

Network and Security Manager Administration Guide

Reimporting Devices and Security Policies

Merging Policies

518
VPN rules or VPN links
Rules that manage traffic from a specific zone or interface on the security device
Rules for a specific device or device group
Rules that provide attack or AV protection
Rules that manage VoIP traffic with GTP objects
You can add, edit, and delete rule groups; however, deleting a rule group also deletes all
rules within that group. If necessary, you can also ungroup a rule group.
You can create multiple rule groups (40,000 rules maximum in a security policy). NSM
supports one level of rule groups; you cannot create a rule group within a rule group.
Occasionally, you might need to delete and then again add a security device to NSM.
After you reimport the device configuration for a device that was previously managed by
NSM:
If you made no changes to the device policies using the WebUI or CLI, when you reimport
the device, NSM does not create a new security policy.
If you made changes to the devices policies using the WebUI or CLI, when you reimport
the device, NSM creates a new security policy.
You must manually reassign a policy to a reimported device. For example, if you reimport
a previously-managed security device, you might want to first merge the imported policy
with a more comprehensive policy, then assign the comprehensive policy to the device.
NOTE: Importing the running configuration from a device completely
overwrites all configuration information stored within NSM for that device.
To help avoid accidental configuration overwriting, when you attempt to
import a configuration from a currently managed security device, NSM
prompts you for confirmation.
When you import policies from a single managed device, those policies appear in NSM
as rules in a new policy. Each device policy is imported as a single rule, and the rules make
up the policy that exists on the device.
NOTE: In the ScreenOS WebUI and CLI, a security policy is a single statement
that defines a source, destination, zone, direction, and service. In NSM, those
same statements are known as rules, and a security policy is a collection of
rules.
To simplify policy management and maintenance, you can merge two policies into a
single security policy. To merge two policies, select a source policy and a target policy:
Copyright © 2010, Juniper Networks, Inc.