Table of Contents
Advertisement
Copyright © 2010, Juniper Networks, Inc.
The source policy contains the rules that you want to merge into another policy (in the
UI, this is the From Policy).
The target policy receives the rules from the source policy (in the UI, this is the To
Policy).
NSM copies the rules from the source policy and pastes them above, below, or inline with
the rules in the target policy. When placing rules inline, be aware of the intra-policy
dependence of both policies. Because rule order is important (rules are executed
top-down), rules can be dependent on other rules. If you rearrange the order of dependent
rules by inserting merged rules, the security device changes the way it handles the packets.
If you are unsure if you have intra-policy dependence in your rules, it's best to merge rules
above or below the existing rules.
After creating a single security policy that contains both source and target rules, NSM
also identifies rules that contain similar values in the source, destination, service, and
install on columns, then collapses those rules into a single rule. NSM does not collapse
rules that contain different zones, or rules that refer to unique VPNs.
By default, NSM also updates the device policy pointers to reference the new merged
policy (the device policy pointer indicates which security policy is assigned to a device).
When configuring Policy Merge settings, you can edit this option to keep the device policy
pointers for both the source and target policies.
You can merge any two security policies. To access the Policy Merge tool, select the
Policies, then use the menu bar to select Tools > Policy Merge. See the NSM Online Help
for details.
NOTE: You can merge rules from 5.0 and later devices that use the deny
action into rules from 5.1 and later devices that use the reject action, provided
that the source, destination, source, and service are the same for the rules.
Policy A contains the rules as shown in Figure 84 on page 519.
Figure 84: Security Policy A Rules (Before Policy Merge)
Policy B contains the rules as shown in Figure 85 on page 520.
Chapter 9: Configuring Security Policies
519
Advertisement
Table of Contents
Subscribe to Our Youtube Channel
Related Manuals for Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1
Related Products for Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - API GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING J SERIES SERVICES ROUTERS AND SRX SERIES SERVICES GATEWAYS GUIDE REV
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - NSMXPRESS SERIES II REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - M-SERIES AND MX-SERIES DEVICES GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.3
- Juniper NETWORK AND SECURITY MANAGER 2010.2
- Juniper MEDIA FLOW CONTROLLER 2.0.4 -
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - AQL EVENT AND FLOW QUERY CLI GUIDE
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - EVENT CATEGORY CORRELATION REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - SNMP AGENT GUIDE REV 1
- Juniper STRM LOG MANAGEMENT 2008.2 - S 6-2008
Need help?
Do you have a question about the NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1 and is the answer not in the manual?
Questions and answers