Error Prevention, Recovery, And Auditing; Device Configuration Validation; Policy Validation; Atomic Configuration And Updating - Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1 Administration Manual

Error Prevention, Recovery, and Auditing

Copyright © 2010, Juniper Networks, Inc.
Groups—Group your devices by platform, OS version, location, or function, and then
add them to your security policies.
Zone Exceptions—To simplify your rules, define a common To Zone and From Zone
for all devices in the rule, and then specify zone exceptions to change the To and From
zones for specific devices. Zone exceptions add flexibility to your rules, enabling you
to manage more devices in a single rule.
Filtering—Filter on From and To Zones to see rules between zones.
Scheduling—Schedule a period during which a security policy is in effect on the devices
in a rule. Create schedule objects as one-time, recurring, or both.
Security and Protection—Configure a rule to look for attacks, viruses, or specific URLs.
Traffic Shaping—Use your firewall rules to control the amount of traffic permitted
through your managed devices.
Using NSM's error prevention and recovery features, you can ensure that you are
consistently sending stable configurations to your devices, and that your device remains
connected to NSM. You can track each change made by a NSM administrator to help
you identify when, how, and what changes were made to your managed devices.

Device Configuration Validation

NSM alerts you to configuration errors while you work in the UI. Each field that has incorrect
or incomplete data displays an error icon:
Move your cursor over the icon to see details. For more details on validation, see
"Validation Icons in the User Interface" on page 31.

Policy Validation

The policy validation tool checks your security policies and alerts you to possible problems
before you install them on your managed devices.

Atomic Configuration and Updating

If the configuration deployment fails for any reason, the device automatically uses the
last installed stable configuration. If the configuration deployment succeeds, but the
device loses its connection to the management system, the device restores the last
installed configuration. This feature minimizes downtime and ensures that NSM always
maintains a stable connection to the managed device.
Your security devices can be updated atomically, which enables the device to receive
the entire modeled configuration (all commands) before executing those commands,
instead of executing commands as they are received from the management system.
Because the device no longer needs to maintain a constant connection to the
management system during updating, you can configure changes to management
connection from the NSM UI.
Chapter 1: Introduction to Network and Security Manager
7