Table of Contents
Advertisement
Copyright © 2010, Juniper Networks, Inc.
Postrules
The prerules and postrules feature provides a policy definition at a domain level that can
be applied to all devices within the specific domain and all subdomains. Users can define
two sets of rules for any rulebase type that can be applied as prerules and postrules for
any device of the given domain and subdomains.
NOTE: The Central Manager attack database version must match the regional
server attack database version to push prerules and postrules.
Prerules and postrules are two sets of rules of any rulebase type that can be created for
any domain. Configuration of pre/post rules are located in the main navigational tree
under Policy Manager called Central Manager Policies. Domain Administrators can edit
domain level policies from this option.
Prerules apply before any rules of a rulebase are applied to a device and post rules apply
after any rules of a rulebase are applied to a device. Prerules and postrules in the
integrated view are not editable. There is only one instance of pre/post rules for a specific
domain.
Domain hierarchy is used when applying pre/post rules to subdomains. Within any
subdomain, global domain pre rules take precedence over subdomain pre rules, which
take precedence over Security policy specific rules. Similarly, Security policy rules take
precedence over subdomain post rules, which take precedence over global domain post
rules.
NOTE: You cannot push a pre/post rule from the central manager to a regional
server.
All features of security policies are available for prerules and postrules.
Import device command—Imports all rules into the security policy that is created for
the device.
Config summary—displays the prerules and postrules.
View device pending policy—Displays the policy being pushed to a device including
prerules and postrules from current and parent domains.
Validate policy—Validates policy rules.
View domain rules—When checked, any predefined or custom policy displays the
prerules and postrules above and below the policy rules. These rules are displayed in
a different color and not editable.
prerules and postrules can include rulegroups. The firewall rulebase for prerules and
postrules cannot contain VPN rules or VPN links.
Chapter 9: Configuring Security Policies
527
Advertisement
Table of Contents
Related Manuals for Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1
Related Products for Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - API GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING J SERIES SERVICES ROUTERS AND SRX SERIES SERVICES GATEWAYS GUIDE REV
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - NSMXPRESS SERIES II REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - M-SERIES AND MX-SERIES DEVICES GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.3
- Juniper NETWORK AND SECURITY MANAGER 2010.2
- Juniper MEDIA FLOW CONTROLLER 2.0.4 -
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - AQL EVENT AND FLOW QUERY CLI GUIDE
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - EVENT CATEGORY CORRELATION REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - SNMP AGENT GUIDE REV 1
- Juniper STRM LOG MANAGEMENT 2008.2 - S 6-2008