Table of Contents
Advertisement
Configuring Overrides
Copyright © 2010, Juniper Networks, Inc.
The override area enables you configure individual settings for each VPN rules (for
policy-based and mixed-mode VPNs) and each VPN member. Each change you make
to the autogenerated rules or VPN member configuration is known as an override to the
VPN settings.
You might need to override the VPN settings to:
Configure additional security for specific tunnels.
Configure additional authentication between specific VPN members.
Configure unique monitoring or reporting options for specific VPN members or VPN
tunnels.
Configure unique IKE IDs for each VPN member.
Editing Policy Rules
For policy-based and mixed-mode VPNs, NSM automatically generates the VPN rules
to control traffic between VPN members. To view these autogenerated rules, click the
Policy Rules link in the Overrides area; the rules appear in a separate NSM window, using
the same row and column format as in the Security Policies.
NOTE: Policy rules do not appear for route-based VPNs.
Changing Rule Position
The position of the rules indicates the order that they apply to traffic. To change the
position of a rule, you can:
Right-click the rule and select Move Rule Up or Move Rule Down, or
Right-click the rule and select Change Rule Position. In the New Position dialog box,
enter a new rule number for this rule. (The rule number is the first column in the policy
table.)
Filtering Rules
You can also filter the VPN rules by zones using the Zone Filter in the upper right-hand
corner of the VPN rule window. Select a zone in From Zone and/or the To Zone to order
the rules as desired.
To save this rule order, click Apply.
Configuring Rule Options
You can configure rule options for each rule, including traffic shaping, logging, antivirus
and attack objects, and protection actions. For details on configuring these options.
Chapter 12: Configuring VPNs
583
Advertisement
Table of Contents
