Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1 Administration Manual page 79

Copyright © 2010, Juniper Networks, Inc.
VPN Manager
The VPN Manager contains the VPN objects that control the VPN tunnels between your
managed devices and remote users. Using VPN objects, such as Protected Resources
and IKE Proposals, you can create multiple VPNs for use in your security policies.
Use the VPN Manager to:
Define the protected resources on your network—the network resources you want to
protect in a VPN.
Create custom IKE Phase 1 and 2 Proposals.
Configure AutoKey IKE, L2TP, and L2TP-over-AutoKey IKE VPNs in policy-based or
route-based modes. You can also create an AutoKey IKE mixed mode VPN to connect
policy-based VPN members with route-based VPNs members.
Configure AutoKey IKE and L2TP policy-based VPNs for remote access services (RAS)
and include multiple users.
NSM supports VPN management for ScreenOS devices, IDP sensors, J Series devices,
and SRX Series devices.
UAC Manager
The UAC Manager enables you to create and view associations between Infranet
Controllers (IC) and Enforcement Points (EP) in a network. You can choose between IC
views and EP views. The IC view provides a list of EPs associated with the IC and their
location groups. You can associate or disassociate EPs from a particular IC. The EP view
provides a list of associated ICs and their port details. You can use this feature to resolve
configuration conflicts, and enable or disable 802.1X ports on enforcement points.
Object Manager
The Object Manager contains objects, which are reusable, basic NSM building blocks
that contain specific information. You use objects to create device configurations, policies,
and VPNs. Objects are shared by all devices and policies in a domain.
You can create the following objects in NSM:
Access Profiles—An access profile consists of a set of attributes that defines access
to a device. You can create access profile objects and share them across security
policies that are assigned to J Series Services Routers and SRX Series Services Gateways
managed by NSM.
Address objects—Represent components of your network—hosts, networks, servers.
Attack objects—Define DI profiles and IDP attack objects.
DI Profiles—Define the attack signature patterns, protocol anomalies, and the action
you want a security device to take against matching traffic.
IDP attack objects—Define attack patterns that detect known and unknown attacks.
You use IDP attack objects within IDP rules.
Custom Policy Fields objects—Represent metadata information that you can store
and use in a structured manner. Users can add custom objects to the policy table, such
Chapter 1: Introduction to Network and Security Manager
29