Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1 Administration Manual page 901

Route Reflector
Routing Information
Protocol (RIP)
Routing Table
Rule
Rulebase
Run Time Object
(RTO)
S
Scheduled Object
Secure Access Device
Secure Copy (SCP)
Secure Server Protocol
(SSP)
Secure Shell (SSH)
Security Association
Copyright © 2010, Juniper Networks, Inc.
A router whose BGP configuration enables readvertising of routes between Interior BGP (IBGP)
neighbors or neighbors within the same BGP AS. A route reflector client is a device that uses
a route reflector to readvertise its routes to the entire AS. It also relies on that route reflector
to learn about routes from the rest of the network.
A dynamic routing protocol used within moderate-sized autonomous systems.
A list in a virtual router's memory that contains a realtime view of all the connected and remote
networks to which a router is currently routing packets.
A rule is a statement that defines a specific type of network traffic. When traffic passes through
the security device, the device attempts to match that traffic against its list of rules. If a rule
is matched, the device performs the action defined in the rule against the matching traffic.
A rulebase contains rules. a rulebase provides a method of detecting and acting upon suspicious
traffic. A NSM security policy can contain three rulebases: Zone, Global, and Multicast.
A code object created dynamically in memory during normal operation. Some examples of
RTOs are session table entries, ARP cache entries, certificates, DHCP leases, and IPSec Phase
2 security associations (SAs).
A schedule object defines a time interval that a firewall rule is in effect. You use a schedule
object in your firewall rule to determine when a device enforces that rule.
A Juniper Networks SSL VPN appliance.
A method of transferring files between a remote client and a security device using the SSH
protocol. The security device acts as an SCP server, accepting connections from SCP clients
on remote hosts.
For communication between the UI, the GUI Server, and the Device Server, NSM uses SSP, a
modified version of TCP that is more reliable than ordinary TCP, requires less CPU and memory
resources from servers, and reduces the number of acknowledgement packets on the network.
SSP uses AES encryption and SH1 authentication for all connections.
A protocol that allows device administrators to remotely manage the device in a secure manner.
You can run either an SSH version 1 or version 2 server on the security device.
The security association combines the Security Parameters Index and a destination address.
Required for both Authentication Header and Encapsulating Security Payload protocols. See
also Security Parameters Index.
Appendix A: Glossary
851