Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SECURE ACCESS DEVICES GUIDE REV 01 Manual page 304

Configuring Secure Access Devices Guide
286
To configure a session-export policy:
In the NSM navigation tree, select Device Manager > Devices. Click the Device Tree
1.
tab, and then double-click the Secure Access device for which you want to configure
a session-export policy.
Click the Configuration tab. In the configuration tree, select System > IF–MAP
2.
Federation > Session-Export Policies.
Add or modify settings as specified in Table 84 on page 286.
3.
Click one:
4.
OK—Saves the changes.
Cancel—Cancels the modifications.
You must create corresponding session-import policies that allow IF-MAP client Infranet
Controllers that are connected to an Infranet Enforcer in front of protected resources to
collect IF-MAP data from the IF-MAP server.
Table 84: IF–MAP Session-Export Policy Configuration Details
Option Function
Name Specifies a unique name for
the policy.
Description Describes the policy.
Administrative Identifies the IP address,
Domain username, or MAC address
data.
In a large network
environment with several
domains, a username, an IP
address, or a MAC address
could be duplicated. By
entering the domain, you
ensure that the correct user
is identified.
Roles Determines the roles for
which this policy should
apply.
Stop on match Stops matching the roles
when an IF-MAP client has
successfully matched the
roles selected for this policy
to roles based on
session-import policies
configured on the target
device.
Identity tab
Your Action
Enter a name for the policy.
Enter a brief description for the policy.
Type the administrative domain for the session
export policy. If you want different aspects of a
user session to be exported with different
administrative domains, you then create several
export rules.
Select roles from the Non-members area and add
the roles to the Members area.
Select this option to stop matching roles after a
successful match is found.
Copyright © 2010, Juniper Networks, Inc.