Documente Academic
Documente Profesional
Documente Cultură
4-1
Copyright 2005 Juniper Networks, Inc.
www.juniper.net
Attack
preventio
n and
content
filtering
VPNs
Options
Traffic Logs
WebUI
Securit
y
Manag
er
Traffic Counters
Graphical
view of
traffic
matching
policy
10
11
12
Policy Scheduling
Allows you to enable or disable policy based
on time
Two options:
Recurring times
Two windows per day
Weekly schedule
Once only
13
14
Creating a ScheduleCLI
set scheduler name recurrent day start time stop time [start
time stop time]
FW-> set scheduler NoICQ recurrent mon start 7:00 stop 12:00
start 13:00 stop 18:00
FW-> set scheduler NoICQ recurrent tues start 7:00 stop 12:00
13:00 stop 18:00
(etc.)
set scheduler name once start mm/dd/yyyy stop mm/dd/yyyy
FW-> set scheduler Y2K once start 01/01/2000 stop 01/02/2000
15
Creating a ScheduleWebUI
16
WebUI
17
Verifying Scheduling
Gray background in policy indicates that a
schedule is applied
Must view schedule to see when policy is active or
inactive
18
User Authentication
Requires users to enter username and password
before traffic is permitted through ScreenOS device
Can be used in conjunction with NS-Remote device
Can be used between LANs as an additional check of user
ID
Two options:
Firewall authentication requires that traffic match the policy to
trigger login dialogue
Policy must permit Telnet, FTP, or HTTP
WebAuth requires user to browse to dedicated WebAuth address to
trigger login dialogue
19
Firewall Authentication
Auth
Policy
Web Server
172.16.1.99
Username?
Password?
Username: JoeUser
Password: XXXX
Authenticated!
DA: 172.16.1.99, service HTTP
20
WebAuth Authentication
WebAuth address
10.1.1.42
Web
Auth
Web Server
172.16.1.99
Username?
Password?
Username: JoeUser
Password: XXXX
Authenticated!
21
22
23
24
25
Step 2: Configuring an
Authentication Policy
Configuration
CLI
26
27
WebUI
Security Edit Device > Network > Interface > Edit >
Manage Advanced Properties
r
28
29
Verifying Authentication
30