JSA uses the network hierarchy to determine which hosts are local or remote. JSA also uses the hierarchy to monitor specific logical groups or services that are in your network, such as specific office locations, regions, departments, or network ranges such as DMZs, VPN pools, or VOIP networks.
You must ensure that all internal address spaces, both routable and non-routable, are defined within your network hierarchy. Otherwise, JSA might generate an excessive number of false positives, because JSA treats internal systems differently from external systems. JSA ignores typical internal network activity from internal IP address ranges.
Administrators must define the following top-level objects:
Internet facing IP address for a DMZ.
IP addresses used for remote access in Virtual Private Network (VPN) systems.
Data centers and server networks.
Network devices and network management devices.
For more information about creating your network hierarchy, see the Juniper Secure Analytics Administration Guide.