To access this page, click Configure>Shared Objects>Policy Enforcement Groups.
You can create policy enforcement groups from the policy enforcement groups page.
To create a policy enforcement group:
Table 264: Fields on the Policy Enforcement Group Page
Field | Description |
|---|---|
Name | Enter a unique string that must begin with an alphanumeric character and can include underscores; no spaces allowed; 63-character maximum. |
Description | Enter a description; maximum length is 1024 characters. You should make this description as useful as possible for all administrators. |
Group Type | Select a group type from the available choices. IP Address/Subnet or Location. |
Known Subnets from | When using Junos Space, Policy Enforcer is able to dynamically discover subnets configured on Juniper switches. Policy Enforcer does not have the same insight with third-party devices. Therefore you can add subnets to your connector configuration and select them here. This allows you to selectively apply policies to those subnets. If you have not configured a connector, you would select Junos Space here to view subnets discovered by Policy Enforcer. If you have a connector configured, you can select the connector name in this pulldown to view the subnets you manually added when configuring the connector. See Creating a Policy Enforcer Connector for Third-Party Switches. |
Items (IPs or Sites) | IPs: Select the check box beside the IP address(es) of the endpoint device(es) in the Available list and click the > icon to move them to the Selected list. Click the Refresh Available IPs link to manually update the list. Manual updates can take several minutes to complete. This refresh is only available for Junos Space subnets. Note: Policy Enforcer polls for updates at one hour intervals. It also updates each time the server starts up. Use the Refresh link if the item you’re looking for has not yet been updated in the list. Sites: Select the check box beside the sites in the Available list and click the > icon to move them to the Selected list. The endpoints in the Selected list will be included in the policy enforcement group. |
Add New Endpoint | Click the Add New Endpoint button if the address or location you want does not appear in the Available list. |
© 2017 Juniper Networks, Inc. All rights reserved