Help Center User GuideGetting StartedFAQRelease Notes
User Guide
Getting Started
Release Notes

Creating Policy Enforcement Groups

To access this page, click Configure>Shared Objects>Policy Enforcement Groups.

You can create policy enforcement groups from the policy enforcement groups page.

Before You Begin


To create a policy enforcement group:

  1. Select Configure>Shared Objects>Policy Enforcement Groups.
  2. Click the + icon.
  3. Complete the configuration by using the guidelines in the Table 220 below.
  4. Click OK.

Table 264: Fields on the Policy Enforcement Group Page




Enter a unique string that must begin with an alphanumeric character and can include underscores; no spaces allowed; 63-character maximum.


Enter a description; maximum length is 1024 characters. You should make this description as useful as possible for all administrators.

Group Type

Select a group type from the available choices. IP Address/Subnet or Location.

Known Subnets from

When using Junos Space, Policy Enforcer is able to dynamically discover subnets configured on Juniper switches. Policy Enforcer does not have the same insight with third-party devices. Therefore you can add subnets to your connector configuration and select them here. This allows you to selectively apply policies to those subnets.

If you have not configured a connector, you would select Junos Space here to view subnets discovered by Policy Enforcer. If you have a connector configured, you can select the connector name in this pulldown to view the subnets you manually added when configuring the connector. See Creating a Policy Enforcer Connector for Third-Party Switches.

Items (IPs or Sites)

IPs: Select the check box beside the IP address(es) of the endpoint device(es) in the Available list and click the > icon to move them to the Selected list. Click the Refresh Available IPs link to manually update the list. Manual updates can take several minutes to complete.

This refresh is only available for Junos Space subnets.

Note: Policy Enforcer polls for updates at one hour intervals. It also updates each time the server starts up. Use the Refresh link if the item you’re looking for has not yet been updated in the list.

Sites: Select the check box beside the sites in the Available list and click the > icon to move them to the Selected list.

The endpoints in the Selected list will be included in the policy enforcement group.

Add New Endpoint

Click the Add New Endpoint button if the address or location you want does not appear in the Available list.

Related Documentation

Ask questions in TechWiki

Check documentation in TechLibrary

Rating by you:      

Additional Comments

800 characters remaining

May we contact you if necessary?


Need product assistance? Contact Juniper Support