Help Center User GuideGetting StartedFAQRelease Notes
User Guide
Getting Started
Release Notes

Metadata-Based Policy Enforcement Overview

Traditionally, firewall policies are created using source and destination address objects. These objects are usually addresses or address groups. To create a firewall policy, you must know the IP address or range of IP addresses you want to target.

The introduction of metadata enables you to appropriately tag these addresses. You can use these metadata tags when you create the firewall policy.

The metadata-based policy enforcement involves the following steps:

  1. Metadata definition—Define the metadata key values you want to use. For example, Location = Bangalore; Sunnyvale, OS = Windows, Mac, Linux; Role = Database, application, Web.

  2. Metadata association—Associate the defined metadata with the addresses of type host or range.

  3. Metadata expressions evaluation—When you create a rule for a firewall policy, you choose the source and destination addresses based on metadata expressions, instead of IP addresses, address groups, or network ranges.

Benefits of Metadata-Based Policies

Related Documentation

Help us to improve. Rate this article.
Feedback Received. Thank You!

Ask questions in TechWiki

Check documentation in TechLibrary

Rating by you:      

Additional Comments

800 characters remaining

May we contact you if necessary?


Need product assistance? Contact Juniper Support