Help Center User GuideGetting StartedFAQRelease Notes
 
X
User Guide
Getting Started
FAQ
Release Notes
Contents  

Creating a New Environment Condition

Use the Create New Environment Condition page to create a new environment condition using the environment variables.

Procedure

To create a new environment condition:

  1. Select Configure > Environment.

    The Environment page appears.

  2. Select the Environment Conditions tab and click the + icon.

    The Create New Environment Condition page appears.

  3. Complete the configuration by using the guidelines in Table 165.
  4. Click Save to save the configuration or Cancel to discard the configuration.

After defining a new condition, you must apply it to the firewall policy rules. After assigning these conditions to the rules, publish and update to the device.

Table 165: Fields on the Create New Environment Condition Page

Field

Description

Condition Name

Enter a unique string of alphanumeric characters, colons, periods, dashes, and underscores. No spaces are allowed; maximum length is 63 characters.

Description

Enter a description for the environment condition; maximum length is 255 characters.

Condition

Click the field and select the environment variable and the required possible values.

You can choose one or more variables in a combination. For example, use ’=’ or ’!=’ operator to apply OR condition for the possible values. You can choose the AND operator, for the AND condition.

Security administrators can now use the conditional evaluators based on the environment variables in the firewall policy. Security Director auto-calculates the changes to the relevant rules and based on the administrator’s approval, pushes out these changes to the entire network as required.

For example, the firewall policy rule table is updated with environment conditions, as shown in Table 166. If the ThreatLevel is Orange at a point of time, the system enables IPS service automatically for the corresponding traffic.

Table 166: Firewall Rule with a Condition

Rule Number

Source Traffic Match Criteria

Destination Traffic Match Criteria

Environmental Condition

Firewall Action(s)

Other Actions

1000

Any

MyCriticalServers

ThreatLevel=GREEN

PERMIT

LOG

ThreatLevel=ORANGE

PERMIT

LOG IPS_STD_PROFILE

ThreatLevel=RED

DENY

LOG

Related Documentation

Ask questions in TechWiki

Check documentation in TechLibrary

Rating by you:      
X

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:
Email:

Need product assistance? Contact Juniper Support

Submit