Configuring Extranet Devices Details (NSM Procedure)
This example shows how to update an existing rule on a third-party router to deny certain HTTP traffic with integer fields matching 1-10.
This process involves first creating a script that updates the policy on the router. For example, the script can contain certain validation instructions for the policy. It can also include instructions on sending alerts or messages in the event that the policy update succeeds or fails. When you are done creating the script, save it in the appropriate directory.
Next, use the Object Manager to create a custom policy field object that contains the specific integer fields that you are referencing in the extranet policy (for example, integer fields matching 1-10).
To create a custom policy field:
In the NSM navigation tree, click Object Manager > Custom Policy Fields.
Select the Field Definition tab, and then click New. The New Custom Policy Fields Meta Data window appears.
Configure the Custom Policy Field:
Enter a name for the field: enter ID.
Click the Required check box.
Select Integer from the Field Type list.
Enter a value in the Validation String box.
Enter any appropriate comments.
Click OK. A folder for the ID custom policy field object appears.
In the Objects tab, click on the ID folder. Click New. The New Custom Policy Fields Data window appears.
Enter a value in the Data Value field: enter 1. Click OK. The new value appears in the ID folder.
Repeat this step for all ten integer values.
In the Object Manager, create the Extranet Policy object with the appropriate rules.
To create an Extranet Policy object:
In the NSM navigation tree, click Object Manager > Extranet Policies. Then click Add Policy and the New ExtranetPolicyObject window appears.
Enter the name of the Extranet Policy: enter Extranet Policy1. Add a comment in the Comments field.
Configure the Extranet Policy object:
Click Add Rule. The New - Rule window appears.
Specify an ID for the rule.
Add a comment for the rule.
Click Deny in the Action field.
Select a source address in the Source tab.
Select a destination address in the Destination tab.
Select services in the Service tab.
Select the integer IDs that you created in the Custom Policy Field object in the Options tab.
Create the router as an extranet device in the Device Manager. You will need to configure the IP address of the device, any interfaces, and then bind the extranet policy to the appropriate interface.
To create an Extranet Device:
In the NSM navigation tree, click Device Manager > Devices.
Click New, and select Extranet Device. The New Extranet Device window appears.
Configure the extranet device:
Enter a name for the device: enter Cisco Router1.
Select a color to represent the device.
Enter the IP address for the device.
Click Show in the Supplemental Data area. Additional fields appear, allowing you to configure supplemental information for the device, including the netmask, interfaces, and device root administrator.
Click the Add icon in the Interfaces field. The New Extranet Device Interface window appears.
Configure the interface. Enter a name for the interface, and add an IP address, and an interface mask. Then assign an extranet policy to it: for example, assign the Extranet Policy1 object you configured previously. Click OK.
Configure the device root administrator. Enter the administrator user name, and password, and specify the script you created previously in the Action field. Click OK.
When you update the device, NSM invokes the script you created. Any XML output appears in the Job Information window.