08-19-2009 02:32 PM
Hello all. I am trying to restrict WSAM access to only check for the first octet and last octet.
Example: Allow 10.0-255.0-255.94
Does anyone know how I can do this? The syntax is not supported in the SAM ACL, but I was thinking that I could write a custom expression for this.
The goal is not to have to enter in all the host addresses for the 2nd & 3rd octet...which is alot of entries.
Any help would be appreciated.
08-25-2009 12:12 PM
Looks like what you want to do is not possible - you can't put a wildcard in the middle of a resource.
Any chance the devices you want to allow access to have or could have some sort of structured DNS names, like router-xxx-yyy.company.com, for a device at 10.xxx.yyy.1 ? You could use a wildcard in the middle of the DNS name in the server specification for WSAM.
08-25-2009 12:35 PM - edited 08-25-2009 12:36 PM
Thanks Ken for the info. Yes, I already knew about using DNS solution. Unfortunately, the Juniper devices are not allowed to access DNS information due to company IT policy.
However, I have the solution. Instead of changing the WSAM acl, you can make this happen by [User Roles > "Role Name" > SAM > Applications] and click on "Add Server". The entry in the "* Server:" section will allow for all kinds of entries.
Here is an example:
The Juniper SA 4500 allows this and has been tested working as expected.
Pass the word along!