restrict WSAM access by specific host

torraent · ‎08-19-2009

Hello all. I am trying to restrict WSAM access to only check for the first octet and last octet.

Example: Allow 10.0-255.0-255.94

Does anyone know how I can do this? The syntax is not supported in the SAM ACL, but I was thinking that I could write a custom expression for this.

The goal is not to have to enter in all the host addresses for the 2nd & 3rd octet...which is alot of entries.

Any help would be appreciated.

kenlars · ‎03-24-2008

Looks like what you want to do is not possible - you can't put a wildcard in the middle of a resource.

Any chance the devices you want to allow access to have or could have some sort of structured DNS names, like router-xxx-yyy.company.com, for a device at 10.xxx.yyy.1 ? You could use a wildcard in the middle of the DNS name in the server specification for WSAM.

Ken

torraent · ‎08-19-2009

Thanks Ken for the info. Yes, I already knew about using DNS solution. Unfortunately, the Juniper devices are not allowed to access DNS information due to company IT policy.

However, I have the solution. Instead of changing the WSAM acl, you can make this happen by [User Roles > "Role Name" > SAM > Applications] and click on "Add Server". The entry in the "* Server:" section will allow for all kinds of entries.

Here is an example:

10.0.0.30/255.224.0.255

The Juniper SA 4500 allows this and has been tested working as expected.

Pass the word along!

Message Edited by torraent on 08-25-2009 12:36 PM

restrict WSAM access by specific host

Re: restrict WSAM access by specific host

Re: restrict WSAM access by specific host