SSL VPN
Reply
Visitor
torraent
Posts: 4
Registered: ‎08-19-2009
0

restrict WSAM access by specific host

Hello all.  I am trying to restrict WSAM access to only check for the first octet and last octet.

 

Example:  Allow 10.0-255.0-255.94

 

Does anyone know how I can do this?  The syntax is not supported in the SAM ACL, but I was thinking that I could write a custom expression for this.

 

The goal is not to have to enter in all the host addresses for the 2nd & 3rd octet...which is alot of entries.

 

Any help would be appreciated.

 

 

Recognized Expert
kenlars
Posts: 420
Registered: ‎03-24-2008
0

Re: restrict WSAM access by specific host

Looks like what you want to do is not possible - you can't put a wildcard in the middle of a resource.

 

Any chance the devices you want to allow access to have or could have some sort of structured DNS names, like router-xxx-yyy.company.com, for a device at 10.xxx.yyy.1 ?  You could use a wildcard in the middle of the DNS name in the server specification for WSAM.

 

Ken

Visitor
torraent
Posts: 4
Registered: ‎08-19-2009

Re: restrict WSAM access by specific host

[ Edited ]

Thanks Ken for the info.  Yes, I already knew about using DNS solution.  Unfortunately, the Juniper devices are not allowed to access DNS information due to company IT policy.

 

However, I have the solution.  Instead of changing the WSAM acl, you can make this happen by [User Roles > "Role Name" > SAM > Applications] and click on "Add Server".  The entry in the "* Server:" section will allow for all kinds of entries.

 

Here is an example:

 

10.0.0.30/255.224.0.255

 

The Juniper SA 4500 allows this and has been tested working as expected.

 

Pass the word along!

Message Edited by torraent on 08-25-2009 12:36 PM
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.