Sign In
Upload
Manuals
Brands
Juniper Manuals
Software
NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1 Manuals
Manuals and User Guides for Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1. We have
1
Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1 manual available for free PDF download: Administration Manual
Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1 Administration Manual (1016 pages)
Brand:
Juniper
| Category:
Software
| Size: 13.3 MB
Table of Contents
Table of Contents
7
About this Guide
45
Audience
45
Objectives
45
Conventions
46
Table 1: Notice Icons
46
Table 2: Text Conventions
46
About this Guide
47
Documentation
47
Table 3: Syntax Conventions
47
Table 4: Network and Security Manager Publications
47
Requesting Technical Support
49
Self-Help Online Tools and Resources
49
Opening a Case with JTAC
50
Getting Started with NSM
51
Chapter 1 Introduction to Network and Security Manager
53
About NSM
53
Security Integration
54
Device Configuration
54
Network Organization
54
Role-Based Administration
54
Centralized Device Configuration
55
Introduction to Network and Security Manager
55
Device Management
56
Device Modeling
56
Importing Devices
56
Policy-Based Management
56
Rapid Deployment
56
Error Prevention, Recovery, and Auditing
57
Atomic Configuration and Updating
57
Device Configuration Validation
57
Introduction to Network and Security Manager
57
Policy Validation
57
Auditing
58
Device Image Updates
58
Complete System Management
58
VPN Abstraction
58
Integrated Logging and Reporting
59
Job Management
59
Monitoring Status
59
Technical Overview
60
Architecture
60
Figure 1: NSM Network Architecture
60
Figure 2: NSM System Architecture
61
Management System
61
User Interface
61
Table 5: GUI Server Processes
62
Managed Devices
63
Firewall and IDP (Screenos/Idp) Devices
63
Table 6: Device Server Processes
63
Table 7: Supported Security Devices
63
Devices Running Junos os
66
Table 8: J Series Services Routers and SRX Series Services Gateways NSM Supports
67
Table 9: M Series Multiservice Edge Routers and MX Series Ethernet Services Routers NSM Supports
68
Table 10: EX Series Ethernet Switches NSM Supports
69
SSL VPN Secure Access Products
70
Table 11: Secure Access Products NSM Supports
70
Extranet Devices
71
Juniper Networks IC Series Unified Access Control Appliances
71
Distributed Data Collection
71
Table 12: IC Series UAC Appliances NSM Supports
71
Device Schemas
72
Security
72
Scaling and Performance
72
Working in the User Interface
73
Characters Not Supported in Login Passwords
73
Managing Blocked Login Attempts
73
Configuring UI Preferences
73
UI Overview
73
Common Tasks Pane
74
Figure 3: Overview of the User Interface
74
Navigation Tree
74
Main Display Area
75
Menu Bar
75
Status Bar
75
Toolbar
75
NSM Modules
75
Investigate Modules
75
Configure Modules
77
Administer Modules
81
Validation Icons in the User Interface
81
Table 13: Validation Status for Devices
81
Validation and Data Origination Icons
82
Table 14: Validation Icons
82
Working with Other NSM Administrators
83
Searching in the User Interface
83
Contains String [C] Search Mode
84
Figure 4: UI Search Modes
84
Figure 5: "Contains String" Search Mode Example
84
Starts with [S] Search Mode
84
Figure 6: "Starts With" Search Mode Example
85
Figure 7: "Regular Expression" Search Mode Details
85
Regular Expression [R] Search Mode
85
Figure 8: "Regular Expression" Search Mode Example
86
IP [I] Search Mode
86
Figure 9: "IP Address" Search Mode Example
87
Search for an Exact Match (E)
87
Global Search
88
Figure 10: Exact String Search Mode Example
88
New Feature in 2010.3
89
Chapter 2 Planning Your Virtual Network
91
Configuring Devices Overview
91
Importing Existing Devices
92
Modeling New Devices
93
Planning Your Virtual Network
93
Editing a Device Configuration
94
Configuring IDP-Capable Devices Overview
95
Common Criteria EAL2 Compliance
95
Guidance for Intended Usage
95
Guidance for Personnel
95
Guidance for Physical Protection
95
Supported IDP-Capable Devices
95
Enabling Jumbo Frames (ISG1000 Only)
96
Enabling IDP Functionality
97
Installing Advanced License Keys
97
Module
97
Updating Attack Objects
97
Adding Objects (Optional)
98
Configuring a Security Policy for IDP
98
Reviewing IDP Logs
103
Maintaining IDP
104
Creating IDP-Only Administrators
104
Simplifying Management
104
Using Device Groups
105
Using Configuration Groups
105
Using Device Templates
105
Merging Policies
106
Using a Naming Convention
106
Example: Using a Naming Convention for Address Objects
106
Example: Using a Naming Convention for Devices
106
Creating an Information Banner
107
Adding an Information Banner
107
Figure 11: Selecting the GUI Server in Central Manager
108
Figure 12: Setting up an Information Banner
109
Figure 13: Information Banner Login into Central Manager
109
Modifying an Information Banner
110
Deleting an Information Banner
110
Chapter 3 Configuring Role-Based Administration
111
Domains
111
About Roles
112
Enterprise Organizations
113
Administrator Types
114
Service Providers
115
Internal Network
115
Managed Security Service Provider (MSSP)
115
Configuring Role-Based Administration
116
Creating Administrators
117
Configuring Authorization
117
Configuring General Settings
117
RADIUS Authentication and Authorization
118
Table 15: How to Authenticate Users
118
Figure 14: Creating Custom Domain
120
Figure 15: User in Domain "Global" with a Predefined Role
121
Figure 16: User in Domain "Global" with Custom Role "R1
121
Figure 17: User in Subdomain "D1" with a Predefined Role
122
Figure 18: User in Subdomain "D1" with a Custom Role "R1
122
Figure 19: Assigning Multiple Roles to a User in Global Domain
122
Figure 20: Assigning Multiple Roles to a User in Subdomain
123
Figure 21: Assigning Roles Defined in Domain "Global
123
Figure 22: Assigning Roles Defined in Domain "Global" to Subdomain Only
123
Configuring Roles
124
Creating Custom Roles
124
Table 16: Predefined NSM Administrator Activities
125
Permissions Changes in Release 2008.1
136
Roles and Permissions
136
Table 17: Changes to Edit Devices, Device Groups, & Templates Activity
137
Assigning and Viewing Custom Roles
138
Configuring a User Activity in a Custom Role
138
Table 18: Changes to View Devices, Device Groups, & Templates Role
138
Forcing an Administrator to Log out
139
Viewing Logged Administrators
139
Creating Subdomains
140
Viewing Current Domain Detail
140
Example: Configuring Role-Based Administration
141
Step 1: Create the Subdomains
141
Step 2: Create the Subdomain Administrator
141
Step 3: Create the Viewing and Reporting Administrator
142
Figure 23: Manage Administrators and Domains: Administrators Tab
143
Step 4: Verify Administrator Accounts
143
Chapter 4 Adding Devices
147
About Device Creation
148
Adding Devices
149
Determine Device Status
149
Managing the Device
150
Verifying Device Configuration
150
Before You Begin Adding Devices
150
Importing Versus Modeling
151
Importing Device Configurations
151
Modeling Device Configurations
151
Device Add Process
152
Selecting the Domain
152
Figure 24: Connecting Devices from Different Domains in Vpns
153
Adding Single or Multiple Devices
153
Specifying the os and Version
154
Determining Port Mode (Screenos Devices Only)
154
Figure 25: Trust-Untrust Port Mode Bindings
155
Figure 26: Home-Work Port Mode Bindings
155
Combined Port Mode
156
Figure 27: Dual-Untrust Port Mode Bindings
156
Figure 28: Combined Port Mode Bindings
157
Trust-Untrust-DMZ Port Mode
157
Figure 29: Trust-Untrust-DMZ Port Mode Bindings
158
Figure 30: Extended Port-Mode Interface to Zone Bindings
158
Table 19: Extended Bindings
158
Figure 31: DMZ Dual Untrust Port Mode
159
Table 20: Security Device Port Mode Summary (Part 1)
160
Table 21: Security Device Port Mode Summary (Part 2)
160
Changing the Port Mode
161
Table 22: Supported Add Device Workflows by Device Family
161
Importing Devices
162
Requirements
163
Adding and Importing Devices with Static IP Addresses
163
Screenos Devices
163
IDP Sensors
165
Junos Devices
166
SA and IC Devices
167
Adding Devices with Dynamic IP Addresses
168
IDP Sensors
170
Device
171
Adding and Importing a Junos Device with a Dynamic IP Address
174
Verifying Imported Device Configurations
177
Using Device Manager
178
Using Job Manager
178
Using Configuration Summaries
179
Modeling Devices
180
Modeling a Device
180
Requirements
180
Creating a Device Configuration
181
Activating a Device
182
Devices with Static IP Addresses
182
Devices with Dynamic IP Addresses
185
Using Rapid Deployment (Screenos Only)
188
Creating the Configlet
190
Installing the Configlet
193
Preparing the Device
193
Updating the Device Configuration
195
Delta Option
195
Summarize Delta Configuration
195
But Has no Admin Privileges
196
Fails
196
Option
196
Adding Vsys Devices
196
Figure 32: Connecting Vsys Devices Across Domains
197
Importing Vsys Devices
197
Placing the Root Device in a Global Domain or a Subdomain
197
Modeling Vsys Devices
198
Adding L2V Root Systems
200
Adding an Extranet Device
200
Adding Clusters
201
Adding a Cluster Device Object
201
Adding Members to the Cluster
202
Adding Screenos or IDP Clusters
202
Adding Secure Access or Infranet Controller Clusters
202
Through Reachable Workflow
204
Through Unreachable Workflow
204
Adding Clusters of Routers Running Junos os
205
Adding and Importing a Junos Cluster
206
Activating and Updating a Modeled Junos Cluster
207
Adding a Junos Cluster with Modeled Cluster Members
207
Figure 33: Adding a Secure Access Cluster
208
Example: Adding and Importing a Cluster
208
Adding the Cluster
208
Adding the Cluster Members
209
Adding the Cluster
210
Figure 34: Adding a J Series Cluster
210
Importing the Cluster Configuration
210
Figure 35: Adding the First Member to a J Series Cluster
211
Modeling the Cluster Members
211
Activating the Cluster Members
212
Figure 36: Adding the Second Member to a J Series Cluster
212
Figure 37: Cluster Member Icons
212
Updating the Cluster
214
Adding a Vsys Cluster and Vsys Cluster Members
214
Example: Adding a Vsys Cluster
214
Figure 38: Configuring Cluster Members for Paris Vsys Cluster
215
Figure 39: Paris Cluster Members and Paris Vsys Cluster Members
216
Adding a Device Discovery Rule
217
Running a Device Discovery Rule
218
Adding Many Devices Using CSV Files
218
Creating the CSV File
219
Devices with Static IP Addresses
219
Device with Dynamic IP Addresses
220
Table 23: CSV File Information for Devices with Static IP Addresses
220
Table 24: CSV File Information for Devices with Dynamic IP Addresses
221
Table 25: CSV File Information for Undeployed Devices
223
Validating the CSV File
225
Importing Many Devices
225
Adding and Importing Many Devices with Dynamic IP Addresses
226
Adding and Importing Many Devices with Static IP Addresses
226
Modeling Many Devices
227
Using Rapid Deployment
227
Modeling and Activating Many Devices with Configlets
228
Activating Many Devices with Configlets
229
Adding Device Groups
229
Example: Creating a Device Group
230
Setting up NSM to Work with Infranet Controller and Infranet Enforcer
231
Avoiding Naming Conflicts of the Authorization Server Object
231
Avoiding NACN Password Conflicts
233
Chapter 5 Configuring Devices
235
About Device Configuration
236
About Configuring Device Families
236
Objects
236
Configuring Devices
237
Configuration Features
237
About Device Templates
237
About the Device Editor
237
About Configuration Groups
238
Editing Devices Using the Device Editor
238
Figure 40: Device Info and Configuration Tabs
239
Figure 41: Screenos and IDP Device Configuration Information
240
Validation and Data Origination Icons
240
Configuring Device Features
241
Configuring Screenos/Idp Device Features
242
Figure 42: Screenos Device Object Configuration Data
242
Configuring Secure Access or Infranet Controller Device Features
244
Figure 43: Secure Access Device Object
244
Configuring Junos Device Features
245
Table 26: Validation Icons
241
Updating the Configuration on the Device
246
Using Device Templates
246
Modifying Values in Templates
247
Example: Creating and Applying a Device Template for DNS Settings
248
Applying the Template
249
Figure 44: Example of Setting Values in a Template
249
Figure 45: Applying a Template
250
Templates and Importing Devices
250
Promoting a Device Configuration to a Template
250
Figure 46: Template Override Icon
251
Figure 47: Revert to a Template or Default Value
251
Changing Values Inherited from Templates
251
Reverting a Configuration to Default Values of a Template
252
Templates and Validation
252
Applying Multiple Templates
252
Example: Using Multiple Device Templates
253
Figure 48: View Denial of Service Defense Values from Dos Template
254
Figure 49: Configure Dos Defense Settings for the Dos2 Template
255
Figure 50: View Template Priority (Dos Highest)
256
Figure 51: View Values from Dos and Dos2 Templates
256
Figure 52: View Dos2 Value for Source IP Based Session Limit
257
Figure 53: View Dos Value for SYN-ACK-ACK Proxy Protection Setting
257
Figure 54: View Default SYN-ACK-ACK Proxy Protection Setting
257
Template Limitations
257
Maximum of 63 Templates
257
Default Values
258
Device Groups
258
List Key Fields
258
Predefined Device Data
258
Figure 55: up and down Arrows for Changing the Sequence of a List
259
Specifying the Order of List Entries
259
Combining Template Data with Device Object Data
260
Operations that Change the Sequence of Ordered Lists
260
Order
260
Examples of Reordered Lists
261
Rules for Reordering Lists
261
Configuration Group Order
264
Figure 56: Identifying Ordered List Entries that Do Not Match the Template
265
Using the Template Operations Directive
265
Figure 57: Template Operations Directive
266
Select Devices Section
266
Select os Name Section
266
Select Template Section
266
Figure 58: Select Template Dialog Box
267
Options Section
267
Template Operation Section
267
Template Operations Box Recommended Workflow
268
Figure 59: Template Operations Job Information Dialog Box
269
Removing Templates with the Template Operations Directive
269
Exporting and Importing Device Templates
270
Exporting a Device Template
270
Importing a Device Template
270
Using Configuration Groups
271
Creating and Editing Configuration Groups
272
Creating a Configuration Group
272
Editing a Configuration Group
273
Figure 60: Adding a Configuration Group
273
Ordered Lists and Wildcard Matching
274
Validating a Configuration Group
274
Applying a Configuration Group
274
Figure 61: Applying a Configuration Group
275
Figure 62: Configuration Group Applied
275
Excluding a Configuration Group
275
Figure 63: Excluding a Configuration Group
276
Editing a Device Object that Uses Configuration Groups
276
Deleting a Configuration Group
277
Adding Ordered List Entries Using Configuration Groups
277
Reordering Lists
277
Using Configuration Groups with Templates
278
Sharing Configuration Group Definitions Across Multiple Devices
278
Configuring Clusters
282
Configuring Cluster Objects Directly by Editing the Configuration
282
Configuring Cluster Objects Using Templates
282
Configuring Member-Level Data in a Junos Cluster
283
Configuring Junos Devices with Redundant Routing Engines
284
Configuring a Routing Engine
284
Figure 64: Configuring Routing Engine Specific Parameters
285
Viewing a Routing Engine Configuration
285
Figure 65: Viewing the Routing Engine Configuration
286
Overview of VRRP Support in NSM
286
Platforms on Which NSM Supports VRRP
287
Activating VRRP on a Device Interface
287
Defining a VSI as a VRRP Interface
287
Managing Configuration Files
287
Viewing and Comparing Configuration File Versions
288
Updating the Device with a Configuration File Version
288
Importing or Viewing the Current Version of the Configuration File
288
Automatic Import of Configuration Files
288
Chapter 6 Updating Devices
289
About Updating
289
How the Update Process Works
290
Updating Devices
291
Devices
293
Knowing When to Update
294
Verifying Device Status in Device Monitor
295
Configuration Status
295
Connection Status
295
Verifying Device Status in Device Manager
297
Reviewing Logs
297
Identifying Administrative Changes
298
Reviewing Reports
298
Using Preview Tools
298
Running a Configuration Summary
299
Using a Delta Configuration Summary
299
Table 28: Delta Configuration Summary Information
300
Figure 66: Delta Configuration Summary Example
301
Performing an Update
302
Retrying a Failed Update
303
Configuring Update Options
303
Update Options for DMI-Compatible Devices
304
Tracking Device Updates
304
Figure 67: Job Manager Module
305
Figure 68: Job Information Dialog Box
306
Reviewing Job Information
306
Table 29: Device States During Update
307
Understanding Updating Errors
308
Figure 69: Failed Update Job Dialog Box
309
Chapter 7 Managing Devices
311
Managing Device Software Versions
312
Upgrading the Device Software Version
312
Managing Devices
313
Upgrading a Device Software Version from NSM
314
Upgrading a Device Software Version Outside NSM
314
Adjusting the Device os Version
315
Downgrading the Device os Version
315
Rolling Back the Device os Version
315
Deleting the Device os Version
316
Upgrading Device Support
316
Managing License Keys (Screenos Only)
316
Installing License Keys on a Device
317
Importing License Key Information into NSM
317
Installing Trial License Keys
317
Viewing and Reconciling Device Inventory
318
Viewing the Device Inventory
318
Figure 70: Viewing the Device Inventory
319
Comparing and Reconciling Device Inventory
319
Figure 71: Comparing the Device Inventory with the NSM Database
320
Uploading and Linking Large Binary Data Files
322
Figure 72: Adding a Shared Binary Data Object
323
Figure 73: Linking to a Shared Binary Data Object
324
Importing Custom Sign-In Pages
324
Creating a Custom Sign-In Page
325
Linking to a Custom Sign-In Page Shared Object
325
Importing Antivirus Live Update Settings
325
Linking to a Live Update File Shared Object
326
Importing Endpoint Security Assessment Plug-In (ESAP) Packages
326
Uploading ESAP Packages
326
Linking to an ESAP Package Shared Object
327
Importing Third-Party Host Checker Policies
327
Uploading a Third-Party Host Checker Policy
327
Linking to a Third-Party Host Checker Policy Shared Object
328
Uploading a Secure Virtual Workspace Wallpaper Image
328
Importing Hosted Java Applets (Secure Access Devices Only)
329
Linking to a Hosted Java Applet Shared Object
329
Uploading a Java Applet
329
Importing a Custom Citrix Client .Cab File (Secure Access Devices Only)
330
Linking to a Custom Citrix .Cab File Shared Object
330
Uploading a Custom Citrix Client .Cab File
330
Backing up and Restoring SA and IC Devices
330
Backing up an SA or IC Device
331
Restoring SA or IC Devices
331
Backing up Multiple SA or IC Devices
331
Configuring Preferences for Backing up and Restoring SA or IC Devices
331
Viewing Backed up Versions for an SA or IC Device
332
Setting the RMA State on an SA/IC Device
332
Activating an SA/IC Device Set to the RMA State
333
Performing a Full Restore of an SA or IC Device
334
Managing User Sessions for SA and IC Devices
334
Activating Subscription Services
335
Managing the Attack Object Database
335
Updating the Attack Object Database
336
Updating Attack Objects for IDP-Enabled Devices
336
Updating DI Attacks on Screenos 5.0 Devices
338
Using Updated Attack Objects
339
Verifying the Attack Object Database Version
339
Automatic Verification
339
Managing Different Attack Database Versions
340
Manual Verification
340
Versions
341
Updating the IDP Detector Engine
341
Figure 74: Attack Update Summary
342
Example: Confirm IDP Engine Version
342
Scheduling Security Updates
342
Table 30: Scheduled Security Update (SSU) Command Line Parameters
343
Example: Update Attack Objects and Push to Connected Devices
344
Scheduling the Update
344
Example: Using Crontab to Schedule Attack Updates
345
Viewing Scheduled Security Updates in the Audit Log Viewer
346
Viewing Scheduled Security Updates in the Job Manager
346
Updating AV Pattern Files
346
Updating the Web Category List
346
Miscellaneous Device Operations
347
Launching a Telnet CLI Window
348
Launching a Web UI for a Device
348
Rebooting Devices
348
Refreshing DNS Entries
349
Updating the Device Clock with an NTP Server
349
Setting the Root Administrator on a Device
350
Failing over or Reverting Interfaces
351
Setting the RMA State on a Device
351
Troubleshooting a BGP Peer Session on a Device
352
Upgrading the os Version During an RMA-Activate Device Workflow
352
Finding Usages
353
Reactivating Wireless Connections
353
Managing Screenos Device Capabilities
353
Abstract Data Model
354
Data Model Schema
354
Data Model Updating
355
Figure 76: Data Model Update
356
Data Model Importing
357
Figure 77: Data Model Importing
358
Figure 75: Import/Update Architecture
354
Archiving and Restoring
359
Archiving Logs and Configuration Data
359
Restoring Logs and Configuration Data
360
Managing Device Schemas through the Juniper Update Mechanism
360
Downloading Schemas
361
Downloading Schemas Using the GUI Server CLI
362
Downloading Schemas Using the NSM UI
362
Applying a Schema
363
Chapter 8 Configuring Objects
367
About Objects
368
Configuring Objects
369
Replacing Objects
370
Using Objects Across Domains
370
Working with Object Versions
371
Working with Unused Shared Objects
371
Deleting an Unused Shared Object
371
Searching for Unused Shared Objects
371
Configuring Address Objects
372
Searching for and Deleting Duplicate Objects
372
Creating Address Objects
373
Adding a Network Address Object
374
Adding an Address Object Group
375
Editing and Deleting Address Objects
375
Replacing Address Objects
375
Adding a Multicast Group Address Object
376
Adding Static DNS Host Addresses
377
Table 31: Application Table Tab Information
378
Viewing Address Objects
373
Blocked Hosts
378
Configuring Application Objects
378
Viewing Predefined Application Objects
378
Creating Custom Application Objects
379
Editing and Deleting Application Objects
379
Configuring Schedule Objects
380
Creating Schedule Objects
380
Configuring Access Profile Objects
380
Configuring Quality of Service Profiles
381
Creating a Quality of Service Profile
381
Deleting a Quality of Service Profile
382
Editing a Quality of Service Profile
382
Working with DI Attack Objects
383
Viewing Predefined DI Attack Objects
383
Viewing Attack Version Information for Attack Objects
383
Viewing Predefined DI Attack Object Groups
384
Updating Predefined DI Attack Objects and Groups
384
Creating DI Profiles
384
Table 32: Deep Inspection Profile Actions
385
Table 33: Deep Inspection IP Actions
386
Working with IDP Attack Objects
386
Viewing Predefined IDP Attacks
387
Viewing Predefined IDP Attack Groups
387
Viewing Attack Version Information for Attack Objects and Groups
388
Updating Predefined IDP Attack Objects and Groups
388
Configuring Custom DI and IDP Attack Objects
388
Using the Attack Object Wizard
389
Objects
389
Configuring Attack Name and Description
390
Configuring Extended Information
391
Configuring External References
391
Configuring Target Platforms
392
Creating a Signature Attack Object
393
Configuring General Attack Properties
393
Table 34: IP Protocol Name and Type Numbers
394
Table 35: Supported Services for Service Bindings
395
Configuring Attack Detection Properties
397
Table 36: Attack Pattern Syntax
398
Table 37: Attack Pattern Syntax Example Matches
398
Configuring Header Match Properties
400
Table 38: DI Attack Header Match Modifiers
401
Configuring a Protocol Anomaly Attack Object
403
Configuring a Compound Attack Object
404
Configuring General Attack Properties
404
Configuring Compound Attack Members
405
Configuring the Direction Filter
407
Creating Custom DI Attack Groups
407
Creating Custom IDP Attack Groups
407
Creating Static Attack Groups
408
Creating Dynamic Attack Groups (IDP Only)
408
Figure 78: New Dynamic Group
410
Figure 79: New Dynamic Group Members
411
Updating Dynamic Groups
411
Editing a Custom Attack Group
412
Deleting a Custom Attack Group
412
Unified Threat Management
412
Creating UTM Profiles
412
Creating an Antivirus Profile
413
Creating an Antispam Profile
414
Creating a Content Filtering Profile
414
Creating a URL Filtering Profile
415
Miscellaneous UTM Features
416
Multipurpose Internet Mail Extension (MIME) Lists
416
Command Lists
417
Extension Lists
417
URL Patterns
417
Screenos Threat Management Features
418
Configuring External AV Profiles
419
Configuring Internal AV Profiles
420
Configuring ICAP AV Servers and Profiles
421
Configuring ICAP AV Profiles
422
Configuring Web Filtering Objects
423
Configuring Custom Policy Fields
424
Defining Metadata
425
Instantiating New Objects
425
Adding Custom Detail Object to Rules
425
Open Log Viewer
426
Configuring GTP Objects
426
Configuring Info
426
Limiting GTP Message Length
426
Limiting GTP Message Rate
427
Limiting GTP Tunnels
427
Removing Inactive GTP Tunnels
427
Validating Sequence Numbers
427
Filtering GTP-In-GTP Packets
428
Inspecting Tunnel Endpoint Ids
428
Removing GTP R6 Informational Elements
428
Configuring Traffic Logging and Counting
428
Traffic Counting
428
Traffic Logging
428
Configuring IMSI Prefix and APN Filtering
429
Creating an APN Filter
429
Creating an IMSI Prefix Filter
430
Configuring GTP Message Filtering
431
Configuring Subscriber Tracing (Lawful Interception)
431
Example: Creating a GTP Object
431
Configuring Service Objects
432
Viewing Predefined Services
432
Table 39: Service Table Tab Information
433
Creating Custom Services
434
Service Object Groups
435
Example: Creating a Custom Service and Group
436
Example: Creating a Custom Sun-RPC Service
437
Example: Creating a Custom MS-RPC Service
438
Editing and Deleting Service Objects
439
Replacing Service Objects
439
Configuring SCTP Objects
440
Configuring an SCTP Object
440
Configuring Authentication Servers
440
Configuring General Authentication Server Settings
441
Configuring Authentication Server Redundancy
441
Configuring Authentication for User Types
442
Domain Name Stripping
442
Configuring Authentication Server Types
443
Configuring a RADIUS Authentication Server
443
Configuring a Securid Authentication Server
446
Configuring a TACACS Authentication Server
448
Configuring an LDAP Authentication Server
448
Configuring User Objects
449
Configuring Local Users
449
Configuring Local User Groups
450
Configuring External Users
450
Configuring External User Groups
450
Configuring VLAN Objects
453
Configuring IP Pools
453
Using Multiple IP Ranges
454
Configuring Group Expressions
454
Table 40: Group Expression Operators
455
Figure 80: Configure External User Groups for Sales and Marketing
457
Figure 81: Configure Group Expression for Sales and Marketing
457
Configuring Remote Settings
457
Configuring Routing Instance Objects
458
Viewing Routing Instance Objects
458
Creating Routing Instance Objects
458
Configuring NAT Objects
459
Configuring Legacy NAT Objects
459
Configuring DIP Objects
460
Configuring MIP Objects
460
Configuring VIP Objects
460
Configuring Junos os NAT Objects
461
Configuring Source NAT Objects
461
Table 41: Source NAT Configuration Options
462
Configuring Destination NAT Objects
464
Table 42: Destination NAT Configuration Options
465
Configuring Certificate Authorities
466
Using Certificate Authorities
467
Configuring Certificate Authorities
467
Configuring CRL Objects
468
Using Crls
468
Configuring Crls
469
Configuring Extranet Policies
469
Configuring Binary Data Objects
470
Adding Binary Data Objects
470
Viewing, Editing, and Deleting Binary Data Objects
471
Configuring Protected Resources
471
Creating Protected Resources
472
Editing Protected Resources
472
Configuring IKE Proposals
472
Creating Custom IKE Phase1 Proposals
473
Creating Custom IKE Phase 2 Proposals
474
Configuring Dial-In Objects
475
Creating a Dial-In Profile
475
Linking the Dial-In Profile with the Device
476
Setting the Time-Out Period for the Modem Dial-In Authentication
476
Configuring Border Signaling Gateway Objects
476
Chapter 9 Configuring Security Policies
479
About Security Policies
480
Viewing Rulebase Columns for a Security Policy
480
Configuring Security Policies
481
Figure 82: Displaying the Select Visible Columns Dialog Box
481
About Rulebases
482
Rule Execution Sequence
483
About Rules
484
About Firewall Rulebases
484
Firewall Rules (Zone and Global)
484
VPN Links and Rules
485
About Rule Groups
486
About the Multicast Rulebase
486
About IDP Rulebases on ISG Family Devices
486
About IDP Rulebases on Standalone IDP Sensors
487
Enabling Ipsec Null Encryption for IDP Inspection
488
Managing Security Policies
488
Creating a Security Policy
488
Configuring Objects for Rules
489
Applying the same Object to Multiple Rules
489
Running Screenos or Junos os
490
Using the Policy Filter Tool
490
Filtering the Comment Field
490
Using a Predefined IDP Policy
490
Using the Policy Creation Wizard
491
Adding Rulebases
492
Configuring Firewall Rules
492
Defining Match for Firewall Rules
493
Configuring Source and Destination Zones for Firewall Rules
493
Configuring Source and Destination Addresses for Firewall Rules
494
Support for Any-Ipv6 as a Source Address
495
Configuring Services for Firewall Rules
496
Defining Actions for Firewall Rules
496
Selecting Devices for Firewall Rules
497
Configuring Firewall Rule Options
498
Enabling NAT
498
Configuring Traffic Shaping in a Security Policy
499
Enabling GTP for Firewall Rules
499
Enabling Logging and Counting for Firewall Rules
501
Miscellaneous
502
Configuring Web Filtering for Firewall Rules
504
Configuring Authentication for Firewall Rules
505
Configuring Antivirus for Firewall Rules
506
Configuring a DI Profile/Enable IDP for Firewall Rules
507
Configuring the Session Close Notification Rule
508
Limiting Sessions Per Policy from Source Ips
508
Comments for Firewall Rules
509
Configuring Multicast Rules
509
Configuring Source and Destination Zones
510
Configuring Source and Destination Groups
510
Configuring Rule Options
510
Configuring Antivirus Rules
511
Configuring Antispam Rules
512
Configuring IDP Rules
512
Defining Match for IDP Rules
513
Configuring Source and Destination Address Objects for IDP Rules
513
Configuring Source and Destination Zones for IDP Rules (Does Not Apply to Standalone IDP Sensor Rulebases)
513
Configuring User Roles for IDP Rules
514
Configuring Services for IDP Rules
515
Configuring Terminal IDP Rules
516
Table 43: IDP Rule Actions
517
Defining Actions for IDP Rules
517
Configuring Attack Objects in IDP Rules
519
Adding IDP Attack Object Groups by Category
519
Adding Custom Dynamic Attack Groups
520
Adding IDP Attack Objects by Operating System
520
Adding IDP Attack Objects by Severity
520
Table 44: Severity Levels, Recommended Actions and Notifications
520
Figure 83: Configure IP Action
521
Configuring IP Actions in IDP Rules
521
Choosing a Block Option
521
Choosing an IP Action
521
Setting Logging Options
522
Setting Timeout Options
522
Configuring Notification in IDP Rules
522
Setting VLAN Tags for IDP Rules
523
Setting Severity for IDP Rules
524
Setting Target Devices for IDP Rules
524
Entering Comments for IDP Rules
524
Configuring Multiple IDP Policies for an MX Series Router
525
Configuring Application Policy Enforcement (APE) Rules
526
Adding the APE Rulebase Using the Policy Manager
526
Adding the APE Rulebase to a Policy Using the Application Profiler
527
Defining Matches for APE Rules
528
Configuring Source and Destination Address Objects for APE Rules
528
Configuring Services for APE Rules
529
Configuring User Roles for APE Rules
529
Table 45: APE Rule Actions
530
Configuring Actions for APE Rules
530
Configuring IP Actions in APE Rules
531
Choosing an IP Action
531
Choosing a Block Option
532
Setting Logging Options
532
Setting Timeout Options
532
Configuring Notification in APE Rules
532
Setting VLAN Tags for APE Rules
533
Setting Severity for APE Rules
533
Setting Target Security Devices for APE Rules
534
Entering Comments for APE Rules
534
Configuring Exempt Rules
534
Adding the Exempt Rulebase
534
Defining a Match
535
Configuring Source and Destination Address Objects
535
Configuring Source and Destination Zones
535
Setting Attack Objects
535
Specifying Vlans
536
Setting Target Devices
536
Entering Comments
536
Creating an Exempt Rule from the Log Viewer
536
Configuring Backdoor Rules
536
Adding the Backdoor Rulebase
537
Configuring Source and Destination Address Objects
538
Defining a Match
538
Configuring Services
538
Configuring Source and Destination Zones
538
Setting Operation
539
Table 46: Actions for Backdoor Rule
539
Setting Actions
539
Setting Notification
539
Setting Logging
539
Logging Packets
540
Setting an Alert
540
Setting Severity
540
Setting Target Devices
540
Specifying Vlans
540
Entering Comments
541
Configuring SYN Protector Rules
541
The TCP Handshake
541
SYN-Floods
541
Adding the SYN Protector Rulebase
542
Configuring Services
542
Configuring Source and Destination Address Objects
542
Defining a Match
542
Setting Mode
542
Entering Comments
544
Logging Packets
544
Setting an Alert
544
Setting Severity
544
Setting Target Devices
544
Specifying Vlans
544
Configuring Traffic Anomalies Rules
545
Detecting TCP and UDP Port Scans
545
Detecting Other Scans
545
Example: Traffic Anomalies Rule
545
Example: Session Limiting
546
Example: Traffic Anomalies Rule
546
Session Limiting
546
Adding the Traffic Anomalies Rulebase
546
Configuring Source and Destination Address Objects
546
Defining a Match
546
Configuring Services
547
Setting Detect Options
547
Setting Response Options
547
Setting Logging
547
Setting Notification
547
Setting Severity
548
Logging Packets
548
Setting an Alert
548
Specifying Vlans
548
Setting Target Devices
548
Entering Comments
548
Configuring Network Honeypot Rules
549
Impersonating a Port
549
Adding the Network Honeypot Rulebase
549
Defining a Match
549
Configuring Destination Address Objects and Services
549
Configuring the Source
549
Setting Response Options
550
Setting Operation
550
Setting Notification
550
Logging Packets
550
Setting an Alert
550
Setting Logging
550
Setting Target Devices
551
Setting Severity
551
Specifying Vlans
551
Entering Comments
551
Installing Security Policies
551
Assigning a Security Policy to a Device
551
Validating Security Policies
552
Table 47: Rule Shadowing Example
553
Unsupported Options
554
Installing New Security Policies
554
Configuring IDP Policy Push Timeout
555
Updating Existing Security Policies
555
Updating Only the IDP Rulebases on ISG Devices
556
Managing Rules and Policies
557
Helpful Tips
557
Selecting Rules
558
Editing Rule Order
558
Using Cut, Copy, and Paste on Rule Fields
558
Using Cut, Copy, and Paste on Rules
558
Dragging and Dropping Objects
559
Deleting a Rule
560
Disabling a Rule
560
Using Rule Groups
560
Reimporting Devices and Security Policies
560
Merging Policies
561
Figure 84: Security Policy a Rules (before Policy Merge)
562
Figure 85: Security Policy B Rules (before Policy Merge)
562
Figure 86: Security Policy Rules (Merged from Policy a and Policy B)
562
Importing SRX Series Devices that Contain Inactive Policies
563
Exporting Policies
563
Automatic Policy Versioning
564
Setting NSM to Automatic Policy Versioning
564
Viewing Existing Policy Versions
564
Creating a New Policy Version
565
Editing Comments for an Existing Policy Version
565
Using a Filter to Search for a Policy Version
565
Comparing Two Versions
566
Restore an Older Version
566
Viewing, Editing, Filtering, and Sorting Database Versions
567
Displaying the Differences between Database Versions
568
Update Device with an Older Database Version
568
Pre and Post Rules
569
Rule Application Sequence
570
Screenos Devices
570
Validation of Prerules and Postrules
570
Install-On Column for Prerules and Postrules
571
Managing Prerules and Postrules
571
Add Prerules and Postrules
571
Push Prerules and Postrules to Regional Server
571
Delete Prerules and Postrules
572
Modify Prerules and Postrules
572
Polymorphic Objects
572
Customizing Polymorphic Objects
572
Access Control of Polymorphic Object
573
Supported Polymorphic Object Categories
573
Table 48: Polymorphic Objects
573
Validation of Polymorphic Object
573
Manage Polymorphic Objects
574
Add a Polymorphic Object to a Pre/Post Rule
574
Create a Polymorphic Object
574
Devices
575
Map a Polymorphic Object to a Real Value
575
Chapter 10 Configuring Voice Policies
577
Adding a BSG Transaction Rulebase
577
Adding Rules to the BSG Transaction Rulebase
578
Chapter 11 Configuring Junos NAT Policies
581
Source NAT Policy
581
Adding a Source NAT Rulebase
582
Adding a Rule Set to the Source NAT Rulebase
582
Adding a Rule to a Source NAT Rule Set
583
Editing a Source NAT Rule or Rule Set
584
Destination NAT Policy
585
Adding a Destination NAT Rulebase
586
Adding a Rule Set to a Destination NAT Rulebase
586
Adding a Rule to a Destination NAT Rule Set
587
Editing a Destination NAT Rule or Rule Set
588
Static NAT Policy
589
Adding a Static NAT Rulebase
589
Adding a Rule Set to a Static NAT Rulebase
589
Adding a Rule to a Static NAT Rule Set
590
Editing a Static NAT Rule/Rule Set
591
Chapter 12 Configuring Vpns
593
About Vpns
594
Creating System-Level Vpns with VPN Manager
594
Configuring Vpns
595
Creating Device-Level Vpns in Device Manager
595
Supported VPN Configurations
595
Planning for Your VPN
595
Determining Your VPN Members and Topology
596
Site-To-Site
596
Using Network Address Translation (NAT)
596
Creating Redundancy
597
Full Mesh
597
Hub and Spoke
597
Protecting Data in the VPN
598
Using Ipsec
598
Using L2TP
600
Choosing a VPN Tunnel Type
600
About Policy-Based Vpns
600
About Route-Based Vpns
601
VPN Checklist
601
Define Members and Topology
601
Define Method: VPN Manager or Device-Level
602
Define Security Protocol (Encryption and Authentication)
602
Define VPN Type: Policy-Based, Route-Based, or Mixed-Mode
602
Preparing VPN Components
604
Preparing Basic VPN Components
604
Preparing Required Policy-Based VPN Components
604
Configuring Address Objects
605
Configuring Protected Resources
605
Configuring Shared NAT Objects
605
Configuring Remote Access Service (RAS) Users
606
Configuring Required Routing-Based VPN Components
607
Configuring Static and Dynamic Routes
608
Configuring Tunnel Interfaces and Tunnel Zones
608
Creating Certificate Objects
609
Creating PKI Defaults
610
Creating Vpns with VPN Manager
610
Adding the VPN
611
Adding RAS Users
614
Adding Routing-Based Members
614
Configuring Topology
616
Configuring Common VPN Topologies
616
Configuring Gateway Properties
618
Configuring Gateways
618
Defining Termination Points
618
Configuring Gateway Security
620
Configuring IKE Ids
621
Configuring IKE
622
IKE Properties
622
Configuring Security Level
623
Autogenerating VPN Rules
624
Configuring Overrides
624
Editing Policy Rules
624
Editing Device Configuration
625
Viewing the Device Tunnel Summary
626
Adding the VPN Link
626
Editing Vpns
626
Editing the VPN Configuration
627
Editing Users
627
Editing VPN Overrides
627
Editing VPN Protected Resources
627
VPN Manager Examples
627
Example: Configuring an Autokey IKE, Policy-Based Site-To-Site VPN
628
Figure 87: Create Tokyo Protected Resource Object for Autokey IKE VPN
629
Figure 88: Create Paris Protected Resource Object for Autokey IKE VPN
629
Figure 89: Configure Gateway Parameters for Autokey IKE VPN
631
Figure 90: View Autogenerated Rules for Autokey IKE VPN
631
Example: Configuring an Autokey IKE RAS, Policy-Based VPN
632
Figure 91: Add Chicago Protected Resource for Autokey IKE RAS VPN
633
Figure 92: Add New Local User for Autokey IKE RAS VPN
633
Figure 93: Configure Security for Autokey IKE RAS VPN
635
Example: Configuring an Autokey IKE, Route-Based Site-To-Site VPN
635
Figure 94: View Tunnel Summary for Autokey IKE, RB Site-To Site VPN
637
Example: Configuring Xauth Authentication with External User Group
638
Creating Device-Level Vpns
642
Supported Configurations
643
Creating Autokey IKE Vpns
643
Ikev2 and EAP Support
643
Configuring Gateways
644
Configuring Routes (Route-Based Only)
648
Configuring the VPN
648
Adding a VPN Rule
651
Creating Manual Key Vpns
651
Adding Xauth Users
652
Configuring Routes (Route-Based Only)
652
Configuring the VPN
652
Adding a VPN Rule
654
Creating L2TP Vpns
655
Adding L2TP Users
655
Configuring L2TP
655
Creating L2TP over Autokey IKE Vpns
656
Adding a VPN Rule
656
Adding VPN Rules
656
Configuring the VPN
656
Assign and Install the Security Policy
657
Configuring the Security Policy
657
Device-Level VPN Examples
657
Example: Configuring a Route-Based Site-To-Site VPN, Manual Key
658
Figure 95: Configure Tokyo Route for RB Site-To-Site VPN, MK
660
Figure 96: Configure Tokyo Trust Route for RB Site-To-Site VPN, MK
660
Figure 97: View Tokyo Routing Table for RB Site-To-Site VPN, MK
661
Figure 98: Configure Rules for RB Site-To-Site VPN, MK
662
Example: Configuring a Policy-Based Site-To-Site VPN, Manual Key
663
Example: Configuring a Policy-Based RAS VPN, L2TP
664
Auto-Connect Virtual Private Network
666
Configuring ACVPN
666
IVE VPN Monitoring
668
Chapter 13 Central Manager
669
Central Manager Overview
669
Regional Server and Central Manager Self-Sufficiency
669
Self-Sufficient Regional Server
670
Super Admin User
670
Regional Server Management
670
Management Modes for J Series and SRX Series Devices
670
Central Management Mode
670
Device Management Mode
671
Using Central Manager
671
Adding a Regional Server Object
671
Deleting a Regional Server Object
672
Logging into a Regional Server
672
Installing Global Policy to a Regional Server
672
Prerule and Postrule Updates During Global Policy Install
673
Name Space Conflict Resolution for Shared Objects
673
Shared Objects Update During Global Policy Install
673
Name Space Conflict Resolution for Polymorphic Objects
674
Chapter 14 Topology Manager
675
Overview of the NSM Topology Manager
675
About the NSM Topology Manager
675
Requirements for a Topology Discovery
675
About the NSM Topology Manager Toolbar
676
Initiating a Topology Discovery
677
Viewing a Network Topology
678
About the NSM Topology Map Views
678
Subnets View
678
Groups View
679
Menu Options in the Topology Map View
679
About the NSM Topology Table Views
680
Devices View
680
Endpoint Devices View
681
Free Ports View
681
Links View
681
About Topology Manager Preferences
681
Default Credentials Tab
682
Refresh Interval Tab
682
Preferred Subnets Tab
682
Adding Discovered Devices to NSM
682
Chapter 15 Role-Based Port Templates
685
Using Role-Based Port Templates
685
Managing Port Template Associations
686
Apply or Edit a Port Template
686
Detect and Resolve Configuration Conflicts
688
Clone a Port Template
688
Edit a Port Template
689
Chapter 16 Unified Access Control Manager
691
Overview of the Unified Access Control (UAC) Manager Views
691
The Infranet Controller View
691
The Enforcement Point View
692
Manager
692
Manager
693
Enabling 802.1X on Enforcement Point Ports in the UAC Manager
694
Disabling 802.1X on Enforcement Point Ports in the UAC Manager
695
Realtime Monitoring
699
Chapter 17 Realtime Monitoring
699
About the Realtime Monitor
699
Realtime Monitor Views
700
Monitoring Managed Devices
700
Viewing Device Status
700
Table 49: Device Status Information
701
Device Polling Intervals
703
Table 50: Device Polling Intervals
704
Viewing Device Monitor Alarm Status
704
Setting the Polling Interval for Device Alarm Status
704
Table 51: Device Detail Status Items
705
Viewing Additional Device Detail and Statistics
705
Viewing Device Details
705
Table 52: Device Statistics Summary
706
Viewing Device Statistics
706
Table 53: Device-Specific Views
707
Table 54: Policy Distribution Items
709
Table 55: Protocol Distribution Items
710
Table 56: VPN Monitor Table
712
Table 57: Active VPN Table
713
Table 58: Ethernet Statistics View Data
715
Table 59: Flow Statistics View Data
717
Table 60: Attack Counters
717
Table 61: Resource Statistics Items
721
Table 62: Administrators View
721
Table 63: Authenticated Users View
722
Table 64: Active Sessions Items
722
Table 65: HA Statistics View
725
Table 66: Device Status Information
726
Monitoring IDP Sensors
726
Viewing IDP Device Status
726
Table 67: IDP Device Detail Status Items
727
Viewing IDP Device Detail and Statistics
727
Table 68: IDP Sensor Process Status Items
728
Table 69: Device Statistics Summary (for IDP Sensors)
729
Table 70: VPN Tunnel Summary
730
Monitoring Vpns
730
Viewing the VPN Status Summary
730
Configuring a VPN Filter
731
Modifying a VPN Filter
731
Deleting a VPN Filter
732
Configuring a VPN Display Filter
732
Viewing Active VPN Details
732
Viewing Device-Specific VPN Information
732
Monitoring NSRP Statistics
732
Viewing NSRP Summary Information
732
Table 71: NSRP Device Summary
733
Viewing VSD/RTO Information
733
Table 72: VSD/RTO Summary
734
Table 73: VSD Counter Details
734
Table 74: RTO Counters Details
735
Table 75: IDP Cluster Monitor
735
Viewing RTO Counter Details
735
Monitoring IDP Clusters
735
Table 76: IDP Cluster Summary
736
Viewing IDP Cluster Summary Information
736
Monitoring IDP Cluster Members
737
Table 77: IDP Cluster Member Monitor
737
Using the Realtime Monitor
737
Monitoring the Management System
737
Configuring Servers
738
Configuring Device Servers
738
Configuring the GUI Server
739
Table 79: GUI Server Table
739
Table 78: Server Information
738
Using Server Monitor
740
Figure 99: Server Monitor (Machine-Wide Info)
741
Table 80: Server Monitor (Machine-Wide Info) Data
741
Table 81: Server Detail Status
742
Viewing Additional Server Status Details
742
Viewing Process Status
743
Figure 100: Process Status for the Device Server
744
Figure 101: Process Status for the GUI Server
744
Table 82: Process Status
744
Table 83: Management System Utilities
745
Using Schema Information
746
Viewing Device Schema
747
Chapter 18 Analyzing Your Network
749
About the Dashboard
749
About the Profiler
749
Example of Unique Events
750
Analyzing Your Network
751
Setting up the Profiler
751
Configuring the Profiler
752
Table 84: General IDP Profiler Settings
752
Enabling os Fingerprinting
753
Configuring Context Profiles
753
Configuring Network Objects
753
Configuring Alerts
754
Updating Profiler Settings
754
Customizing Profiler Preferences
755
Starting Profiler Operations on ISG Devices Without IDP Rules
755
Starting the Profiler
755
Stopping the Profiler
755
About Profiler Views
756
About the Protocol Profiler
757
Table 85: Protocol Profiler Data
757
About the Network Profiler
758
Table 86: Network Profiler Data
758
About the Violation Viewer
759
Configuring Permitted Objects
759
Table 87: Applciation Profiler Data
761
About the Application Profiler
761
Using Profiler Views
762
Violation Viewer
762
Filtering and Sorting from the Application Profiler
763
Refreshing Profiler Data
764
Viewing Database Information
764
Table 88: Detailed Network Information Data
765
Purging the Database
766
Recommended Profiler Options
766
Configuring a Network Baseline
767
Identifying a Baseline
767
Setting a Baseline
767
Keeping Your Network Current
767
Proactively Updating Your Network
768
Reacting to Vulnerability Announcements
768
Example: Identifying Vulnerable Components
768
Stopping Worms and Trojans
769
Example: SQL Worm
769
Example: Blaster Worm
770
Accessing Data in the Profiler Database
770
About Security Explorer
771
Figure 102: Security Explorer
772
Security Explorer Main Graph
772
Graph Types
773
Connections Detail Pane
773
Log Viewer
774
Reference Point Pane
774
Reports Viewer
774
Using Security Explorer
774
Analyzing Relationships
775
Setting a Time Duration
776
Table 89: Transitional Graphs
776
Transitioning to Other Relational Graphs
776
Viewing Predefined Reports
776
Adding and Removing Panels
777
Refreshing Data
777
Exporting to HTML
777
Logging
779
Chapter 19 Logging
779
About Logging
779
About Log Entries
780
About Log Events
780
About Log Severity
781
Table 91: Log Entry Severity Levels for DMI Devices
781
Table 92: Log Entry Severity Levels for Screenos and IDP Devices
781
Table 90: Event-Generated Log Entries
780
Viewing Logs
782
Device Limitations for Viewing Logs
783
Configuring the Device for Logging
783
Configuring Severity Settings
784
Table 93: Destinations of Log Entry Severities
784
Configuring E-Mail Server Settings
785
Forwarding Self Log Entries (Firewall Options)
785
Table 94: Self Log Entry Settings
785
Table 95: Email Server Settings for Log Entries
785
Configuring Events Reporting Settings
786
Screen Alarm Log Entries
786
Deep Inspection Alarm Log Entries
787
Event Alarm Log Entries
787
Traffic Alarm Log Entries
787
Configuration Log Entries
788
Information Log Entries
788
Self Log Entries
789
Traffic Log Entries
789
Attack Statistics
790
Ethernet Statistics
790
Flow Statistics
790
Policy Statistics
790
Protocol Distribution
790
Atomic Updating Events
791
Configuring SNMP Reporting Settings
791
Directing Logs to a Syslog Server
792
Directing Data to a Webtrends Server
793
Managing Packet Data in Logs
793
Table 96: Syslog Settings for Log Entries
793
Table 97: Webtrends Settings for Log Entries
793
Figure 103: View Packet Data in a Log
795
Figure 104: Sample Packet Data
796
Using the Log Viewer
796
Table 98: EX Series Switch Predefined Log Views
797
Table 99: SSL/UAC Predefined Log Views
798
Creating Custom Views and Folders
799
Table 100: Predefined Log Views
799
Creating Per-Session Views
800
Table 101: Log Viewer Columns
800
Log Viewer Detail Panes
803
Figure 105: View Category and Severity Filters
804
Log Viewer Status Bar
804
Navigating the Log Viewer
804
Searching Log Entries
804
Log Timeline
805
Table 103: Search Tools for Log Viewer
805
Figure 106: Log Viewer Time Slider
806
Figure 107: Log Viewer Time Display
806
Table 104: Log Viewer Flags
807
Using Flags
807
Using Log ID Number
808
Using the Find Utility
808
Table 102: Log Viewer Navigation Controls
804
Filtering Log Entries by Event and Time
808
Setting a Category Filter
808
Setting a Flag Filter
809
Setting a Protocol Filter
809
Setting an Address Filter
809
Setting an Alert Filter
809
Setting a Domain Filter
810
Setting a Time-Based Filter
810
Filtering Log Entries by Range
810
Setting a Bytes in or Bytes out Range Filter
811
Setting a Port Number Range Filter
811
Customizing Columns
812
Hide, Unhide, and Move Columns
812
Using Column Settings
812
Filtering Log Entries by Column
814
Figure 108: Filter Summary Dialog Box
815
Using Log Viewer Integration
816
Jump to Device Configuration
816
Jump to Policy
816
Figure 109: Viewing Summary Panel
817
Table 105: Irrelevant Versus Relevant Attacks
817
Identifying Irrelevant Attacks
817
Using the Log Investigator
818
About the Log Investigator UI
819
Figure 110: Log Investigator UI Overview
819
Configuring Axes
821
Figure 111: Configure Time Period Filter
821
Figure 112: Changing Time Period Filter
821
Setting a Log Entry Limit
822
Table 106: Log Investigator Filters
823
Example: Setting Filters in the Log Investigator
824
Figure 113: View Log Investigator Results
825
Investigating Log Entry Data
825
Using Rows and Columns
825
Table 107: Log Investigator Analysis
826
Using Cells
826
Zoom Details
827
Excluding Data
828
Jumping to the Log Viewer
828
Using the Audit Log Viewer
828
Figure 114: Audit Log Viewer UI Overview
829
Table 108: Audit Log Information
829
Managing the Audit Log Table
830
Setting a Start Time for Audit Log Entries
832
Target View and Device View
832
Managing Log Volume
832
Automatic Device Log Cleanup
833
Archiving Logs
834
Log Archival Mechanism
834
Setting Log Storage Limits
834
Archive Location
835
Date Limits
835
Obsolete Logs
835
Required Disk Space
835
System-Wide Retention Policy
835
Forwarding Logs
836
Sending E-Mail Notification of Downed Device
836
Using the Action Manager to Forward Logs by Domain
836
Configuring Action Parameters
837
Setting Device Log Action Criteria
838
Using the Log2Action Utility to Export Logs
840
Using Filters
840
Table 109: Common Filters
841
Exporting to CSV
843
Exporting to XML
843
Using XML Required and Optional Format-Specific Filters
843
Viewing XML Format Output
843
Exporting to SNMP
844
Using CSV Required and Optional Format-Specific Filters
844
Viewing CSV Format Output
844
Exporting to E-Mail
845
Using SNMP Required and Optional Format-Specific Filters
845
Viewing SNMP Format Output
845
Exporting to Syslog
846
Using E-Mail Required and Optional Format-Specific Filters
846
Using Syslog Required and Optional Format-Specific Filters
846
Exporting to a Script
847
Using Script Required and Optional Format-Specific Filters
847
Viewing Syslog Format Output
847
Reporting
849
Chapter 20 Reporting
849
About Reporting
849
Report Type Groupings
849
Graphical Data Representation
850
Integration with Logs
850
Central Access to Management Information
850
Report Types
851
Predefined Reports
851
Table 110: Firewall and VPN Reports
851
Table 111: DI/IDP Reports
852
Table 112: Screen Reports
853
Table 113: Administrative Reports
854
Table 114: UAC Reports
854
SSL/VPN Reports
855
Table 115: Profiler Reports
855
Table 116: AVT Reports
855
EX Series Switches Report
856
Table 117: SSL/VPN Reports
856
Table 118: EX-Switch Reports
856
My Reports
856
Shared Reports
856
Working with Reports
856
Generating a Predefined Report
857
Creating a Custom Report
857
Example: Creating a Custom Report
857
Deleting Reports
858
Organizing Reports in Folders
858
Generating Reports Automatically
858
Running Reports Using the Guisvrcli.sh Utility
858
Creating and Editing Action Scripts
859
Using Cron with Scheduled Reports
860
Exporting Reports to HTML
861
Setting Report Options
862
Naming a Report
862
Setting the Report Type
862
Configuring Report Source Data
863
Configuring a Report Time Period
863
Configuring the Data Point Count
863
Configuring the Chart Type
863
Sharing Your Custom Report
863
Modifying Report Filters
863
Configuring Report Processing Warnings
864
Saving Your Report Settings
864
Log Viewer Integration
864
Viewing Logs from Report Manager
864
Figure 115: Generating a Quick Report
865
Generating Quick Reports
865
Using Reports
865
Example: Using Administrative Reports to Track Incidents
865
Figure 116: Logs by User-Set Flag Report
866
Example: Using Administrative Reports to Optimize Rulebases
866
Figure 117: Top FW/VPN Rules Report
867
Example: Using EX Switch Reports to Track Configuration Changes
867
Figure 118: Top Configuration Changes Report
868
Example: Using SSL/VPN Reports to Track Authentication Failures
868
Example: Using Screen Reports to Identify Attack Trends
868
Example: Using DI Reports to Detect Application Attacks
869
Using the Watch List
869
Appendix A Glossary
873
Network and Security Manager (NSM) Term Definitions
873
Table 119: CIDR Translation
877
Table 120: Unmanaged Commands for Firewall/Vpn Devices
899
Appendix B Unmanaged Screenos Commands
899
Table 121: Surfcontrol Web Categories
901
Appendix D Common Criteria EAL2 Compliance
909
Guidance for Intended Usage
909
Guidance for Personnel
909
Guidance for Physical Protection
909
Appendix E Log Entries
911
Table 122: Screen Alarm Log Entries
911
Table 123: Alarm Log Entries
913
Appendix C Surfcontrol Web Categories
914
Deep Inspection Alarm Log Entries
914
Table 124: Deep Inspection Alarm Log Entries
915
Table 125: Configuration Log Entries
989
Information Log Entries
991
Table 126: Information Log Entries
992
Traffic Log Entries
993
Self Log Entries
993
GTP Log Entries
994
Index
997
Advertisement
Advertisement
Related Products
Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
Juniper NETWORK AND SECURITY MANAGER 2010.3
Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01
Juniper NETWORK AND SECURITY MANAGER 2010.4 - API GUIDE REV 1
Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1
Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING J SERIES SERVICES ROUTERS AND SRX SERIES SERVICES GATEWAYS GUIDE REV
Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1
Juniper NETWORK AND SECURITY MANAGER 2010.4 - NSMXPRESS SERIES II REV 1
Juniper NETWORK AND SECURITY MANAGER 2010.4 - REV1
Juniper Categories
Network Router
Switch
Gateway
Software
Network Hardware
More Juniper Manuals
Login
Sign In
OR
Sign in with Facebook
Sign in with Google
Upload manual
Upload from disk
Upload from URL