Page 2 Products made or sold by Juniper Networks or components thereof might be covered by one or more of the following patents that are owned by or licensed to Juniper Networks: U.S. Patent Nos. 5,473,599, 5,905,725, 5,909,440, 6,192,051, 6,333,650, 6,359,479, 6,406,312, 6,429,706, 6,459,579, 6,493,347, 6,538,518, 6,538,899, 6,552,918, 6,567,902, 6,578,186, and 6,590,785.
Page 3 REGARDING LICENSE TERMS. 1. The Parties. The parties to this Agreement are (i) Juniper Networks, Inc. (if the Customer’s principal office is located in the Americas) or Juniper Networks (Cayman) Limited (if the Customer’s principal office is located outside the Americas) (such applicable entity being referred to herein as “Juniper”), and (ii) the person or organization that originally purchased from Juniper or an authorized Juniper reseller the applicable...
Page 4 Customer shall be liable for any such violations. The version of the Software supplied to Customer may contain encryption or other capabilities restricting Customer’s ability to export the Software without an export license. Copyright © 2010, Juniper Networks, Inc.
Page 5 (including Juniper modifications, as appropriate) available upon request for a period of up to three years from the date of distribution. Such request can be made in writing to Juniper Networks, Inc., 1194 N. Mathilda Ave., Sunnyvale, CA http://www.gnu.org/licenses/gpl.html...
Page 15: About This Guide
This guide is written for developers and network administrators who configure and monitor Juniper Networks DMI and non-DMI compliant device routing platforms. Customers with technical knowledge of networks and the Internet. Network administrators who install, configure, and manage Juniper Networks products. Familiarity with the XML language is needed. Conventions The sample screens used throughout this guide are representations of the screens that appear when you install and configure the NSM software.
Page 16: Table 1: Text Conventions
Words enclosed in braces ( { } ) Represent required keywords or variables. { permit | deny } { in | out } { clusterId | ipAddress } Copyright © 2010, Juniper Networks, Inc.
Page 17: Documentation
Juniper Networks Website. Requesting Technical Support Technical product support is available through the Juniper Networks Technical Assistance Center (JTAC). If you are a customer with an active J-Care or JNASC support contract, or are covered under warranty, and need postsales technical support, you can access our tools and resources online or open a case with JTAC.
Page 18: Self-Help Online Tools And Resources
7 days a week, 365 days a year. Self-Help Online Tools and Resources For quick and easy problem resolution, Juniper Networks has designed an online self-service portal called the Customer Support Center (CSC) that provides you with the following features: Find CSC offerings: http://www.juniper.net/customers/support/...
Page 19: Nsm Api
This part introduces the Network and Security Manager (NSM) Application Programming Interface (API) with a brief overview, summary of the required client environment, list of the component APIs, and examples. Overview on page 3 NSM API Operations on page 7 Copyright © 2010, Juniper Networks, Inc.
Page 21: Overview
In this release, the NSM API provides the following features and functions: Central policy management NSM object management NSM directives: Import devices Update device Summarize delta configuration Get running configuration Retrieve device list per domain Copyright © 2010, Juniper Networks, Inc.
Page 22: Nsm Api Authentication And Authorization
Figure 1 on page 5 shows the basic structure of application-level errors returned by the NSM server. Table 4 on page 5 describes the frequently used ErrorType data type. Copyright © 2010, Juniper Networks, Inc.
Page 23: Figure 1: Errortype Data Type
ErrorMessage = Brief description of the condition that raised the error (type = string). ErrorActor = The source (location) of the error (type = string). ErrorDetails = Detailed error message (type = string). Copyright © 2010, Juniper Networks, Inc.
Page 25: Nsm Api Operations
“Failure” for login rejection. “Challenge” if the login request is being challenged but not yet denied. authToken =Token returned for login request success. This token is reused for other requests during the current session. Copyright © 2010, Juniper Networks, Inc.
Page 26: Data Centric Service Api
XML subtrees from the configurations from the devices. A subtree filter consists of zero or more element subtrees, which represent the filter selection criteria. Five types of components may be present in a subtree filter: Copyright © 2010, Juniper Networks, Inc.
Page 27: Data Centric Service Operations
= Filter to be applied to the result (type = ObjectFilterType) view = Transformation of the object. For the default view, the returned object follows the schema with no transformation (type = ViewType). property = Transformation parameters (type = NameValueType). Response: object Copyright © 2010, Juniper Networks, Inc.
Page 28 Data corruption does not occur even if an API user forgets to lock an object before modifying it. Request: command = Command that modifies the object (type = ModifyCommand). Response: metadata objectModification subObjectModification Copyright © 2010, Juniper Networks, Inc.
Page 29: Job Service Api
Time when the job will run. If not specified, the job will run immediately. jobArgs= List of the devices to which the job applies (type = JobArgsType). Response: JobResponseType status = Job status. jobName = Name of the job. response = Response to the job. Copyright © 2010, Juniper Networks, Inc.
Page 30 Time when the job will run. If not specified, the job will run immediately. jobArgs= List of the devices to which the job applies. Response: JobResponseType status = Job status. jobName = Name of the job. response = Response to the job. Copyright © 2010, Juniper Networks, Inc.
Page 31: Log Service Api
The Log Service API retrieves and displays logs of NSM events. Table 8 on page 14 summarizes these operations. See “Data Centric API WSDL” on page 135 for the WSDL file defining the API. Copyright © 2010, Juniper Networks, Inc.
Page 32: Table 8: Log Service Api Operations
Gets both the log data and the packet data that triggers the log. Request: dayId= Identifier for the day. recordNum= Record number. Response: numPackets= Number of packets returned. triggerPacket = Packet triggering the log event. data = Log data. Copyright © 2010, Juniper Networks, Inc.
Page 35: Data Objects
&<domain id>.<category name>.?????????<object name> precede <object name> The key data types are illustrated in Figure 2 on page 18. The entire set of common data types is described in Table 9 on page 18. Copyright © 2010, Juniper Networks, Inc.
Page 36: Figure 2: Nsm Api Data Objects
This complexType data code has the following sequence: domainId = ID of the domain (type = unsignedShort) category = Schema name of the category (type = string) objectIdOrName = Object ID or name (type = ObjectIdOrNameType). Copyright © 2010, Juniper Networks, Inc.
Page 37: Data Objects
This complexType data code is a partial response type. It has the following sequence: SequenceNum= Sequence number of the current response (type = int). IsDone = Total number of response messages (type = Boolean). Copyright © 2010, Juniper Networks, Inc.
Page 38 ConversationId = Identifier for the message conversation (type = string). UserSessionContext = Describes the context of the user session (type = anyType). AuditLogContext = Context for the audit log (type = anyType). ACFilter = Filter (type = anyType). Copyright © 2010, Juniper Networks, Inc.
Page 39: Common Message Data Types
The frequently used data types SimpleRequestType and SimpleResponseType are illustrated in Figure 3 on page 21 and Figure 4 on page 21. They are described in Table 10 on page 22 Figure 3: SimpleRequestType Data Type Figure 4: SimpleResponseType Data Type Copyright © 2010, Juniper Networks, Inc.
Page 40: Table 10: Simplerequesttype And Simpleresponsetype Definitions
Base type definition of the SOAP body of a response. This complexType data has the following sequence: Status = Status of the response (type = StatusCodeType). ConversationContext = Context of the message conversation (type = ConversationContextType). Errors = Errors returned (type = ErrorType). Copyright © 2010, Juniper Networks, Inc.
Page 41: Security Data Model
URL Filter Object (urlfilter_collection) on page 70 NSM Policy The NSM Policy collection ( ) data elements are illustrated and nsmpolicy_collection described in Figure 5 on page 24 and Table 11 on page 24. Copyright © 2010, Juniper Networks, Inc.
Page 42: Figure 5: Nsm Policy
Collection of references of rulebases. For more information, see “Security Rulebases” on page 25. firewall Reference of the firewall rulebase. Firewall rule data elements are included in a security policy. For more information, see “Firewall (rb_firewall_collection)” on page 33. Copyright © 2010, Juniper Networks, Inc.
Page 43: Security Rulebases
IDP detects the interactive traffic that is produced when backdoors are used. If interactive traffic is detected, IDP can perform IP actions against the connection to prevent the attacker from further compromising your network. Copyright © 2010, Juniper Networks, Inc.
Page 44 For configuration procedures, see the NSM Online Help and the NSM Administrator's Guide. The data elements in the backdoor rulebase are illustrated and described in Figure 6 on page 27 and Table 12 on page 27. Copyright © 2010, Juniper Networks, Inc.
Page 45: Figure 6: Backdoor Rulebase
Chapter 5: Security Data Model Figure 6: Backdoor Rulebase Table 12: Backdoor Rulebase Data Elements Data Element Description name_ Name of the backdoor rule type. (string). rules_collection Collection of all sets of rules. rules Collection of all rules. Copyright © 2010, Juniper Networks, Inc.
Page 46 The source sends traffic to this zone. dst_addr_collection Destination address for the traffic. dst_addr_negate Negates the specified destination address. service These service object rules specify the service that an attack uses to access the network. Copyright © 2010, Juniper Networks, Inc.
Page 47 Rules with this value set cannot be sent to devices that do not support VLAN tagging. log-actions Action to be taken on the log. This can include configuring SNMP, Syslog, CSV, XML, script, and e-mail settings. Copyright © 2010, Juniper Networks, Inc.
Page 48: Exempt (Rb_Exempt_Collection)
IDP will exempt. The data elements in the exempt rulebase are illustrated and described in Figure 7 on page 31 and Table 13 on page 31. Copyright © 2010, Juniper Networks, Inc.
Page 49: Figure 7: Exempt Rulebase
Table 13: Exempt Rulebase Data Elements Data Element Description name_ Name of the exempt type. rules_collection Collection of all sets of rules. rules Collection of all rules. rowcountperrule_collection Row count per rule in the collection. next_preferred_id Next preferred ID. Copyright © 2010, Juniper Networks, Inc.
Page 50 VLAN tagging. target_collection Specifies the security devices or templates that will receive and use this rule. You can select multiple security devices on which to install the rule. Copyright © 2010, Juniper Networks, Inc.
Page 51: Firewall (Rb_Firewall_Collection)
The data elements in the firewall rulebase are illustrated and described in Figure 8 on page 33, Figure 9 on page 34, and Table 14 on page 35. Figure 8: Firewall Rulebase Copyright © 2010, Juniper Networks, Inc.
Page 53: Table 14: Firewall Data Elements
For more information, see “Service (service_collection)” on page 54. action Determines the action to be performed by the security device when it detects traffic that matches the rule. The possible values are: deny permit reject tunnel Copyright © 2010, Juniper Networks, Inc.
Page 54 Web filtering. (default = false) url-protocol URL protocol. target_collection Specifies the security devices or templates that will receive and use this rule. You can select multiple security devices on which to install the rule. Copyright © 2010, Juniper Networks, Inc.
Page 55 For security devices running ScreenOS 5.3 or later, you can also manage the flow of traffic through the security device by limiting bandwidth at the incoming point. The possible values: priority Copyright © 2010, Juniper Networks, Inc.
Page 56 Security devices running ScreenOS 5.3 or later support Deep Inspection. A Deep Inspection (DI) Profile object contains predefined attack object groups (created by Juniper Networks) or your own custom attack object groups. Intrusion Detection and Prevention (IDP) is only supported on devices that have an IDP license installed.
Page 57: Idp (Rb_Idp_Collection)
IP address). In security policies, service objects define the type of traffic that a rule must monitor. These data elements are illustrated and described in Figure 10 on page 40 and Table 15 on page 41. Copyright © 2010, Juniper Networks, Inc.
Page 59: Table 15: Idp Rulebase Data Elements
Makes a rule terminal. Traffic matching the source, destination, and service of a terminal rule is not compared to subsequent rules even if the traffic does not match an attack object in the terminal rule. Copyright © 2010, Juniper Networks, Inc.
Page 60 Action to be taken on the log. This can include configuring SNMP, Syslog, CSV, XML, script, and e-mail settings. severity Severity of the attack. Within the IDP rulebase, you can override the ordinary attack severity on a per-rule basis. Possible settings: Default Info Warning Minor Major Critical seslog Log packets. Copyright © 2010, Juniper Networks, Inc.
Page 61: Multicast (Rb_Multicast_Collection)
(source multicast group mapped to another multicast group address). These data elements are illustrated and described in Figure 11 on page 44 and Table 16 on page 44. Copyright © 2010, Juniper Networks, Inc.
Page 62: Figure 11: Multicast Rulebase
Marks the end point for the zone in which to use the device. from_zone You must select a single zone for the source zone. The source will send multicast traffic from this zone. Copyright © 2010, Juniper Networks, Inc.
Page 63: Syn Protector (Rb_Syndef_Collection)
TCP traffic. If you know that your network is vulnerable to a SYN-flood, use the SYN-Protector rulebase to prevent it. These data elements are illustrated and described in Figure 12 on page 46 and Table 17 on page 46. Copyright © 2010, Juniper Networks, Inc.
Page 64: Figure 12: Syn Protector Rulebase
Description rb_syndef SYN Protector rules. name_ Name of SYN Protector rule. rules_collection Collection of all sets of rules. rowcountperrule_collection Row count per rule in the collection. rules Collection of all rules. ruleno Rule number. Copyright © 2010, Juniper Networks, Inc.
Page 65 = Specifies the VLAN tags to which the rule applies. You must create VLAN objects before applying them to the rules. Rules with this value set cannot be sent to devices that do not support VLAN tagging. Copyright © 2010, Juniper Networks, Inc.
Page 66: Traffic Anomalies (Rb_Tsig_Collection)
(such as scans). These data elements are illustrated and described in Figure 13 on page 49 and Table 18 on page 49. Copyright © 2010, Juniper Networks, Inc.
Page 67: Figure 13: Traffic Anomalies Rulebase
Table 18: Traffic Anamolies Rulebase Date Elements Data Element Description rb_tsig Traffic anomalies rules. name_ Name of the traffic rule collection. rules_collection Collection of all sets of rules. rowcountperrule_collection Row count per rule in the collection. Copyright © 2010, Juniper Networks, Inc.
Page 68 Sensor monitors 4 IP addresses over 2 seconds from the same source IP, the IDP Sensor logs it as a network scan. ipaction Enables and configures an IP action to prevent future malicious connections from the attacker's IP address. GTP logging. Copyright © 2010, Juniper Networks, Inc.
Page 70: Figure 14: Network Honeypot Rulebase
Data Element Description rb_portfaker Network honeypot (portfaker) rules. name_ Name of the portfaker type. rules_collection Collection of all sets of rules. rowcountperrule_collection Row count per rule in the collection. rules Collection of all rules. Copyright © 2010, Juniper Networks, Inc.
Page 71 = Specifies the VLAN tags to which the rule applies. You must create VLAN objects before applying them to the rules. Rules with this value set cannot be sent to devices that do not support VLAN tagging. Copyright © 2010, Juniper Networks, Inc.
Page 72: Service (Service_Collection)
Related services are aggregated into service groups. These data elements are illustrated and described in Figure 15 on page 55 and Table 20 on page 55. Copyright © 2010, Juniper Networks, Inc.
Page 73: Figure 15: Service Collection
NOTE: Addresses must be created before you can configure a security policy. See “Address (address_collection_type)” on page 56. Table 20: Service Collection Data Elements Data Element Description service Service rule collection. name_ Name of the service. service Service type. group Group global_collection Global zone. Copyright © 2010, Juniper Networks, Inc.
Page 74: Address (Address_Collection_Type)
Related addresses may be aggregated into address groups. These data elements are illustrated and described in Figure 16 on page 57 and Table 21 on page 57. Copyright © 2010, Juniper Networks, Inc.
Page 75: Schedule Object (Scheduleobj_Collection_Type)
The schedule object collection (scheduleobj_collection_type) enables you to work with schedules. Schedules define a time range during which a security policy rule is in effect. These data elements are illustrated and described in Figure 17 on page 58 andTable 22 on page 58. Copyright © 2010, Juniper Networks, Inc.
Page 76: Attack (Attack_Collection)
Recurrent collection. comment Comments about the scheduler type. Attack (attack_collection) The attack collection (attack_collection) enables you to counter attacks. You can configure basic information about possible attacks such as attack object severity, external Copyright © 2010, Juniper Networks, Inc.
Page 79: Table 23: Attack Collection Data Elements
Keywords associated with the attack. recommended-action Recommended action in response to the specified type of attack. Possible values: none (default) ignore drop-packet drop close-client close-server close inthewild Recommended extended Extended information. products_collection Products collection. refs References. Copyright © 2010, Juniper Networks, Inc.
Page 80: Antivirus (Avobj_Collection)
The Antivirus collection (avobj_collection) enables you to configure your security policies to include antivirus data. These data elements are illustrated and described in Figure 18 on page 63 and Table 24 on page 63. Copyright © 2010, Juniper Networks, Inc.
Page 81: Figure 18: Antivirus Collection
Name of the antivirus type. Antivirus type. comment Comments about the Antivirus type. source Anitvirus source All antivirus types. obj_seq_collection All of the object sequence collection scan-mgr Scan manager. ext-list_collection File extension lists. Copyright © 2010, Juniper Networks, Inc.
Page 82: Gtp (Gtpobj_Collection_Type)
The GPRS Tunneling Protocol (GTP) collection (gtp_collection) enables you to configure your security policies to handle GTP traffic. These data elements are illustrated and described in Figure 19 on page 65 and Table 25 on page 65. Copyright © 2010, Juniper Networks, Inc.
Page 83: Figure 19: Gtp Collection
Chapter 5: Security Data Model Figure 19: GTP Collection Table 25: GTP Collection Data Elements Data Element Description gtpobj GTP object Copyright © 2010, Juniper Networks, Inc.
Page 84 Sequence number validation gtp-in-gtp-denied GTP in GTP denied GTP logging. remove_r6_ie Not used often. teid_di Not used often. apn_collection IMSI prefix and APN filtering trace Subscriber trace notify NSGP notification drop GTP message content filtering. Copyright © 2010, Juniper Networks, Inc.
Page 85: Di Profile (Diprofile_Collection_Type)
DI Profile (DIProfile_collection_type) A Deep Inspection (DI) Profile collection contains predefined attack object groups (supplied by Juniper Networks) and your own custom attack object groups. These data elements are illustrated and described in Figure 20 on page 67 and Table 26 on page 67.
Page 86: Global Mip (Globalmpi_Collection)
The Global Mapping IP (MIP) collection (globablmpi_collection) data elements represent various mapped IP (MIP) settings in a security policy. These data elements are illustrated and described in Figure 22 on page 69 and Table 28 on page 69. Copyright © 2010, Juniper Networks, Inc.
Page 87: Global Vip (Globalvip_Collection)
The Global VIP collection (globalvip_collection) data elements represent various global virtual IP (VIP) settings in a security policy. These data elements are illustrated and described in Figure 23 on page 70 and Table 29 on page 70. Copyright © 2010, Juniper Networks, Inc.
Page 88: Url Filter Object (Urlfilter_Collection)
The URL Filter Object collection (urlfilter_collection) data elements represent various URL filter object settings in a security policy. These data elements are illustrated and described in Figure 24 on page 71 and Table 30 on page 71. Copyright © 2010, Juniper Networks, Inc.
Page 89: Figure 24: Url Filter Object Collection
Predefined Web profile urlfilter Web profile name_ Name of the URL profile type. type Type of URL filter object. comments Comments about the URL filter collection. blacklist Blacklisted URL (sites denied) whitelist Whitelisted URLs (sites permitted) Copyright © 2010, Juniper Networks, Inc.
Page 90 Network and Security Manager 2010.4 API Guide Table 30: URL Filter Data Collection (continued) Data Element Description other Action for all other URLs. members_collection Members categories. Copyright © 2010, Juniper Networks, Inc.
Page 91: Using The Nsm Api From A Perl Client
NSM API, and use the API to manage shared objects. Installing the Perl Client Environment on page 75 Using the Perl Client to Access the NSM API on page 81 Using the API to Manage Shared Objects on page 83 Copyright © 2010, Juniper Networks, Inc.
Page 93: Installing The Perl Client Environment
Install the CPAN bundle: cpan[1]> install Bundle::CPAN Install Crypt::SSLeay: cpan[1]> install Crypt::SSLeay . Install LWP: cpan[1]> install LWP install XML Simple: cpan[1]> install XML::Simple Install MIME Tools: cpan[1]> install MIME::Tools Install the MIME Parser: cpan[1]> install MIME::Parser Copyright © 2010, Juniper Networks, Inc.
Page 94: Installing The Perl Client Environment On Windows Machines
Install SOAP Lite (do not accept the default): cpan[1]> install SOAP::Lite Enable https, MIME, DIME, and Axis2 MIME support. Upgrade all modules, accepting the defaults: cpan> upgrade The upgrade process takes a few minutes. Copyright © 2010, Juniper Networks, Inc.
Page 95: Using A Perl Script To Access The Nsm Api
( "$jp_url/" . lc($service) ) -> on_fault ( sub { if ( $_[0]->transport->status =~ /^503/ ) { undef $main::ACTIVE_SERVER; soap_call($service,$method,$input); my $soap_method = SOAP::Data->name($method)->attr( {'xmlns' => "$jp_url/" . lc($service),'xmlns:xsd'=>NS_XSD, 'xmlns:xsi'=>NS_XSI} ); # Execute and grab response my $response; Copyright © 2010, Juniper Networks, Inc.
Page 96 } elsif ( $loginStatus eq "Failure" ) { print "Invalid credentials", "\n"; exit 1; sub get_all_sds() { my @token = ( SOAP::Data->name('Token')->value($LOGIN_TOKEN)->prefix('ns1') my @AuthToken = ( SOAP::Data->name('AuthToken')->value(\@token)->prefix('ns1')->uri('http://juniper.net/core') my $response = soap_call("SystemService","GetSystemInfoRequest", \@AuthToken); return $response; login("super","netscreen"); print $LOGIN_TOKEN, "\n"; get_all_sds; Copyright © 2010, Juniper Networks, Inc.
Page 99: Using The Perl Client To Access The Nsm Api
Login and Logout Enter the following commands to log into and log out of the Perl Client Library. # Login: my $host = [your hostname or IP here] my $connect = MAIN::NSM->new('HOST'=>"$host"); $connect->login; #Log out: $connect->logout; Copyright © 2010, Juniper Networks, Inc.
Page 101: Using The Api To Manage Shared Objects
To add address objects: Log into the Perl client. Initialize the address object. Enter: my $address = UTILS::ADDRESS->init( 'SOAP'=>$connect ); Add the host, network, multicast, group, and global objects. Add a host with IP/Mask. Enter: Copyright © 2010, Juniper Networks, Inc.
Page 102 @members = ('Foo-3','Foo-4'); $result = $address->addGroupObjects('OBJECT_NAME'=>'New-Group-2', 'GROUP_MEMBERS'=>\@members ); put_log('WARN', msg=>"Error while adding global objects." ) unless( $result ); @members = ( { 'DOMAIN'=>'any', 'DEVICE'=>'any', 'ADDRESS'=>'Foo-5' 'DOMAIN'=>'global', 'DEVICE'=>'wilma', 'ADDRESS'=>'Foo-6' } ); Add Global objects. Enter: Copyright © 2010, Juniper Networks, Inc.
Page 103: Replace An Address Object
) unless( $result ); Log out. Rename Address Objects This section shows how to rename an existing address object. To rename an address objects: Log into the Perl client. Rename the object. Copyright © 2010, Juniper Networks, Inc.
Page 104: Read Address Objects
$hash->{'OBJECT_NAME'}"); while( my $tmp = shift(@{$hash->{'MEMBERS'}} ) ){ put_log('INFO',msg=> "Result --> $tmp\n" ( $result, $values ) $client->getGlobalObjects('OBJECT_NAME'=>['Poly-1','Poly-2','Poly-3']); put_log('WARN', msg=>"Error while reading Global objects." ) unless( $result ); while( my $hash = shift(@{$values} ) ){ Copyright © 2010, Juniper Networks, Inc.
Page 105: Delete Address Objects
) unless( $result ); Log out. Using the Perl Client Library with Service Objects You can use the Perl Client Library to add, read, replace, and delete service objects. These activities are summarized in the following sections Copyright © 2010, Juniper Networks, Inc.
Page 106: Add Service Objects
'IS_ICMP'=>[ {'TYPE'=>'10', 'CODE'=>'11'}, {'TYPE'=>'20', 'CODE'=>'21'} my $result = $service->addServiceObjects('OBJECT_NAME'=>'Service-1', 'APPLICATION'=>'FTP', 'GROUP_MEMBERS'=>$members $members = { 'NOT_ICMP'=>[ {'PROTOCOL'=>'UDP'}, {'PROTOCOL'=>'TCP','SRC_TYPE'=>'specific','DST_TYPE'=>'specific'}, {'PROTOCOL'=>'IGMP','SRC_TYPE'=>'specific-string','DST_TYPE'=>'specific-string'}, {'PROTOCOL'=>'IP','SRC_TYPE'=>'range','DST_TYPE'=>'range'} $result = $service->addServiceObjects('OBJECT_NAME'=>'Service-2', 'APPLICATION'=>'DNS', 'GROUP_MEMBERS'=>$members $members = { 'SUN_RPC'=>[ {'SUN_LOW'=>'101'}, {'SUN_LOW'=>'201'} $result $service->addServiceObjects('OBJECT_NAME'=>'Service-3', 'APPLICATION'=>'DNS', 'GROUP_MEMBERS'=>$members Copyright © 2010, Juniper Networks, Inc.
Page 107: Add Group-Global Service Objects
'GROUP_MEMBERS'=>$members ); $result = $service->addGlobalObjects( 'OBJECT_NAME'=>'Poly-1' ); $members = [{'DOMAIN'=>'global'}]; $result = $service->addGlobalObjects( 'OBJECT_NAME'=>'Poly-2', 'GROUP_MEMBERS'=>$members ); $members = [{'DEVICE'=>'droopy'},{'SERVICE'=>'EGP'}]; $result $service->addGlobalObjects( 'OBJECT_NAME'=>'Poly-3', 'GROUP_MEMBERS'=>$members ); $members = [{},{}]; $result = $service->addGlobalObjects( 'OBJECT_NAME'=>'Poly-4', 'GROUP_MEMBERS'=>$members ); Log out. Copyright © 2010, Juniper Networks, Inc.
Page 108: Read Group-Global Service Objects
( $result, $values ) $service->getGlobalObjects('OBJECT_NAME'=>['Poly-1','Poly-2','Poly-3','Poly-4']); while( my $hash = shift(@{$values} ) ){ put_log('INFO', msg=>"Result ==> $hash->{'OBJECT_ID'} : $hash->{'OBJECT_NAME'} : $hash->{'COMMENT'} "); while( my $hashref = shift(@{$hash->{'MEMBERS'}} ) ){ put_log('INFO',msg=> "Result --> ".$hashref->{'DOMAIN'}.":".$hashref->{'DEVICE'}.":".$hashref->{'SERVICE'} Log out. Copyright © 2010, Juniper Networks, Inc.
Page 109: Replace Group-Global Service Objects
This section shows how to use the Perl Client Library to read device objects. NOTE: The COLOR and COMMENT arguments are optional for these procedures. Read Device Objects This section shows how to read device objects. Copyright © 2010, Juniper Networks, Inc.
Page 110 $result, $values ) $device->getDeviceObjects('OBJECT_NAME'=>['sweepea','droopy'] ); while( my $hash = shift(@{$values} ) ){ print "\n--------------------------\n"; while( my ($key, $val ) = each( %{$hash } ) ){ put_log('INFO',msg=> "KEY : $key\t VALUE : $val" ); } Log out. Copyright © 2010, Juniper Networks, Inc.
Page 111: Using The Nsm Api From A Java Client
Using APIs for Authentication on page 95 Using APIs for Policy Management on page 97 Using APIs for Shared Object Management on page 105 Using APIs for Job Management on page 111 Using APIs for Device Management on page 117 Copyright © 2010, Juniper Networks, Inc.
Page 113: Using Apis For Authentication
File argsCandidate = new File(webDir + File.separator + "client" + File.separator + "Properties.txt"); if (null != argsCandidate) { properties = new Properties(); FileInputStream fin = new FileInputStream(argsCandidate); properties.load(fin); fin.close(); String trustStore = (String) properties.get("javax.net.ssl.trustStore"); String trustStorePath = webDir + File.separator + trustStore.replace('/', File.separatorChar); Copyright © 2010, Juniper Networks, Inc.
Page 114: Logout
This API sample code shows how to log out from the NSM server. public void testLogout() { try { LogoutRequest logoutRequest = new LogoutRequest(); logoutRequest.setAuthToken(authToken); System.out.println("\nAuthToken: " + authToken.getToken() + " logging out ..."); stub.LogoutRequest(logoutRequest); } catch (Exception e) { e.printStackTrace(); Copyright © 2010, Juniper Networks, Inc.
Page 115: Using Apis For Policy Management
This section provides Data Centric Service API sample code that creates a new policy. testPolicyInsert.xml <?xml version="1.0" encoding="UTF-8"?> <nsmpolicy> <name_>test100</name_> <accesstype>regular</accesstype> <rulebases> <firewall>&1.rb_firewall.?????????rb_test100_130q6f9fs</firewall> </rulebases> </nsmpolicy> testRuleBaseFirewallInsert.xml <?xml version="1.0" encoding="UTF-8"?> <rb_firewall> <name_>rb_test100_130q6f9fs</name_> <rules_collection> <rules> <name_></name_> <direction> <global>false</global> <from_zone>trust</from_zone> <to_zone>untrust</to_zone> </direction> <dialupvpn> <enabled>false</enabled> <src-or-dst>none</src-or-dst> </dialupvpn> <src_addr_collection> Copyright © 2010, Juniper Networks, Inc.
Page 116 ModifyViewCommandType modifyCmd = new ModifyViewCommandType(); InsertObjectViewType insertObject = new InsertObjectViewType(); modifyCmd.setInsertObject(insertObject); insertObject.setCategory("nsmpolicy"); insertObject.setDomainId(new UnsignedShort("1")); //reads the policy in XML format from file "testPolicyInsert.xml" XMLInputFactory xmlInputFactory = XMLInputFactory.newInstance(); XMLStreamReader parser = xmlInputFactory.createXMLStreamReader (new FileInputStream(nsmPolicyFile)); StAXOMBuilder builder = new StAXOMBuilder(parser); Copyright © 2010, Juniper Networks, Inc.
Page 117: Update An Existing Policy
ModifyObjectViewRequest request = new ModifyObjectViewRequest(); request.setAuthToken(DataCentricServiceTest.authToken); //creates an object of ModifyViewCommandType ModifyViewCommandType modifyCmd = new ModifyViewCommandType(); //specifies the device from which to the policy is unassigned ObjectIdentifierType objectId = new ObjectIdentifierType(); objectId.setCategory("rb_firewall"); objectId.setDomainId(new UnsignedShort("1")); Copyright © 2010, Juniper Networks, Inc.
Page 118: Delete A Policy
//creates an object of ModifyViewCommandType ModifyViewCommandType modifyCmd = new ModifyViewCommandType(); DeleteObjectViewType deleteObject = new DeleteObjectViewType(); //specifies the rulebase to be deleted ObjectIdentifierType objectId = new ObjectIdentifierType(); objectId.setCategory("rb_firewall"); objectId.setDomainId(new UnsignedShort("1")); ObjectIdOrNameType objIdOrName = new ObjectIdOrNameType(); objIdOrName.setObjectName("rb_test100_130q6f9fs"); Copyright © 2010, Juniper Networks, Inc.
Page 119: Get A List Of Policies
GetObjectViewByCategoryResponse response = DataCentricServiceTest.stub.GetObjectViewByCategoryRequest(request); DataCentricServiceTest.print(response.getObject()); assertTrue(response.getStatus() == StatusCodeType.Success); } catch (Exception e) { e.printStackTrace(); Get a Policy This Data Centric Service API code sample gets a specific policy. * Gets a single policy object. Copyright © 2010, Juniper Networks, Inc.
Page 120: Assign A Policy To A Device
ModifyViewCommandType modifyCmd = new ModifyViewCommandType(); DeleteObjectViewType deleteObject = new DeleteObjectViewType(); //specifies the device to assign the policy: ObjectIdentifierType objectId = new ObjectIdentifierType(); objectId.setCategory("deviceobj"); objectId.setDomainId(new UnsignedShort("1")); ObjectIdOrNameType objIdOrName = new ObjectIdOrNameType(); objIdOrName.setObjectId(new UnsignedInt(0)); objectId.setObjectIdOrName(objIdOrName); //create an object of UpdateObjectViewType: Copyright © 2010, Juniper Networks, Inc.
Page 121: Remove A Policy Assignment
//creates an object of ModifyViewCommandType: ModifyViewCommandType modifyCmd = new ModifyViewCommandType(); //specifies the device from which to unassign the policy: ObjectIdentifierType objectId = new ObjectIdentifierType(); objectId.setCategory("deviceobj"); objectId.setDomainId(new UnsignedShort("1")); ObjectIdOrNameType objIdOrName = new ObjectIdOrNameType(); objIdOrName.setObjectId(new UnsignedInt(0)); objectId.setObjectIdOrName(objIdOrName); Copyright © 2010, Juniper Networks, Inc.
Page 122 //creates an object of UpdateObjectViewType: UpdateObjectViewType updateObject = new UpdateObjectViewType(); updateObject.addObjectIdentifier(objectId); modifyCmd.setUpdateObject(updateObject); NodeModificationType nodeModificationType = new NodeModificationType(); nodeModificationType.setDeleteNode("./nsmpolicy-id"); updateObject.setObjectModification(new ObjectModificationType()); updateObject.getObjectModification().addModification(nodeModificationType); request.addCommand(modifyCmd); //invokes the service: ModifyObjectViewResponse response = PolicyUnAssignmentTest.stub.ModifyObjectViewRequest(request); assertTrue(response.getStatus() == StatusCodeType.Success); } catch (Exception e) { e.printStackTrace(); Copyright © 2010, Juniper Networks, Inc.
Page 123: Chapter 11 Using Apis For Shared Object Management
<ip>1.1.1.8</ip> <netmask>21</netmask> </subnet> </address> </address> <comment>AddrA object</comment> </address> Sample Code * Inserts an Address object public void testInsertAddressObject() { try { File addressFile = new File(webDir + File.separator + pathOfInput + "/Input/" + "testAddressInsert.xml"); Copyright © 2010, Juniper Networks, Inc.
Page 124: Replace A Shared Object
The following Data Centric Service API sample code replaces a shared address object. The following XML documentation is the input for the Data Centric Service API sample code shown below. testAddressReplace.xml <?xml version="1.0" encoding="UTF-8"?> <address> <name_>AddrA</name_> <address> <zone>trust</zone> <address> <subnet> <ip>1.1.1.7</ip> <netmask>21</netmask> </subnet> </address> Copyright © 2010, Juniper Networks, Inc.
Page 125 XMLInputFactory xmlInputFactory = XMLInputFactory.newInstance(); XMLStreamReader parser = xmlInputFactory.createXMLStreamReader(new FileInputStream(addressFile)); StAXOMBuilder builder = new StAXOMBuilder(parser); OMElement ome = builder.getDocumentElement(); replaceObject.setObjecData(new ObjectDataType()); replaceObject.getObjecData().setData(this.createOpaqueDataType(ome)); replaceObject.setObjectIdentifier(objectId); modifyCmd.setReplaceObject(replaceObject); request.addCommand(modifyCmd); ModifyObjectViewResponse response = DataCentricServiceTest.stub.ModifyObjectViewRequest(request); assertTrue(response.getStatus() == StatusCodeType.Success); } catch (Exception e) { e.printStackTrace(); Copyright © 2010, Juniper Networks, Inc.
Page 126: Delete A Shared Object
{ try { System.out.println("Running testGetCategoryObject()"); GetObjectViewByCategoryRequest request = new GetObjectViewByCategoryRequest(); request.setAuthToken(DataCentricServiceTest.authToken); request.setCategory("address"); request.setDomainId(new UnsignedShort("1")); GetObjectViewByCategoryResponse response = DataCentricServiceTest.stub.GetObjectViewByCategoryRequest(request); System.out.println("Status=" + response.getStatus()); DataCentricServiceTest.print(response.getObject()); //gets the first address object returned: InputStream inputStream = Copyright © 2010, Juniper Networks, Inc.
Page 127: Get A Shared Object
GetObjectViewByIdRequest request = new GetObjectViewByIdRequest(); request.setAuthToken(DataCentricServiceTest.authToken); ObjectIdentifierType oid = new ObjectIdentifierType(); oid.setDomainId(new UnsignedShort("1")); oid.setCategory("address"); ObjectIdOrNameType choice = new ObjectIdOrNameType(); choice.setObjectName("AddrA"); oid.setObjectIdOrName(choice); request.addObjectIdentifier(oid); GetObjectViewByIdResponse response = DataCentricServiceTest.stub.GetObjectViewByIdRequest(request); DataCentricServiceTest.print(response.getObject()); assertTrue(response.getStatus() == StatusCodeType.Success); } catch (Exception e) { e.printStackTrace(); Copyright © 2010, Juniper Networks, Inc.
Page 129: Chapter 12 Using Apis For Job Management
= jobResponseList[i].getStatus(); System.out.println("JobName: " + jobName + " opStatus: " + opStatus + " jobStatus: " + jobStatus.toString()); assertTrue(opStatus == StatusCodeType.Success); if ((jobStatus == JobStatusType.COMPLETEDWITHSUCCESS) || (jobStatus == JobStatusType.COMPLETEDWITHFAILURE)) { break; } else { Copyright © 2010, Juniper Networks, Inc.
Page 130: Import A List Of Devices
String jobID = jobResponse.getJobName(); String status = jobResponse.getStatus().toString(); System.out.println("JobName: " + jobID + " opStatus: " + opStatus + " status: " + status); assertTrue(opStatus == StatusCodeType.Success); getJobResult(jobName, jobRequest.getJobArgs()); } catch (Exception e) { e.printStackTrace(); Copyright © 2010, Juniper Networks, Inc.
Page 131: Update A List Of Devices
{ try { File configSummaryInput = new File(webDir + File.separator + pathOfInput + "/Input/" + "testConfigSummary.txt"); BufferedReader reader = new BufferedReader(new InputStreamReader(new FileInputStream(configSummaryInput))); GetConfigSummaryRequest getConfigSummaryRequest = new GetConfigSummaryRequest(); String jobName = getUniqueJobId(config_summary); Copyright © 2010, Juniper Networks, Inc.
Page 132: Get A Running Configuration
String jobID = jobResponse.getJobName(); String status = jobResponse.getStatus().toString(); System.out.println("JobName: " + jobID + " opStatus: " + opStatus + " status: " + status); assertTrue(opStatus == StatusCodeType.Success); getJobResult(jobName, jobRequest.getJobArgs()); } catch (Exception e) { Copyright © 2010, Juniper Networks, Inc.
Page 133: Get The Delta Configuration
This Job Service API code sample shows how to cancel a job request. public void testCancelJobRequest() { try { File importDeviceInput = new File(webDir + File.separator + pathOfInput + "/Input/" + "testImportDevice.txt"); BufferedReader reader = new BufferedReader(new InputStreamReader(new FileInputStream(importDeviceInput))); //Starts to import Copyright © 2010, Juniper Networks, Inc.
Page 134 System.out.println("Cancel job " + jobID + "now"); CancelJobRequest cancelJobReq = new CancelJobRequest(); cancelJobReq.setAuthToken(authToken); cancelJobReq.setDomainId(jobRequest.getJobArgs().getDomainId()); cancelJobReq.setJobName(jobID); CancelJobResponse cancelJobResp = stub.CancelJobRequest(cancelJobReq); System.out.println("JobName: " + jobID + " opStatus: " + cancelJobResp.getStatus()); } catch (Exception e) { e.printStackTrace(); Copyright © 2010, Juniper Networks, Inc.
Page 135: Using Apis For Device Management
* Gets the IP addresses and the interfaces of all devices in one domain. public void testGetDeviceObjectByCategory_Filter() { try { System.out.println("Running testGetDeviceObjectByCategory_Filter()"); //creates an object of GetObjectViewByCategoryRequest: GetObjectViewByCategoryRequest request = new GetObjectViewByCategoryRequest(); request.setAuthToken(DataCentricServiceTest.authToken); request.setCategory("deviceobj"); request.setDomainId(new UnsignedShort("1")); //specifies the filter to retrieve the ip addresse and the interfaces: Copyright © 2010, Juniper Networks, Inc.
Page 136 + " <ip/>" + " </header>" + " <interface_collection/>" + " </deviceobj>"; filter.setFilter(this.createOpaqueDataType(subtreeFilter)); request.setObjectFilter(filter); //invokes the service: GetObjectViewByCategoryResponse response = DataCentricServiceTest.stub.GetObjectViewByCategoryRequest(request); System.out.println("Status=" + response.getStatus()); DataCentricServiceTest.print(response); assertTrue(response.getStatus() == StatusCodeType.Success); } catch (Exception e) { e.printStackTrace(); Copyright © 2010, Juniper Networks, Inc.
Page 137 This part contains the following chapters: Job Service API WSDL on page 121 System Service API WSDL on page 129 Data Centric API WSDL on page 135 Log Service API WSDL on page 145 Copyright © 2010, Juniper Networks, Inc.
Page 139: Chapter 14 Job Service Api Wsdl
</xs:documentation> </xs:annotation> <xs:sequence> <xs:element name="domainId" type="xs:unsignedInt"/> <xs:element name="deviceId" type="xs:unsignedInt" maxOccurs="unbounded"/> </xs:sequence> </xs:complexType> <xs:complexType name="JobRequestType"> <xs:annotation> <xs:documentation>The common parameters of the job request Copyright © 2010, Juniper Networks, Inc.
Page 140 <xs:documentation>Update the device configuration </xs:documentation> </xs:annotation> <xs:complexType> <xs:complexContent> <xs:extension base="core:SimpleRequestType"> <xs:sequence> <xs:element name="jobRequest" type="impl:JobRequestType"/> </xs:sequence> </xs:extension> </xs:complexContent> </xs:complexType> </xs:element> <xs:element name="UpdateDeviceResponse"> <xs:complexType> <xs:complexContent> <xs:extension base="core:SimpleResponseType"> <xs:sequence> <xs:element name="jobResponse" type="impl:JobResponseType"/> </xs:sequence> </xs:extension> </xs:complexContent> </xs:complexType> </xs:element> <xs:element name="ImportDeviceRequest"> Copyright © 2010, Juniper Networks, Inc.
Page 141 <xs:element name="GetConfigSummaryResponse"> <xs:complexType> <xs:complexContent> <xs:extension base="core:SimpleResponseType"> <xs:sequence> <xs:element name="jobResponse" type="impl:JobResponseType"/> </xs:sequence> </xs:extension> </xs:complexContent> </xs:complexType> </xs:element> <xs:element name="GetRunningConfigRequest"> <xs:annotation> <xs:documentation>Get the device configuration summarization currently running on an actual physical device </xs:documentation> </xs:annotation> <xs:complexType> <xs:complexContent> Copyright © 2010, Juniper Networks, Inc.
Page 142 <xs:element name="GetDeltaConfigRequest"> <xs:annotation> <xs:documentation>Get the differences between the modeled device configuration and the configuration running on the actual physical device. </xs:documentation> </xs:annotation> <xs:complexType> <xs:complexContent> <xs:extension base="core:SimpleRequestType"> <xs:sequence> <xs:element name="jobRequest" type="impl:JobRequestType"/> </xs:sequence> </xs:extension> </xs:complexContent> </xs:complexType> Copyright © 2010, Juniper Networks, Inc.
Page 143 <xs:documentation>Retrieves the status of the completed jobs. If no job name is specified, return all the completed jobs </xs:documentation> </xs:annotation> <xs:complexType> <xs:complexContent> <xs:extension base="core:SimpleRequestType"> <xs:sequence> <xs:element name="domainId" type="xs:unsignedInt"/> <xs:element name="jobName" type="xs:string" minOccurs="0"/> </xs:sequence> </xs:extension> </xs:complexContent> </xs:complexType> </xs:element> <xs:element name="GetJobResultResponse"> <xs:complexType> <xs:complexContent> Copyright © 2010, Juniper Networks, Inc.
Page 144 <wsdl:part name="GetRunningConfigResponse" element="impl:GetRunningConfigResponse"/> </wsdl:message> <wsdl:message name="GetDeltaConfigRequest"> <wsdl:part name="GetDeltaConfigReqest" element="impl:GetDeltaConfigRequest"/> </wsdl:message> <wsdl:message name="GetDeltaConfigResponse"> <wsdl:part name="GetDeltaConfigResponse" element="impl:GetDeltaConfigResponse"/> </wsdl:message> <wsdl:message name="GetJobResultRequest"> <wsdl:part name="GetJobResultRequest" element="impl:GetJobResultRequest"/> </wsdl:message> <wsdl:message name="GetJobResultResponse"> <wsdl:part name="GetJobResultResponse" element="impl:GetJobResultResponse"/> </wsdl:message> <wsdl:message name="CancelJobResponse"> <wsdl:part name="CancelJobResponse" element="impl:CancelJobResponse"/> </wsdl:message> Copyright © 2010, Juniper Networks, Inc.
Page 145 <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/> <wsdl:operation name="UpdateDeviceRequest"> <soap:operation soapAction="urn:#UpdateDeviceRequest"/> <input> <soap:body use="literal"/> </input> <output> <soap:body use="literal"/> </output> </wsdl:operation> <wsdl:operation name="ImportDeviceRequest"> <soap:operation soapAction="urn:#ImportDeviceRequest"/> <input> <soap:body use="literal"/> </input> <output> <soap:body use="literal"/> </output> </wsdl:operation> <wsdl:operation name="GetJobStatusRequest"> <soap:operation soapAction="urn:#GetJobStatusRequest"/> <wsdl:input> Copyright © 2010, Juniper Networks, Inc.
Page 146 <soap:operation soapAction="urn:#GetJobResultRequest"/> <input> <soap:body use="literal"/> </input> <output> <soap:body use="literal"/> </output> </wsdl:operation> <wsdl:operation name="CancelJobRequest"> <soap:operation soapAction="urn:#CancelJobRequest"/> <wsdl:input> <soap:body use="literal"/> </wsdl:input> <wsdl:output> <soap:body use="literal"/> </wsdl:output> </wsdl:operation> </wsdl:binding> <wsdl:service name="JobService"> <wsdl:port name="Job" binding="impl:JobSoapBinding"> <soap:address location="csp://webproxy/nsm/service/JobService"/> </wsdl:port> </wsdl:service> </wsdl:definitions> Copyright © 2010, Juniper Networks, Inc.
Page 147: Chapter 15 System Service Api Wsdl
<xs:enumeration value="Challenge"/> </xs:restriction> </xs:simpleType> <xs:complexType name="LoginStatus"> <xs:sequence> <xs:element name="status" type="impl:LoginStatusCodeType"/> <xs:element name="challenge" type="xs:string" minOccurs="0"/> </xs:sequence> </xs:complexType> <xs:element name="LoginRequest"> <xs:annotation> <xs:documentation>Login into the system domainName: the domain to login userName: the user name password: the password Copyright © 2010, Juniper Networks, Inc.
Page 148 <xs:complexType> <xs:complexContent> <xs:extension base="core:SimpleRequestType"> <xs:sequence> <xs:element name="challengeResponse" type="xs:string"/> </xs:sequence> </xs:extension> </xs:complexContent> </xs:complexType> </xs:element> <xs:element name="RespondToChallengeResponse" type="impl:LoginResponseType"/> <xs:element name="LogoutRequest"> <xs:complexType> <xs:complexContent> <xs:extension base="core:SimpleRequestType"/> </xs:complexContent> </xs:complexType> </xs:element> <xs:complexType name="ServiceDescType"> <xs:sequence> <xs:element name="name" type="xs:string"/> <xs:element name="version" type="xs:string"/> Copyright © 2010, Juniper Networks, Inc.
Page 149 </xs:schema> </wsdl:types> <wsdl:message name="LoginRequest"> <wsdl:part name="LoginRequest" element="impl:LoginRequest"/> </wsdl:message> <wsdl:message name="LoginResponse"> <wsdl:part name="LoginRequest" element="impl:LoginResponse"/> </wsdl:message> <wsdl:message name="RespondToChallengeRequest"> <wsdl:part name="RespondToChallengeRequest" element="impl:RespondToChallengeRequest"/> </wsdl:message> <wsdl:message name="RespondToChallengeResponse"> <wsdl:part name="RespondToChallengeResponse" element="impl:RespondToChallengeResponse"/> </wsdl:message> <wsdl:message name="LogoutRequest"> <wsdl:part name="LogoutRequest" element="impl:LogoutRequest"/> </wsdl:message> <wsdl:message name="GetSystemInfoRequest"> Copyright © 2010, Juniper Networks, Inc.
Page 150 <wsdl:input> <soap:body use="literal"/> </wsdl:input> <wsdl:output> <soap:body use="literal"/> </wsdl:output> </wsdl:operation> <wsdl:operation name="LogoutRequest"> <soap:operation soapAction="urn:#LogoutRequest"/> <wsdl:input> <soap:body use="literal"/> </wsdl:input> </wsdl:operation> <wsdl:operation name="GetSystemInfoRequest"> <soap:operation soapAction="urn:#GetSystemInfoRequest"/> <input> <soap:body use="literal"/> </input> <output> <soap:body use="literal"/> </output> </wsdl:operation> </wsdl:binding> <wsdl:service name="SystemService"> Copyright © 2010, Juniper Networks, Inc.
Page 151 Chapter 15: System Service API WSDL <wsdl:port name="System" binding="impl:SystemSoapBinding"> <soap:address location="http://localhost:8080/axis2/services/SystemService"/> </wsdl:port> </wsdl:service> </wsdl:definitions> Copyright © 2010, Juniper Networks, Inc.
Page 153: Chapter 16 Data Centric Api Wsdl
<simpleType name="BuiltInViewType"> <restriction base="xs:string"> <enumeration value="DefaultView"/> <enumeration value="XDBView"/> </restriction> </simpleType> <complexType name="NameValueType"> <sequence> <element name="name" type="xs:string"/> <element name="value" type="xs:string"/> </sequence> </complexType> <complexType name="ViewFilterType"> <choice> <element name="metadataOnly" type="xs:boolean"/> <element name="filter" type="core:OpaqueDataType"/> </choice> </complexType> <complexType name="ObjectViewFilterType"> Copyright © 2010, Juniper Networks, Inc.
Page 155 <extension base="core:SimpleRequestType"> <sequence> <element name="objectIdentifier" type="core:ObjectIdentifierType" maxOccurs="unbounded"/> <element name="dbVersionId" type="xs:unsignedInt" minOccurs="0"/> <element name="objectFilter" type="impl:ObjectViewFilterType" minOccurs="0" maxOccurs="unbounded"/> <element name="view" type="xs:string" minOccurs="0"/> <element name="property" type="impl:NameValueType" minOccurs="0" maxOccurs="unbounded"/> </sequence> </extension> </complexContent> </complexType> </element> <element name="GetObjectViewByIdResponse"> <complexType> <complexContent> Copyright © 2010, Juniper Networks, Inc.
Page 156 Otherwise, the whole object is returned </documentation> </annotation> <complexType> <complexContent> <extension base="core:SimpleRequestType"> <sequence> <element name="objectIdentifier" type="core:ObjectIdentifierType"/> <element name="dbVersionId" type="xs:unsignedInt" minOccurs="0"/> <element name="metadataOnly" type="xs:boolean" minOccurs="0"/> Copyright © 2010, Juniper Networks, Inc.
Page 157 <element name="view" type="xs:string" minOccurs="0"/> <element name="property" type="impl:NameValueType" minOccurs="0" maxOccurs="unbounded"/> </sequence> </extension> </complexContent> </complexType> </element> <element name="QueryObjectViewResponse"> <annotation> <documentation>The response of the query </documentation> </annotation> <complexType> <complexContent> <extension base="core:SimpleResponseType"> <sequence> <element name="resultSet" type="core:ResultSetType"/> </sequence> </extension> </complexContent> </complexType> Copyright © 2010, Juniper Networks, Inc.
Page 158 <complexContent> <extension base="core:SimpleRequestType"> <sequence> <element name="objectIdentifier" type="core:ObjectIdentifierType" maxOccurs="unbounded"/> </sequence> </extension> </complexContent> </complexType> </element> <element name="UnlockObjectViewRequest"> <complexType> <complexContent> <extension base="core:SimpleRequestType"> <sequence> <element name="objectIdentifier" type="core:ObjectIdentifierType" maxOccurs="unbounded"/> </sequence> </extension> </complexContent> </complexType> </element> <complexType name="LockingViewResponseType"> <complexContent> <extension base="core:SimpleResponseType"> Copyright © 2010, Juniper Networks, Inc.
Page 159 </wsdl:message> <wsdl:message name="ResolveObjectReferenceResponse"> <wsdl:part name="ResolveObjectReferenceResponse" element="impl:ResolveObjectReferenceResponse"/> </wsdl:message> <wsdl:message name="QueryObjectViewRequest"> <wsdl:part name="QueryObjectViewRequest" element="impl:QueryObjectViewRequest"/> </wsdl:message> <wsdl:message name="QueryObjectViewResponse"> <wsdl:part name="QueryObjectViewResponse" element="impl:QueryObjectViewResponse"/> </wsdl:message> <wsdl:message name="GetObjectDependentRequest"> <wsdl:part name="GetObjectDependentRequest" element="impl:GetObjectDependentRequest"/> </wsdl:message> <wsdl:message name="GetObjectDependentResponse"> <wsdl:part name="GetObjectDependentResponse" element="impl:GetObjectDependentResponse"/> </wsdl:message> <wsdl:message name="LockObjectViewRequest"> Copyright © 2010, Juniper Networks, Inc.
Page 160 <wsdl:operation name="LockObjectViewRequest"> <wsdl:input message="ns:LockObjectViewRequest"/> <wsdl:output message="ns:LockObjectViewResponse"/> </wsdl:operation> <wsdl:operation name="UnlockObjectViewRequest"> <wsdl:input message="ns:UnlockObjectViewRequest"/> <wsdl:output message="ns:UnlockObjectViewResponse"/> </wsdl:operation> </wsdl:portType> <wsdl:binding name="DataCentricSoapBinding" type="ns:DataCentricPortType"> <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/> <wsdl:operation name="GetObjectViewByIdRequest"> <soap:operation soapAction="urn:#GetObjectViewByIdRequest"/> <wsdl:input> <soap:body use="literal"/> </wsdl:input> <wsdl:output> <soap:body use="literal"/> </wsdl:output> </wsdl:operation> Copyright © 2010, Juniper Networks, Inc.
Page 161 <soap:operation soapAction="urn:#GetObjectDependentRequest"/> <input> <soap:body use="literal"/> </input> <output> <soap:body use="literal"/> </output> </wsdl:operation> <wsdl:operation name="LockObjectViewRequest"> <soap:operation soapAction="urn:#LockObjectViewRequest"/> <input> <soap:body use="literal"/> </input> <output> <soap:body use="literal"/> </output> </wsdl:operation> <wsdl:operation name="UnlockObjectViewRequest"> <soap:operation soapAction="urn:#UnLockObjectViewRequest"/> <input> <soap:body use="literal"/> </input> <output> <soap:body use="literal"/> Copyright © 2010, Juniper Networks, Inc.
Page 162 <wsdl:service name="DataCentricService"> <documentation> DataCentric service provides the API for data transformation. The schemas of the data to be transformed are specified in the seperate documentation. </documentation> <wsdl:port name="DataCentric" binding="ns:DataCentricSoapBinding"> <soap:address location="csp://nbiservice/nsm/service/DataCentricService"/> </wsdl:port> </wsdl:service> </wsdl:definitions> Copyright © 2010, Juniper Networks, Inc.
Page 163: Log Service Api Wsdl
<import namespace="http://juniper.net/core" schemaLocation="common/BaseMessages.xsd"/> <element name="GetPacketDataRequest"> <complexType> <complexContent> <extension base="core:SimpleRequestType"> <sequence> <element name="dayId" type="xs:unsignedInt"/> <element name="recordNum" type="xs:unsignedInt"/> </sequence> </extension> </complexContent> </complexType> </element> <element name="GetPacketDataResponse"> <complexType> <complexContent> <extension base="core:SimpleResponseType"> <sequence> <element name="numPackets" type="xs:unsignedInt" minOccurs="0"/> Copyright © 2010, Juniper Networks, Inc.
Page 164 <wsdl:output message="ns:GetPacketDataResponse"/> </wsdl:operation> </wsdl:portType> <wsdl:binding name="LogSoapBinding" type="ns:LogPortType"> <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/> <wsdl:operation name="GetPacketDataRequest"> <soap:operation soapAction="urn:#GetPacketDataRequest"/> <wsdl:input> <soap:body use="literal"/> </wsdl:input> <wsdl:output> <soap:body use="literal"/> </wsdl:output> </wsdl:operation> </wsdl:binding> <wsdl:service name="LogService"> <wsdl:port name="Log" binding="ns:LogSoapBinding"> <soap:address location="csp://nbiservice/nsm/service/LogService"/> </wsdl:port> </wsdl:service> </wsdl:definitions> Copyright © 2010, Juniper Networks, Inc.
Page 167: Index
AuthTokenType..............19 customOptions_collection.........28 ConversationContextType..........20 dst_addr_collection............28 DataFormatType.............18 dst_addr_negate.............28 DomainIdOrNameType..........19 dst_zone_collection............28 ErrorType................4 enabled................28 ObjectDataType..............19 log..................29 ObjectIdentifierType............18 log-actions................29 ObjectIdOrNameType...........19 op..................29 ObjectMetadataType............19 preferred-id..............28 ObjectType................19 rb-link.................28 OpaqueDataType............18 ruleno..................28 ProgressType..............20 service................28 SequenceType..............19 seslog.................30 StatusCodeType.............19 severity................30 SubObjectDataType............19 src_addr_collection............28 device configuration............xv, 11 Copyright © 2010, Juniper Networks, Inc.
Page 168 IDP Sensor.................50 GTP..................50 See also IDP packet.................42 idppolicy_type packet data retrieval............4 action..................42 packets................30 attacks................42 record.................30 comments.................41 Log Service API customOptions_collection..........41 GetPacketDataRequest..........14 diffserv................42 Log Viewer dst_addr_collection............41 using to view logs See log dst_addr_negate..............41 dst_zone_collection............41 enabled................41 Copyright © 2010, Juniper Networks, Inc.
Page 169 VLAN tag..................32 rule attach matching.............29 Web Service Definition Language........3 backdoor................26 WSDL.....................3 global..................25 Data Centric API............135 row count per..............41 Job Service API...............121 rule ID.............28, 32, 36, 41 Log Service API..............145 service object..............28 System Service API............129 Copyright © 2010, Juniper Networks, Inc.
Page 170 Network and Security Manager 2010.4 API Guide schema.................3 subtree filter...............8 See also subtree filter XSD....................3 definition files..............23 Copyright © 2010, Juniper Networks, Inc.

This manual is also suitable for:

Network and security manager 2010.4

Juniper NETWORK AND SECURITY MANAGER 2010.4 - API GUIDE REV 1 Manual

Chapter 1 Overview

Chapter 2 NSM API Operations

Chapter 5 Security Data Model

Chapter 3 Data Objects

Chapter 4 Common Message Data Types

Chapter 11 Using Apis for Shared Object Management

Chapter 12 Using Apis for Job Management

Chapter 13 Using Apis for Device Management

Chapter 14 Job Service API WSDL

Chapter 15 System Service API WSDL

Chapter 16 Data Centric API WSDL

Chapter 17 Log Service API WSDL

Quick Links

Need help?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Juniper NETWORK AND SECURITY MANAGER 2010.4 - API GUIDE REV 1

Summary of Contents for Juniper NETWORK AND SECURITY MANAGER 2010.4 - API GUIDE REV 1

This manual is also suitable for:

Table of Contents