Adding L2V Root Systems; Adding An Extranet Device - Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1 Administration Manual

Network and Security Manager Administration Guide

Adding L2V Root Systems

Adding an Extranet Device

150
device has connected but the management system has not yet updated the device
configuration.
Update the device configuration by right-clicking the vsys and selecting Update
8.
Device. The Job Information box displays the job type and status for the update.
When the job status displays successful completion, click Close.
After the update finishes, the device status displays as "Managed", indicating that the
device has connected and the management system has successfully updated the device
configuration.
After you have modeled the vsys device, create the vsys configuration and update the
device. To check the vsys configuration status, mouse over the vsys device in Device
Manager, or check the configuration status in Device Monitor. The device status displays
as "Managed", indicating that the vsys has connected and the management system has
successfully updated the vsys configuration.
The NetScreen-5000 series security devices running ScreenOS 5.0 L2V also support
vsys transparent mode, also known as layer 2 vsys, or L2V vsys. The VLAN Trunk vsys
mode and the L2V mode are mutually exclusive; you must enable one or the other on
the root system:
When modeling an L2V root, ensure that the ScreenOS version is set to 5.0L2V and
the operating mode is set to Transparent. By default, the root system is modeled as a
neutral vsys, enabling you to configure the system in either L2V or VLAN Trunk mode.
When importing an L2V root:
If the device is in transparent mode with L2V enabled, NSM imports those settings
and creates the device in L2V mode.
If the device is in transparent mode with L2V disabled, NSM creates the device in
neutral vsys mode. You can use the NSM UI to configure the device in VLAN or L2V
mode.
If the device is in transparent mode with VLAN trunk enabled, NSM imports those
settings and creates the device in VLAN mode. In this mode, you can add vsys devices
to the root system, but you cannot import VLAN IDs to those vsys devices.
NOTE: As of Release 2007.3, NSM supports L2V on ISG1000 devices running ScreenOS
6.0 and later. L2V is still supported on ISG2000 and later.
For details on configuring these vsys modes, see Network and Security Manager Configuring
ScreenOS and IDP Devices Guide.
An extranet device is a firewall or VPN device that is not a Juniper Networks security
device. If you use devices from multiple manufacturers, you can add extranet devices to
Copyright © 2010, Juniper Networks, Inc.