Table of Contents
Advertisement
Network and Security Manager Administration Guide
Importing Existing Devices
42
NOTE: Juniper Networks also offers security devices with Intrusion Detection and
Prevention (IDP) capability. For details on how to enable IDP functionality on these
devices, see "Configuring IDP-Capable Devices Overview" on page 45.
For networks with deployed devices, if you have already designed, staged, and set up a
working physical device, you don't need to repeat that process; you can import that device
so it exists (virtually) inside the management station. Importing includes the routing, IP
configuration, access and security policies, access privileges, and other device-specific
information defined on the device.
To import existing devices:
Add the security device and import your device configuration.
1.
a.
In the NSM main navigation tree, select Device Manager > Devices.
b.
In the main display area, click the Add icon and select Device. Follow the
instructions in the Add Device Wizard to import an existing device.
As NSM imports the existing device configuration, it automatically creates all objects
and policies in the configuration.
NOTE: NSM does not import IDP rulebases in a security policy when importing the
device configuration.
For details on adding and importing existing devices, see "Importing Devices" on
page 112.
Verify the imported device configuration and related information:
2.
Run a Delta Config Summary and view the results to check for differences between
the physical device configuration and the device object configuration imported
into NSM.
Check device configuration information.
Check Address, Service, Schedule, and NAT objects.
Check security policies.
Check protected resources.
Check VPNs.
Correct any validation errors, if found, and check for duplicate objects (such as
3.
address objects, custom service objects). Be sure to consolidate any duplicate objects
before importing another device.
You can also delete devices from NSM, and reimport them if necessary. Deleting a device
removes all device configuration information from the management system, but might
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
