Table of Contents
Advertisement
Retrying a Failed Update
Configuring Update Options
Copyright © 2010, Juniper Networks, Inc.
If you chose to run a delta configuration summary, review the summary to ensure that
no conflict exists between the running configuration and the modeled configuration.
When updating your managed security devices, the update fails for each device that is
not connected to the management system at the time of update. For devices running
ScreenOS 5.1 or later, you can configure NSM to save the pending changes for an
unconnected device, and then install those changes when the device finally connects to
the management system.
NSM automatically changes the configuration state of an unconnected device that is
waiting for changes to the "Sync Pending" state. When a device in this state connects to
the management system, pending changes are immediately installed on the device and
the configuration state is changed to "In-Sync".
You can also configure the management system to abort update attempts for previously
unconnected devices to which out-of-band changes have been made. For example, you
attempt to update all your managed NS-5GT security devices, but device NS-5GT-25 is
disconnected from the management system for troubleshooting at the time of update.
When troubleshooting is finished and the device reconnects, to prevent NSM from
overwriting any out-of-band changes made, enable the option "Do not Update If Device
Has Changed".
You can configure device update and retry options on a systemwide basis (in the UI
preferences), on a per-update basis for multiple devices (in the Update Device(s) dialog
box), and on a per-update basis for a single device (in the device options dialog box).
The systemwide settings appear as the default settings for the per-update settings,
which you can change as needed for each update.
When configuring systemwide update options, you can enable or disable any option
independently; when configuring per-update options, dependencies apply.
Update Options for ScreenOS
Update options include:
Rematch, Session Treatment when modifying a policy rule—When enabled, NSM
preserves the existing sessions that are being tracked by the installed security policy
during the policy update procedure (devices running ScreenOS 5.1 or later only). At the
end of the update, NSM restores all valid sessions on the managed device and deletes
all invalid sessions.
When disabled, NSM does not preserve and restore existing sessions for an updated
managed device.
Show Unconnected Devices in Device Selection Dialog—When enabled, the NSM UI
displays devices that are not connected to the management system in the Update
Devices dialog box (which appears when you attempt to update the configuration for
a managed device).
Chapter 6: Updating Devices
253
Advertisement
Table of Contents
