Table of Contents
Advertisement
Network and Security Manager Administration Guide
Device Management
6
As your network grows, you might need to add existing devices, add new devices,
reconfigure existing devices, update software versions on older devices, or integrate a
new network to work with your existing network. NSM provides a virtual environment in
which to first model, verify, and then update your managed devices with changes.
Importing Devices
If you have existing devices deployed you can use the NSM import feature to import their
configurations, address books, service objects, policies, VPNs, and administrator privileges.
As NSM imports your existing device configurations, it automatically creates your virtual
network based on the configuration information.
You can import device configurations directly from your devices. Import all your devices
at one time, or, if your network is large, import one domain at a time.
Device Modeling
Using your virtual network to change, review, and test your network configuration before
deploying it to your physical network can help you discover problems like routing issues,
IP conflicts, and version mismatches across your entire network before they actually
occur. NSM includes configuration validation to help you identify device configuration
errors and missing information, and then points you to the trouble spot so you can quickly
fix the problem. When you have designed a virtual configuration that works, you can push
this configuration to your devices with a single update.
You can implement a new routing protocol across your network, design and deploy a
new security policy with traffic shaping, or create a new VPN tunnel that connects a
branch office to your corporate network.
Rapid Deployment
Rapid Deployment (RD) enables deployment of multiple ScreenOS security devices in
a large network environment with minimal user involvement. RD simplifies the staging
and configuration of security devices in nontechnical environments, enabling the secure
and efficient deployment of a large number of devices.
To use RD, the NSM administrator creates a small file (called a configlet) in NSM, and
then sends that configlet to an on site administrator who has local access to the security
device. With the help of the Rapid Deployment wizard, the onsite administrator installs
the configlet on the device, which automatically contacts NSM and establishes a secure
connection for device management.
RD is ideal for quickly bringing new security devices under NSM management for initial
configuration. You can model and verify your device configurations for undeployed devices,
and then install the completed device configuration when the device contacts NSM.
Policy-Based Management
Create simplified and efficient security policies for your managed devices. You can manage
security policies either in a Central Policy Manager or through in-device policy
management, depending on the type of device. The tools at your disposal are also
device-dependent, but can include:
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
