Page 1 Network and Security Manager Configuring J Series Services Routers and SRX Series Services Gateways Guide Release 2010.4 Published: 2010-11-17 Revision 01 Copyright © 2010, Juniper Networks, Inc.
Page 2 Products made or sold by Juniper Networks or components thereof might be covered by one or more of the following patents that are owned by or licensed to Juniper Networks: U.S. Patent Nos. 5,473,599, 5,905,725, 5,909,440, 6,192,051, 6,333,650, 6,359,479, 6,406,312, 6,429,706, 6,459,579, 6,493,347, 6,538,518, 6,538,899, 6,552,918, 6,567,902, 6,578,186, and 6,590,785.
Page 3 REGARDING LICENSE TERMS. 1. The Parties. The parties to this Agreement are (i) Juniper Networks, Inc. (if the Customer’s principal office is located in the Americas) or Juniper Networks (Cayman) Limited (if the Customer’s principal office is located outside the Americas) (such applicable entity being referred to herein as “Juniper”), and (ii) the person or organization that originally purchased from Juniper or an authorized Juniper reseller the applicable...
Page 4 Customer shall be liable for any such violations. The version of the Software supplied to Customer may contain encryption or other capabilities restricting Customer’s ability to export the Software without an export license. Copyright © 2010, Juniper Networks, Inc.
Page 5 (including Juniper modifications, as appropriate) available upon request for a period of up to three years from the date of distribution. Such request can be made in writing to Juniper Networks, Inc., 1194 N. Mathilda Ave., Sunnyvale, CA http://www.gnu.org/licenses/gpl.html...
Page 19: About This Guide
Objectives Network and Security Manager (NSM) is a software application that centralizes control and management of your Juniper Networks devices. With NSM, Juniper Networks delivers integrated, policy-based security and network management for all security devices. NOTE: NSM supports only the domestic version of JUNOS on J Series and SRX Series platforms.
Page 20: Audience
Represents commands and keywords Issue the clock source command. in text. Specify the keyword exp-msg. Represents keywords Click User Objects Represents UI elements Represents text that the user must type. Bold typeface like this user input Copyright © 2010, Juniper Networks, Inc.
Page 21: List Of Technical Publications
| ipAddress } List of Technical Publications Table 4 on page xxii lists the manuals supporting Network and Security Manager and JUNOS software for J Series and SRX Series platforms. All documents are available at http://www.juniper.net/techpubs/ Copyright © 2010, Juniper Networks, Inc.
Page 22: Requesting Technical Support
Requesting Technical Support Technical product support is available through the Juniper Networks Technical Assistance Center (JTAC). If you are a customer with an active J-Care or JNASC support contract, xxii...
Page 23: Self-Help Online Tools And Resources
7 days a week, 365 days a year. Self-Help Online Tools and Resources For quick and easy problem resolution, Juniper Networks has designed an online self-service portal called the Customer Support Center (CSC) that provides you with the following features: Find CSC offerings: http://www.juniper.net/customers/support/...
Page 25: Getting Started
Getting Started Understanding J Series Services Router and SRX Series Services Gateway Configuration on page 3 J Series Services Routers and SRX Series Services Gateways and NSM Installation and Integration Overview on page 7 Copyright © 2010, Juniper Networks, Inc.
Page 27: Configuration
The NSM application and a device communicate through the Device Management Interface (DMI). DMI is a collection of schema-driven protocols that run on a common transport (that is, TCP). DMI is designed to work with Juniper Networks platforms to Copyright © 2010, Juniper Networks, Inc.
Page 28 To allow NSM to manage the device using the DMI protocol, NSM must import the schema and metadata files from the Juniper Networks Schema Repository, a publicly accessible resource that is updated with each device release. In addition to downloading the device’s current schema, NSM may also download upgraded software.
Page 29: Device Configurations Supported In Nsm For The J Series Services Router And Srx Series Services Gateway
NOTE: NSM supports only the domestic version of JUNOS on J Series and SRX Series platforms. The following device configurations are not supported: Editing licensing information, although licenses can be viewed Packaging log files or debug files for remote analysis Copyright © 2010, Juniper Networks, Inc.
Page 30 Configuring J Series Services Routers and SRX Series Services Gateways Guide Related NSM and Device Management Overview on page 3 Documentation Communication Between NSM and a Device Overview on page 3 Copyright © 2010, Juniper Networks, Inc.
Page 31: J Series Services Routers And Srx Series Services Gateways And Nsm Installation And Integration Overview
J Series Services Router and SRX Series Services Gateway Installation and Configuration Overview NOTE: For important safety information, read the Juniper Networks Security Products Safety Guide. Before you can add either a J Series Services Router or an SRX Series services gateway to NSM, the device must be installed and configured, and logon credentials for an NSM administrator must be configured for it.
Page 32: Nsm Installation Overview
NSM Installation Overview NSM is a software application that enables you to integrate and centralize management of your Juniper Networks environment. You need to install two main software components to run NSM: the NSM management system and the NSM user interface (UI).
Page 33: Adding J Series Services Router Clusters And Srx Series Services Gateway Virtual Chassis Clusters Overview
Series Services Gateway on page 5 Adding J Series Services Routers or SRX Series Services Gateways in NSM Overview on page 8 Adding J Series Services Router Clusters and SRX Series Services Gateway Clusters Overview on page 8 Copyright © 2010, Juniper Networks, Inc.
Page 34: Using Templates And Configuration Groups In Nsm Overview
Related Adding J Series Services Routers or SRX Series Services Gateways in NSM Overview Documentation on page 8 Adding J Series Services Router Clusters and SRX Series Services Gateway Clusters Overview on page 8 Copyright © 2010, Juniper Networks, Inc.
Page 35: Configuring J Series Services Routers And Srx Series Services Gateways
Configuring Security for J Series Services Routers and SRX Series Services Gateways on page 121 Configuring Services for J Series Services Routers and SRX Series Services Gateways on page 163 Configuring Integrated Convergence Services on the SRX Series Services Gateways on page 189 Copyright © 2010, Juniper Networks, Inc.
Page 36 Gateways on page 379 Configuring Interfaces in J Series Services Routers and SRX Series Services Gateways on page 395 Configuring Multicast Snooping Options in J Series Services Routers and SRX Series Services Gateways on page 423 Copyright © 2010, Juniper Networks, Inc.
Page 37: Configuring Access In J Series Services Routers And Srx Series Services Gateways
In the Comment box, enter the comment. 2. In the Name box, enter the name of the access profile. Related Configuring Access Profiles for L2TP or PPP Parameters (NSM Procedure) Documentation Configuring the RADIUS Parameters (NSM Procedure) Copyright © 2010, Juniper Networks, Inc.
Page 39: Configuring Accounting Options In J Series Services Routers And Srx Series Services Gateways
Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Accounting Options. Select Class Usage Profile. Add or modify the settings as specified in Table 6 on page 16. Click one: OK—Saves the changes. Copyright © 2010, Juniper Networks, Inc.
Page 40: Configuring A Log File (Nsm Procedure)
Click the Configuration tab. In the configuration tree, expand Accounting Options. Select File. Add or modify the settings as specified in Table 7 on page 17. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 41: Configuring The Filter Profile (Nsm Procedure)
Click the Configuration tab. In the configuration tree, expand Accounting Options. Select Filter Profile. Add or modify the settings as specified in Table 8 on page 18. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 42: Configuring The Interface Profile (Nsm Procedure)
Click the Configuration tab. In the configuration tree, expand Accounting Options. Select Interface Profile. Add or modify the settings as specified in Table 9 on page 19. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 43: Configuring The Policy Decision Statistics Profile (Nsm Procedure)
To configure the policy decision statistics profile in NSM: In the NSM navigation tree, select Device Manager > Devices. Click the Device Tree tab, and then double-click the device to select it. Copyright © 2010, Juniper Networks, Inc.
Page 44: Configuring The Mib Profile (Nsm Procedure)
In the NSM navigation tree, select Device Manager > Devices. Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Accounting Options. Select MIB Profile. Copyright © 2010, Juniper Networks, Inc.
Page 45: Configuring The Routing Engine Profile (Nsm Procedure)
Click the Configuration tab. In the configuration tree, expand Accounting Options. Select Routing Engine Profile. Add or modify the settings as specified in Table 12 on page 22. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 46 1 minute. cpu-load-5—Average system load over the last 5 minutes. cpu-load-15—Average system load over the last 15 minutes. Memory Usage—Memory usage in bytes. Total Cpu Usage—Amount of CPU time used. Copyright © 2010, Juniper Networks, Inc.
Page 47: Configuring Applications In J Series Services Routers And Srx Series Services Gateways
Add or modify settings as specified in Table 13 on page 24. Click one: OK—Saves the changes. Cancel—Cancels the modifications. NOTE: Application and application set are configurable, only if the device is in the in-device policy mode. Copyright © 2010, Juniper Networks, Inc.
Page 48 5. In the Comment box, enter the comment. 6. Click Application next to application-set. 7. Click Add new entry next to Application. 8. From the Name list, select the identifier of the application. 9. In the Comment box, enter the comment. Copyright © 2010, Juniper Networks, Inc.
Page 49: Configuring User Authentication In J Series Services Routers And Srx
Click the Configuration tab. In the configuration tree, select System > Radius Server. Add or modify Radius settings as specified in Table 14 on page 26. Click one: New—Adds a new RADIUS server. OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 50: Configuring Tacacs+ Authentication (Nsm Procedure)
New—Adds a new TACACS+ server. OK—Saves the changes. Cancel—Cancels the modifications. Table 15: TACACS+ Authentication Configuration Details Option Function Your Action Name Specifies the IP address of the TACACS+ server. Enter the IP address of the TACACS+ server. Copyright © 2010, Juniper Networks, Inc.
Page 51: Configuring Authentication Order (Nsm Procedure)
New authentication-order list. OK—Saves the changes. Cancel—Cancels the modifications. Related Configuring RADIUS Authentication (NSM Procedure) on page 25 Documentation Configuring TACACS+ Authentication (NSM Procedure) on page 26 Configuring User Access (NSM Procedure) on page 28 Copyright © 2010, Juniper Networks, Inc.
Page 52: Configuring User Access (Nsm Procedure)
For example, class can use. “request system reboot”. Login > Class > Permissions Permissions Configures the login access privileges Enter a new permission. to be provided on the device. Copyright © 2010, Juniper Networks, Inc.
Page 53: Configuring User Accounts
Configuring Template Accounts (NSM Procedure) You can create template accounts that are shared by a set of users when you are using RADIUS or TACACS+ authentication. When a user is authenticated by a template account, Copyright © 2010, Juniper Networks, Inc.
Page 54: Creating A Remote Template Account
Enter the user name. For example, type remote. Specifies the user identifier for a Enter the number associated with the login account. login account. Class Specifies the login class for the user. Select the login class. For example, select operator. Copyright © 2010, Juniper Networks, Inc.
Page 55: Creating A Local Template Account
Select the login class. For example, select superuser. Related Configuring RADIUS Authentication (NSM Procedure) on page 25 Documentation Configuring TACACS+ Authentication (NSM Procedure) on page 26 Configuring Authentication Order (NSM Procedure) on page 27 Copyright © 2010, Juniper Networks, Inc.
Page 57: Configuring Chassis In J Series Services Routers And Srx Series Services
Click the Configuration tab. In the configuration tree, expand Chassis > Aggregated Devices. Add or modify the settings as specified in Table 20 on page 34. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 58: Configuring Chassis Alarms (Nsm Procedure)
Click the Configuration tab. In the configuration tree, expand Chassis > Alarm. Add or modify the alarm settings as specified in Table 21 on page 35. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 59: Configuring Bridge Domains Properties (Nsm Procedure)
Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Bridge Domains. Select Domain. Add or modify settings as specified in Table 22 on page 36. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 60: Configuring Layer 2 Learning And Forwarding Properties For A Bridge Domain (Nsm Procedure)
Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Bridge Domains. Select Domain. Add or modify settings as specified in Table 23 on page 37. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 61 3. From the Limit list, select the maximum number of MAC bridge domain, virtual switch, addresses learned from an interface. or set of bridge domains. Range: 1 through 131,071 MAC addresses per interface Copyright © 2010, Juniper Networks, Inc.
Page 62: Configuring Forwarding Options (Nsm Procedure)
2. For configuring relay option 60 information for forwarding client client traffic to specific traffic to specific DHCP servers, see Configuring Relay Option DHCP servers. 60 Information for Forwarding Client Traffic to Specific DHCP Servers (NSM Procedure). Copyright © 2010, Juniper Networks, Inc.
Page 63: Configuring Logical Interfaces (Nsm Procedure)
Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Bridge Domains. Select Domain. Add or modify settings as specified in Table 25 on page 40. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 64: Configuring Multicast Snooping Options (Nsm Procedure)
In the Devices list, double-click the device to select it. In the Configuration tab, expand Bridge Domains. Select Domain. Add or modify the settings as specified in Table 26 on page 41. Click one: OK—saves the changes Cancel—cancels the modifications Copyright © 2010, Juniper Networks, Inc.
Page 65 2. In the Comment box, enter the comments. multicast snooping. 3. From the Restart Duration list, select the duration for graceful restart. Range: 0 to 300 seconds Default : 180 seconds Copyright © 2010, Juniper Networks, Inc.
Page 66 10. Click Flag next to Trace Options. 11. Click Add new entry next to flag. 12. From the Name list, select a tracing operation to perform. 13. In the Comment box, enter the comments. Copyright © 2010, Juniper Networks, Inc.
Page 67: Configuring Igmp Snooping (Nsm Procedure)
Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Bridge Domains. Select Domain. Add or modify settings as specified in Table 27 on page 44. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 68 The router loses contact with the hosts that properly remain in the multicast group until they send join requests in response to the next general multicast listener query from the router. Copyright © 2010, Juniper Networks, Inc.
Page 69 Click Proxy next to Igmp Snooping. proxy mode. 2. In the Comment box, enter the comment. 3. In the Source Address box, enter the IP address to use as the source for IGMP snooping reports in proxy mode. Copyright © 2010, Juniper Networks, Inc.
Page 70 9. Click Add new entry next to Flag. 10. From the Name list, select the flag to perform the trace operation. 11. In the Comment box, enter the comment for the flag. 12. Select the corresponding flag modifier check box. Copyright © 2010, Juniper Networks, Inc.
Page 71 The router loses contact with the hosts that properly remain in the multicast group until they send join requests in response to the next general multicast listener query from the router. Copyright © 2010, Juniper Networks, Inc.
Page 72: Configuring Vlan Id (Nsm Procedure)
Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Bridge Domains. Select Domain. Add or modify settings as specified in Table 28 on page 49. Click one: Copyright © 2010, Juniper Networks, Inc.
Page 73: Configuring Chassis Fpc (Nsm Procedure)
2. From the Name list, select the slot number of the DPC. corresponding Packet 3. From the Power list, configure the Flexible PIC Concentrator Forwarding Engines. (FPC) to stay offline or to come online automatically. Copyright © 2010, Juniper Networks, Inc.
Page 74 11. Click Add new entry next to Channel Group. 12. From the Name list, select the channel number. 13. In the Comment box, enter the comment. 14. In the Timeslots box, enter the actual time slot number. Copyright © 2010, Juniper Networks, Inc.
Page 75 7. In the Comment box, enter the comment. 8. Click Symmetric Hash next to Inet. 9. In the Comment box, enter the comment. 10. Select the Complement check box to include the complement of the symmetric hash in the hash key. Copyright © 2010, Juniper Networks, Inc.
Page 76 Non member list to the Members list. Remove—Removes the selected port-mirroring instances from the Members list. Add All—Adds all the port-mirroring instances from the Non-members list to the Members list. Remove All—Removes all the port-mirroring instances from the Members list. Copyright © 2010, Juniper Networks, Inc.
Page 77 5. In the Comment box, enter the comment. Related Configuring Aggregated Devices (NSM Procedure) on page 33 Documentation Configuring Chassis Alarms (NSM Procedure) on page 34 Configuring a T640 Router on a Routing Matrix (NSM Procedure) on page 54 Copyright © 2010, Juniper Networks, Inc.
Page 78: Configuring A T640 Router On A Routing Matrix (Nsm Procedure)
Packet 3. From the Name list, select the slot number of the DPC. Forwarding Engines. 4. From the Power list, configure the Flexible PIC Concentrator (FPC) to stay offline or to come online automatically. Copyright © 2010, Juniper Networks, Inc.
Page 79 11. Click Add new entry next to Channel Group. 12. From the Name list, select the channel number. 13. In the Comment box, enter the comment. 14. In the Timeslots box, enter the actual time slot number. Copyright © 2010, Juniper Networks, Inc.
Page 80 7. In the Comment box, enter the comment. 8. Click Symmetric Hash next to Inet. 9. In the Comment box, enter the comment. 10. Select the Complement check box to include the complement of the symmetric hash in the hash key. Copyright © 2010, Juniper Networks, Inc.
Page 81 Non member list to the Members list. Remove—Removes the selected port-mirroring instances from the Members list. Add All—Adds all the port-mirroring instances from the Non-members list to the Members list. Remove All—Removes all the port-mirroring instances from the Members list. Copyright © 2010, Juniper Networks, Inc.
Page 82 Configuring Aggregated Devices (NSM Procedure) on page 33 Documentation Configuring Routing Engine Redundancy (NSM Procedure) on page 59 Configuring a Routing Engine to Reboot or Halt on Hard Disk Errors (NSM Procedure) on page 60 Copyright © 2010, Juniper Networks, Inc.
Page 83: Configuring Routing Engine Redundancy (Nsm Procedure)
Click Graceful Switchover next to Redundancy. two Routing Engines, 2. In the Comment box, enter the comment. configure a master Routing Engine to switch over gracefully to a backup Routing Engine without interruption to packet forwarding. Copyright © 2010, Juniper Networks, Inc.
Page 84: Configuring A Routing Engine To Reboot Or Halt On Hard Disk Errors (Nsm Procedure)
Routing Engine. Related Configuring Aggregated Devices (NSM Procedure) on page 33 Documentation Configuring a T640 Router on a Routing Matrix (NSM Procedure) on page 54 Configuring Routing Engine Redundancy (NSM Procedure) on page 59 Copyright © 2010, Juniper Networks, Inc.
Page 85: Configuring Usb Modem Interfaces In J Series Services Routers And Srx
OK—Saves the changes. Cancel—Cancels the modifications. Table 33: USB Modem Interface Configuration Details Option Function Your Action Name Specifies the name of the new Enter a name for the new interface. interface. Dialer Options > Pool Copyright © 2010, Juniper Networks, Inc.
Page 86: Configuring A Dialer Interface (Nsm Procedure)
Specifies the name of the new Enter a name for the new interface. interface. Description Differentiates between Enter a description for the new different dialer interfaces. interface. Encapsulation Specifies the encapsulation. Select PPP from the encapsulation list. Copyright © 2010, Juniper Networks, Inc.
Page 87: Configuring Dial-In Options On A Dialer Interface (Nsm Procedure)
Unit > Dialer Options > Incoming Map Caller Specifies the incoming map Select accept-all to accept options for the dialer interface. all incoming calls. Select caller to accept calls from a specific caller ID. Copyright © 2010, Juniper Networks, Inc.
Page 88: Configuring A Chap Access Profile On A Dialer Interface (Nsm Procedure)
Enter a name for the client. Chap Secret Specifies the CHAP secret. Enter the CHAP secret. NOTE: Enter the client name and CHAP secret for each client to be included in the CHAP profile. Copyright © 2010, Juniper Networks, Inc.
Page 89 Specifies the profile name. Enter a unique profile name containing a client list and access parameters. Related Configuring a Dialer Interface (NSM Procedure) on page 62 Documentation Configuring a USB Modem Interface (NSM Procedure) on page 61 Copyright © 2010, Juniper Networks, Inc.
Page 91: Configuring Policy Options In J Series Services Routers And Srx Series
Select As Path Group. Add or modify the parameters as specified in Table 38 on page 68. Click one: OK—To save the changes. Cancel—To cancel the modifications. Apply — To apply the protocol settings. Copyright © 2010, Juniper Networks, Inc.
Page 92 In the configuration tree, expand Policy Options. Select Community. Add or modify the parameters as specified in Table 39 on page 69. Click one: OK—To save the changes. Cancel—To cancel the modifications. Apply — To apply the protocol settings. Copyright © 2010, Juniper Networks, Inc.
Page 93: Configuring A Bgp Export Policy Condition (Nsm Procedure)
In the configuration tree, expand Policy Options. Select Condition. Add or modify the parameters as specified in Table 40 on page 70. Click one: OK—To save the changes. Cancel—To cancel the modifications. Apply — To apply the protocol settings. Copyright © 2010, Juniper Networks, Inc.
Page 94: Configuring Flap Damping To Reduce The Number Of Bgp Update Messages(Nsm Procedure)
To configure damping for a BGP routing policy in NSM: In the navigation tree, select Device Manager > Devices. In the Devices list, double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Policy Options. Select Damping. Copyright © 2010, Juniper Networks, Inc.
Page 95 Max Suppress Indicates the maximum time in minutes Enter the time limit or select it from that a route can be suppressed no the list. matter how unstable it has been. 2. Click OK. Copyright © 2010, Juniper Networks, Inc.
Page 96: Configuring A Routing Policy Statement (Nsm Procedure)
2. Select policy-statement 3. Specify the name. Comment Specifies the comment for the policy Click the New button or select a statement. policy statement and click Edit button. 2. Select policy-statement 3. Specify the comment. Copyright © 2010, Juniper Networks, Inc.
Page 97: Configuring Prefix List (Nsm Procedure)
This feature enables you to create a named prefix list and include it in a routing policy. To configure prefix list in NSM: Copyright © 2010, Juniper Networks, Inc.
Page 98 Prefix List Item Specifies the prefix list item. Click the New button or select a prefix list and click Edit button. 2. Expand prefix-list tree and select Prefix List Item. 3. Specify the name and comment. Copyright © 2010, Juniper Networks, Inc.
Page 99: Services Gateways
Configuring Maximum Prefixes (NSM Procedure) You can configure a limit for the number of routes installed in a routing table based upon the number of route prefixes in the table. . To configure maximum prefixes limit in NSM: Copyright © 2010, Juniper Networks, Inc.
Page 101: Configuring Multicast (Nsm Procedure)
2. Click the New button or select a point-to-multipoint (P2MP) group and click the Edit button. label-switched paths (LSPs) are used for multicast distribution. 3. Configure the PE group name, local address, and backup address. Copyright © 2010, Juniper Networks, Inc.
Page 102 A new entry is created as soon as the number of multicast forwarding cache entries falls below the suppression value. You can also specify a timeout value for all multicast forwarding cache entries. Copyright © 2010, Juniper Networks, Inc.
Page 103 To 3. Specify the address range of the SSM deploy SSM successfully, you need an group. end-to-end multicast-enabled network and applications that use an Internet Group Management Protocol version 3 (IGMPv3). Copyright © 2010, Juniper Networks, Inc.
Page 104: Configuring Multipath (Nsm Procedure)
You can update multiple devices at one time. See the Updating Devices section in the Network and Security Manager Administration Guide for more information. Copyright © 2010, Juniper Networks, Inc.
Page 105: Configuring Options (Nsm Procedure)
You can update multiple devices at one time. See the Updating Devices section in the Network and Security Manager Administration Guide for more information. Copyright © 2010, Juniper Networks, Inc.
Page 106: Configuring Route Resolution (Nsm Procedure)
You can update multiple devices at one time. See the Updating Devices section in the Network and Security Manager Administration Guide for more information. Copyright © 2010, Juniper Networks, Inc.
Page 107: Configuring Routing Table Groups (Nsm Procedure)
Devices Click the tab. Configuration In the configuration tree, expand Routing Options Select Rib Groups Add or modify the parameters as specified in Table 49 on page 84. Click one: OK—To save the changes. Copyright © 2010, Juniper Networks, Inc.
Page 108 Enables you to apply one or more Expand the tree and select rib-group policies to routes imported into the Import Policy routing table group. 2. Set up the import policies for the routing table group. Copyright © 2010, Juniper Networks, Inc.
Page 109: Configuring Routing Tables (Nsm Procedure)
You can update multiple devices at one time. See the Updating Devices section in the Network and Security Manager Administration Guide for more information. Copyright © 2010, Juniper Networks, Inc.
Page 110 Maximum Prefixes Enables you to configure a limit for the Expand the tree and select number of routes installed in a routing Maximum Prefixes table. 2. Set up the and the Maximum Prefixes Threshold Copyright © 2010, Juniper Networks, Inc.
Page 111: Configuring Source Routing (Nsm Procedure)
Devices section in the Network and Security Manager Administration Guide for more information. Table 51: Source Routing Fields Option Function Your Action Comment Specifies the comment for the source Enter the comment. routing configuration. Copyright © 2010, Juniper Networks, Inc.
Page 112: Configuring Static Routes (Nsm Procedure)
You can update multiple devices at one time. See the Updating Devices section in the Network and Security Manager Administration Guide for more information. Copyright © 2010, Juniper Networks, Inc.
Page 113: Configuring Generated Routes (Nsm Procedure)
Devices Click the tab. Configuration In the configuration tree, expand Routing Options Select Generate Add or modify the parameters as specified in Table 53 on page 90. Click one: Copyright © 2010, Juniper Networks, Inc.
Page 114: Configuring Graceful Restart (Nsm Procedure)
The network topology is stable. The neighbor or peer cooperates. The restarting device is not already cooperating with another restart already in progress. The grace period does not expire. To configure graceful restart in NSM: Copyright © 2010, Juniper Networks, Inc.
Page 115: Configuring Forwarding Table (Nsm Procedure)
This feature enables you to configure forwarding table in NSM. To configure forwarding table in NSM: In the navigation tree, select Device Manager > Devices In the list, double click the device to select it. Devices Click the tab. Configuration Copyright © 2010, Juniper Networks, Inc.
Page 116 Export Enables you to apply one or more Expand the tree Forwarding Table policies to routes being exported from and select Export the routing table into the forwarding 2. Enter the export policies. table. Copyright © 2010, Juniper Networks, Inc.
Page 117: Configuring Flow Route (Nsm Procedure)
Devices section in the Network and Security Manager Administration Guide for more information. Table 56: Flow Route Fields Option Function Your Action Comment Specifies the comment for the flow Enter a comment. route. Route Copyright © 2010, Juniper Networks, Inc.
Page 118 2. Expand the Traceoptions tree and that tracing results be saved in a log file. configure the file and flag You can configure the tracing flag, filter, parameters, and the tracing policy. and the tracing policy. Copyright © 2010, Juniper Networks, Inc.
Page 119: Configuring Fate Sharing (Nsm Procedure)
You can update multiple devices at one time. See the Updating Devices section in the Network and Security Manager Administration Guide for more information. Table 57: Fate Sharing Fields Option Function Your Action Comment Specifies the comment for the fate Enter a comment. sharing. Copyright © 2010, Juniper Networks, Inc.
Page 120: Configuring Martian Addresses (Nsm Procedure)
To configure a martian address in NSM: In the navigation tree, select Device Manager > Devices In the Devices list, double click the device to select it. Click the tab. Configuration In the configuration tree, expand Routing Options Select Martians Copyright © 2010, Juniper Networks, Inc.
Page 121 2. Select the check box to allow the disallowed address. Selecting the allow option deletes a particular martian address from the range of martian addresses. 3. Clear the check box to disallow the addresses and mark them as a martian address. Copyright © 2010, Juniper Networks, Inc.
Page 122: Configuring Interface Routes (Nsm Procedure)
You can update multiple devices at one time. See the Updating Devices section in the Network and Security Manager Administration Guide for more information. Copyright © 2010, Juniper Networks, Inc.
Page 123: Configuring Instance Export (Nsm Procedure)
Routing Options Select Instance Export and specify the export policies for routes being exported from a routing instance. Click one: OK—To save the changes. Cancel—To cancel the modifications. Apply—To apply the routing option settings. Copyright © 2010, Juniper Networks, Inc.
Page 124: Configuring Instance Import (Nsm Procedure)
You can update multiple devices at one time. See the Updating Devices section in the Network and Security Manager Administration Guide for more information. Copyright © 2010, Juniper Networks, Inc.
Page 125: Services Gateways
Device Manager > Devices list. In the configuration tree, expand Protocols Select Add/Modify the parameters under the respective tabs as specified in Table 60 on page 102. Click one: Copyright © 2010, Juniper Networks, Inc.
Page 127 3. Enter the comment, as number, loop and specify whether it is private. Graceful Restart Enables you to specify the graceful Expand the Protocol tree. restart parameters. 2. Select and select Graceful tab. Restart 3. Specify the graceful restart parameters. Copyright © 2010, Juniper Networks, Inc.
Page 128: Configuring 802.1X Authentication (Nsm Procedure)
802.1X settings. In the Configuration tree, expand Protocols > Dot1x. Select Authenticator > Interface. Click the Add icon. Add/modify member settings for the interface as specified in Table 61 on page 105. Copyright © 2010, Juniper Networks, Inc.
Page 129 Specifies the guest VLAN to move the interface to in case Enter the VLAN name. of an authentication failure. Reauthentication Specifies enabling reauthentication on the selected Select Reauthentication. interface. Select one: none reauthentication no-reauthentication Copyright © 2010, Juniper Networks, Inc.
Page 130: Configuring Static Mac Bypass
In the navigation tree, select Device Manager > Devices. In Device Manager, select the device. In the configuration tree, expand Protocols. Select GVRP. Click the Add icon. Add/modify GVRP settings for the interface as specified in Table 62 on page 107. Copyright © 2010, Juniper Networks, Inc.
Page 131: Configuring Igmp (Nsm Procedure)
In the configuration tree, expand Protocols and select IGMP Add/Modify the parameters as specified in Table 63 on page 108. Click one: OK—To save the changes. Cancel—To cancel the modifications. Apply — To apply the protocol settings. Copyright © 2010, Juniper Networks, Inc.
Page 132 6. You can enable Immediate Leave Promiscuous Mode 7. You can enable accounting on the interface. 8. Select the option Interface > Static to configure the multicast group to be associated with the interface. Copyright © 2010, Juniper Networks, Inc.
Page 133: Configuring Mstp (Nsm Procedure)
Specifies the configuration name. Type a name. Revision Level Specifies the configuration revision level. Select a value. Max Hops Specifies the number of hops in a region Select a value. before the BPDU is discarded. Copyright © 2010, Juniper Networks, Inc.
Page 134 8. Click 9. Specify the Bpdu timeout action Block Alarm Msti Specifies MST instances settings for an Specify the Msti ID. interface or VLAN. 2. Enter a comment. 3. Specify the bridge priority. 4. Click Copyright © 2010, Juniper Networks, Inc.
Page 135: Configuring Ospf (Nsm Procedure)
You can update multiple devices at one time. See Updating Devices for more information. Table 65: OSPF Configuration Fields Option Function Your Action OSPF Copyright © 2010, Juniper Networks, Inc.
Page 136 Specify whether NSSA ABR has to be configured. To enable NSSA ABR, clear the check box. To disable NSSA ABR, select the check the check box. Area Enables you to set up the area details for OSPF. Copyright © 2010, Juniper Networks, Inc.
Page 138: Configuring Rip (Nsm Procedure)
NOTE: After you make changes to a device configuration, you must push that updated device configuration to the physical security device for those changes to take effect. You can update multiple devices at one time. See Updating Devices for more information. Copyright © 2010, Juniper Networks, Inc.
Page 139 Import 2. Specify the import policies. Receive Enables you to configure RIP receive Expand the tree and select options. Receive 2. Specify the receive options. Copyright © 2010, Juniper Networks, Inc.
Page 140: Configuring Vstp (Nsm Procedure)
NOTE: After you make changes to a device configuration, you must push that updated device configuration to the physical security device for those changes to take effect. You can update multiple devices at one time. See Updating Devices for more information. Copyright © 2010, Juniper Networks, Inc.
Page 141 Traceoptions Enables you to configure VSTP level Expand the tree. Protocol tracing options. 2. Select and expand the tree. VSTP 3. Select Traceoptions 4. Set up the file and flag parameters. Copyright © 2010, Juniper Networks, Inc.
Page 142: Configuring Vrrp (Nsm Procedure)
You can update multiple devices at one time. See Updating Devices for more information. Table 68: VRRP Configuration Fields Field Function Your Action VRRP Comment Specifies comment for VRRP. Expand the tree and select Protocol VRRP 2. Enter the comment. Copyright © 2010, Juniper Networks, Inc.
Page 143 Traceoptions Enables you to configure VRRP level Expand the tree. Protocol tracing options. 2. Select and expand the tree. VRRP 3. Select Traceoptions 4. Set up the file and flag parameters. Copyright © 2010, Juniper Networks, Inc.
Page 145: Gateways
Click the Configuration tab. In the configuration tree, select Security > Certificates. Configure the options as specified in Table 69 on page 122. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Apply—Applies the certificates parameters. Copyright © 2010, Juniper Networks, Inc.
Page 146: Configuring Certification Authority (Nsm Procedure)
Specifies the certification authority profile name. Enter the certification authority profile name. Comment Supplies a descriptive comment for the certification Enter a comment. authority. This is optional. Ca Name Specifies the certification authority name. Enter the certification authority name. Copyright © 2010, Juniper Networks, Inc.
Page 147: Configuring The Local Certificate (Nsm Procedure)
Enter a private key for the certificate. Related Configuring the Firewall Authentication (NSM Procedure) on page 124 Documentation Configuring a Flow (NSM Procedure) on page 125 Configuring the Forwarding Options (NSM Procedure) on page 131 Copyright © 2010, Juniper Networks, Inc.
Page 148: Configuring Firewall Authentication (Nsm Procedure)
Extensive Specifies extensive traceoptions information. Select the option. Related Configuring Certificates (NSM Procedure) on page 121 Documentation Configuring a Flow (NSM Procedure) on page 125 Configuring the Forwarding Options (NSM Procedure) on page 131 Copyright © 2010, Juniper Networks, Inc.
Page 149: Configuring A Flow (Nsm Procedure)
To configure a bridge option: In the NSM navigation tree, select Device Manager > Devices. Click the Device Tree tab, and then double-click the device for which you want to configure a bridge option. Copyright © 2010, Juniper Networks, Inc.
Page 150: Configuring The Tcp Mss Option (Nsm Procedure)
Click the Configuration tab. In the configuration tree, select Security > Flow > Tcp Mss. Configure the options as specified in Table 75 on page 127. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Apply—Applies the TCP MSS settings. Copyright © 2010, Juniper Networks, Inc.
Page 151: Configuring The Tcp Session Option (Nsm Procedure)
Click the Device Tree tab, and then double-click the device for which you want to configure the TCP session option. Click the Configuration tab. In the configuration tree, select Security > Flow > Tcp Session. Copyright © 2010, Juniper Networks, Inc.
Page 152: Configuring Traceoptions (Nsm Procedure)
Click the Device Tree tab, and then double-click the device for which you want to configure the traceoptions. Click the Configuration tab. In the configuration tree, select Security > Flow > Traceoptions. Configure the options as specified in Table 77 on page 129. Click one: OK—Saves the changes. Copyright © 2010, Juniper Networks, Inc.
Page 153: Configuring File Options (Nsm Procedure)
Supplies a descriptive comment for the filename. (Optional) Enter a comment. Filename Specifies the filename to write the traceoptions. Enter a filename. Size Specifies the maximum size of the trace file. Enter the maximum file size. Copyright © 2010, Juniper Networks, Inc.
Page 154: Configuring Flag Options (Nsm Procedure)
Click the Device Tree tab, and then double-click the device for which you want to configure the packet filter options. Click the Configuration tab. In the configuration tree, select Security > Flow > Traceoptions > Packet Filter. Copyright © 2010, Juniper Networks, Inc.
Page 155: Configuring Forwarding Options (Nsm Procedure)
Enter a comment in the Forwarding Options workspace that describes the forwarding options. In the configuration tree, select Security > Forwarding Options > Family. Enter a comment in the Family workspace that describes the family. Copyright © 2010, Juniper Networks, Inc.
Page 156: Configuring Ike (Nsm Procedure)
In the NSM navigation tree, select Device Manager > Devices. Click the Device Tree tab, and then double-click the device for which you want to configure IKE options. Click the Configuration tab. In the configuration tree, select Security > Ike. Copyright © 2010, Juniper Networks, Inc.
Page 157: Configuring A Gateway (Nsm Procedure)
Disables the IPsec NAT traversal. Select the No Nat Traversal check box to enable this feature. Nat Keepalive Specifies the time interval to send the Set the time interval. Range: 1 - 300. keepalives. Copyright © 2010, Juniper Networks, Inc.
Page 158 Set the time interval to send the DPD messages. Range: messages. 10 - 60. Threshold Specifies the maximum number of DPD Set the threshold for DPD transmissions. Range: 1 - 5. transmissions. gateway > Local Identity Copyright © 2010, Juniper Networks, Inc.
Page 159: Configuring A Policy (Nsm Procedure)
Add or modify settings as specified in Table 83 on page 135. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Apply—Applies the policy settings. Table 83: Policy Configuration Details Option Function Your Action Policy Copyright © 2010, Juniper Networks, Inc.
Page 160 Enables the ASCII text key. Select the option and enter the ASCII text key. hexadecimal Enables the hexadecimal text key. Select the option and enter the hexadecimal text key. Policy > Proposals Copyright © 2010, Juniper Networks, Inc.
Page 161: Configuring A Respond Bad Spi (Nsm Procedure)
Click the Device Tree tab, and then double-click the device for which you want to configure the traceoptions. Click the Configuration tab. In the configuration tree, select Security > Ike > Traceoptions. Configure the options as specified in Table 85 on page 138. Click one: Copyright © 2010, Juniper Networks, Inc.
Page 162: Configuring The File Options (Nsm Procedure)
Files Specifies the maximum number of trace files. Set the maximum number of trace files. Range: 2 - 1000. None Specifies that neither the world-readable nor the Select the option. no-world-readable option is enabled. Copyright © 2010, Juniper Networks, Inc.
Page 163: Configuring Flag Options (Nsm Procedure)
Configuring a PKI (NSM Procedure) on page 145 Configuring NAT (NSM Procedure) on page 150 Configuring IPsec (NSM Procedure) The Internet Protocol Security (IPsec) feature allows you to configure policy, proposal, traceoptions, VPN, and VPN monitor options. Copyright © 2010, Juniper Networks, Inc.
Page 164: Configuring A Policy (Nsm Procedure)
Apply—Applies the policy settings. Table 88: Policy Configuration Details Option Function Your Action policy Name Specifies the name of the policy. Enter the policy name. Comment Supplies a descriptive comment for the policy. (Optional) Enter a comment. Copyright © 2010, Juniper Networks, Inc.
Page 165: Configuring Traceoptions (Nsm Procedure)
Apply—Applies the traceoptions. Table 89: Traceoptions Configuration Details Option Function Your Action Name Specifies the trace flag name. Select a name from the list. Comment Supplies a descriptive comment for the trace flag. Enter a comment. Copyright © 2010, Juniper Networks, Inc.
Page 166: Configuring A Vpn (Nsm Procedure)
Specifies a descriptive comment for the (Optional) Enter a comment. authentication key. vpn > Manual > manual > Authentication > Key > Ascii Text None Specifies that neither the ascii-text nor the Select the option. hexadecimal key is enabled. Copyright © 2010, Juniper Networks, Inc.
Page 167 Set the duration of the installation. Range: 1 on the initiator. - 10. vpn > Manual > ike > Proxy identity Enable Feature Enables the proxy identity feature. Select the Enable Feature check box to enable this feature. Copyright © 2010, Juniper Networks, Inc.
Page 168: Configuring Vpn Monitor Options (Nsm Procedure)
Select the Enable Feature check box from the Vpn Monitor Options workspace. Add or modify settings as specified in Table 91 on page 145. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Apply—Applies the VPN monitor options. Copyright © 2010, Juniper Networks, Inc.
Page 169: Configuring A Pki (Nsm Procedure)
Apply—Applies the PKI parameters. You can now configure the following options: Configuring Auto Re-enrollment (NSM Procedure) on page 146 Configuring a CA Profile (NSM Procedure) on page 146 Configuring Traceoptions (NSM Procedure) on page 148 Copyright © 2010, Juniper Networks, Inc.
Page 170: Configuring Auto Re-Enrollment (Nsm Procedure)
Generates a new key pair for an auto re-enrollment. Select the Re Generate Keypair check box to enable this feature. Configuring a CA Profile (NSM Procedure) The CA Profile feature allows you to configure the administrator, enrollment and revocation list. Copyright © 2010, Juniper Networks, Inc.
Page 171 Set the permissible retry attempts. Range: enrollment retry attempts before terminating. 0 - 1080. Retry Interval Specifies the amount of time between enrollment Set the enrollment retry interval. Range: 0 - retries. 3600. ca-profile > Revocation Check Copyright © 2010, Juniper Networks, Inc.
Page 172: Configuring Traceoptions (Nsm Procedure)
Click the Configuration tab. In the configuration tree, select Security > Pki > Traceoptions. Configure the options as specified in Table 94 on page 149. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 173: Configuring The File Options (Nsm Procedure)
Set the maximum number of trace files. Range: 2 through 1000. None Specifies that neither the world-readable nor the Select the option. no-world-readable option is enabled. world-readable Allows any user to read the log file. (Optional) Select the option. Copyright © 2010, Juniper Networks, Inc.
Page 174: Configuring Flag Options (Nsm Procedure)
Configuring IKE (NSM Procedure) on page 132 Configuring NAT (NSM Procedure) on page 150 Configuring NAT (NSM Procedure) The Network Address Translation (NAT) feature allows you to configure destination, source NAT, destination NAT, interface, proxy ARP, source, static, and traceoptions. Copyright © 2010, Juniper Networks, Inc.
Page 175: Configuring A Destination (Nsm Procedure)
OK—Saves the changes. Cancel—Cancels the modifications. Apply—Applies the destination parameters. Table 97: Traceoptions Configuration Details Option Function Your Action Destination > General Comment Supplies a descriptive comment for the destination. (Optional) Enter a comment. Copyright © 2010, Juniper Networks, Inc.
Page 176: Configuring The Destination Nat (Nsm Procedure)
Click the Device Tree tab, and then double-click the device for which you want to configure the destination NAT. Click the Configuration tab. In the configuration tree, select Security > Nat > Destination Nat. Copyright © 2010, Juniper Networks, Inc.
Page 177: Configuring The Interface (Nsm Procedure)
Click the Configuration tab. In the configuration tree, select Security > Nat > Interface. Add or modify the interface settings as specified in Table 99 on page 154. Click one: OK—Saves the changes. Copyright © 2010, Juniper Networks, Inc.
Page 178 Specifies the lower limit of the host address. Enter the lower limit of the host address. No Port Translation Specifies that the port translation is not performed. Select the No Port Translation check box to enable this feature. Copyright © 2010, Juniper Networks, Inc.
Page 179 Supplies a descriptive comment for the static NAT. (Optional) Enter a comment. Host Specifies the host address. Enter the host address. Virtual Router Specifies the virtual router to search route to host Select the virtual router from the list. address. Copyright © 2010, Juniper Networks, Inc.
Page 180: Configuring A Proxy Address Resolution Protocol (Nsm Procedure)
Comment Supplies a descriptive comment for the upper limit (Optional) Enter a comment. of the address range. Ipaddr Specifies the upper limit of the address range. Enter the upper limit of the address range. Copyright © 2010, Juniper Networks, Inc.
Page 181: Configuring A Source (Nsm Procedure)
Disable Disables the source NAT port randomization. Select the Disable check box to enable this feature. General > Interface Comment Supplies a descriptive comment for the port (Optional) Enter a comment. overloading interface. Copyright © 2010, Juniper Networks, Inc.
Page 182 Pool > Port Translation > No Translation > General No Translation Specifies that the port translation is not enabled. Select the No Translation check box to enable this feature. Pool > Port Translation > No Translation > Translation Copyright © 2010, Juniper Networks, Inc.
Page 183: Configuring Traceoptions (Nsm Procedure)
Click the Configuration tab. In the configuration tree, select Security > Nat > Traceoptions. Configure the options as specified in Table 102 on page 160. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Apply—Applies the traceoptions settings. Copyright © 2010, Juniper Networks, Inc.
Page 184: Configuring The File Options (Nsm Procedure)
Specifies that neither the world-readable nor the Select the option. no-world-readable option is enabled. world-readable Allows any user to read the log file. (Optional) Select the option. no-world-readable Prevents any user from reading the log file. (Optional) Select the option. Copyright © 2010, Juniper Networks, Inc.
Page 185: Configuring Flag Options (Nsm Procedure)
Select the Syslog check box to enable this to the system log. feature. Related Configuring IKE (NSM Procedure) on page 132 Documentation Configuring an IPsec (NSM Procedure) on page 139 Configuring a PKI (NSM Procedure) on page 145 Copyright © 2010, Juniper Networks, Inc.
Page 187: Configuring Services For J Series Services Routers And Srx Series Services
Cancel — Cancels the modifications. Apply—Applies the captive portal parameters. Table 105: Captive Portal Configuration Details Option Function Your Action Comment Supplies a descriptive comment for the captive portal. Enter a comment. This is optional. Copyright © 2010, Juniper Networks, Inc.
Page 188: Configuring Custom Options (Nsm Procedure)
Specifies the path for the header logo. Enter the path with a file type of JPG, JPEG, GIF, or PNG. Header Bgcolor Specifies the header background color. Enter the header color. Header Message Specifies the header message. Enter a message. Copyright © 2010, Juniper Networks, Inc.
Page 189: Configuring The Interface (Nsm Procedure)
Specifies the supplicant mode for this interface. Select a supplicant from the list. Retries Specifies the number of retries after which the port Set the number of retries. Range: 1 through enters a wait state. Copyright © 2010, Juniper Networks, Inc.
Page 190: Configuring Traceoptions (Nsm Procedure)
Click the Configuration tab. In the configuration tree, select Services > Captive Portal > Traceoptions > File. Configure the file options as specified in Table 108 on page 167. Click one: Copyright © 2010, Juniper Networks, Inc.
Page 191: Configuring Flag Options (Nsm Procedure)
Click the Configuration tab. In the configuration tree, select Services > Captive Portal > Traceoptions > Flag. Configure the flag options as specified in Table 109 on page 168. Click one: OK — Saves the changes. Cancel — Cancels the modifications. Apply—Applies the flag settings. Copyright © 2010, Juniper Networks, Inc.
Page 192: Configuring Mobile Ip (Nsm Procedure)
Configuring the Home Agent (NSM Procedure) on page 171 Configuring the Peer (NSM Procedure) on page 173 Configuring Traceoptions (NSM Procedure) on page 176 Configuring Access Type (NSM Procedure) This section provides information on configuring access type for Mobile IP. Copyright © 2010, Juniper Networks, Inc.
Page 193: Configuring The Authenticate Mechanism (Nsm Procedure)
Click the Configuration tab. In the configuration tree, select Services > Mobile Ip > Authenticate. Configure the authenticate options as specified in Table 111 on page 170. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 194: Configuring Dynamic Home Assignment (Nsm Procedure)
Option Function Your Action Name Specifies a name for the network address identifiers Enter a name in the following format: (NAI). @domain.com user@domain.com Comment Supplies a descriptive comment for the NAI. Enter a comment. Copyright © 2010, Juniper Networks, Inc.
Page 195: Configuring The Home Agent (Nsm Procedure)
Click the Configuration tab. In the configuration tree, select Services > Mobile Ip > Home Agent > Enable Service. Add or modify settings as specified in Table 113 on page 172. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 196: Configuring Pool Match Order (Nsm Procedure)
Click the Configuration tab. In the configuration tree, select Services > Mobile Ip > Home Agent > Virtual Network . Enter a comment in the Virtual Network workspace that describes the virtual network. Copyright © 2010, Juniper Networks, Inc.
Page 197: Configuring The Peer (Nsm Procedure)
Click the Configuration tab. In the configuration tree, select Services > Mobile Ip > Peer. Enter a comment in the Peer workspace that describes the peer. Add or modify the settings as specified in Table 116 on page 174. Click one: OK—Saves the changes. Copyright © 2010, Juniper Networks, Inc.
Page 198 Comment Specifies the comment for the key. Enter a comment. Peer > Ip Address > Spi > Key > Hex None Specifies that neither the HEX or ASCII key is Select the option. enabled. Copyright © 2010, Juniper Networks, Inc.
Page 199 Specifies the comment for the algorithm. Enter a comment. none Specifies that neither the hmac-md5 or md5 option Select the option. is specified for the algorithm. hmac-md5 Specifies hash algorithm that authenticates packet Select the option. data. Copyright © 2010, Juniper Networks, Inc.
Page 200: Configuring Traceoptions (Nsm Procedure)
Range: 1 through 255. none (configuration) Specifies that the configuration option is not Select the option. selected. Configuring Traceoptions (NSM Procedure) The traceoptions feature allows you to configure file and flag options. Copyright © 2010, Juniper Networks, Inc.
Page 201: Configuring File (Nsm Procedure)
Click the Configuration tab. In the configuration tree, select Services > Mobile Ip > Traceoptions > File. Configure the file options as specified in Table 118 on page 178. Click one: OK — Saves the changes. Cancel — Cancels the modifications. Apply—Applies the file options. Copyright © 2010, Juniper Networks, Inc.
Page 202: Configuring Flag (Nsm Procedure)
Apply—Applies the flag options. Table 119: Flag Configuration Details Option Function Your Action Name Specifies the flag name. Select a name from the drop-down list. Comment Specifies the comment for the flag. Enter a comment. Copyright © 2010, Juniper Networks, Inc.
Page 203: Configuring Rpm (Nsm Procedure)
In the NSM navigation tree, select Device Manager > Devices. Click the Device Tree tab, and then double-click the device for which you want to configure the BGP feature. Click the Configuration tab. In the configuration tree, select Services > Rpm > Bgp. Copyright © 2010, Juniper Networks, Inc.
Page 204: Configuring Routing Instances (Nsm Procedure)
Click the Device Tree tab, and then double-click the device for which you want to configure the BGP routing instances options. Click the Configuration tab. In the configuration tree, select Services > Rpm > Bgp > Routing Instances. Copyright © 2010, Juniper Networks, Inc.
Page 205: Configuring Probe (Nsm Procedure)
> test Name Specifies the name of the test. Enter a name. Comment Specifies a comment for the test. Enter a comment. Probe Type Specifies the probe request type. Select the probe request type. Copyright © 2010, Juniper Networks, Inc.
Page 206 One Way Hardware Enables hardware timestamps for one-way Select the check box. Timestamp measurements. probe > test > Target Comment Specifies a comment for the target. Enter a comment. probe > test > Target > Address Copyright © 2010, Juniper Networks, Inc.
Page 207 Enter the value or select it from the list. test. Range: 0 through 60000000. Std Dev Ingress Specifies maximum destination-to-source standard Enter the value or select it from the list. deviation per test. Range: 0 through 60000000. Copyright © 2010, Juniper Networks, Inc.
Page 208: Configuring Probe Server (Nsm Procedure)
Enter a comment. Port Specifies the TCP port number. Set the port number. Range: 0 through 65535. Destination Interface Specifies the name of the output interface for Enter the name of the destination interface. probes. Copyright © 2010, Juniper Networks, Inc.
Page 209: Configuring Service Interface Pools (Nsm Procedure)
Specifies the comment for the service interface pool. Enter a comment. pool > Interface Name Specifies the services interface name. Enter a name. Comment Specifies the comment for the services interface. Enter a comment. Copyright © 2010, Juniper Networks, Inc.
Page 210: Configuring Unified Access Control (Nsm Procedure)
Test Only Mode Allows all traffic and log enforcement result. Select the check box. UAC includes configuring the following topics: Configuring Infranet Controller (NSM Procedure) on page 187 Configuring Traceoptions (NSM Procedure) on page 187 Copyright © 2010, Juniper Networks, Inc.
Page 211: Configuring Infranet Controller (Nsm Procedure)
Specifies the certification authority profile. Select the required profile from the Non-members list and click Add to move the profiles to the Members list. Configuring Traceoptions (NSM Procedure) This section describes how to configure traceoptions for UAC. Copyright © 2010, Juniper Networks, Inc.
Page 212 Click one: OK—Saves the changes. Cancel—Cancels the modifications. Table 128: Traceoptions Configuration Details Option Function Your Action Name Specifies the flag name. Select a name. Comment Specifies the comment for the flag. Enter a comment. Copyright © 2010, Juniper Networks, Inc.
Page 213: Gateways
Configuring the Registrar Address for SRX Series Integrated Convergence Services (NSM Procedure) on page 207 Configuring Call Park for SRX Series Integrated Convergence Services (NSM Procedure) on page 208 Configuring Hunt Groups for SRX Series Integrated Convergence Services (NSM Procedure) on page 209 Copyright © 2010, Juniper Networks, Inc.
Page 214: Configuring The Media Gateway Peer Call Server For Srx Series Integrated Convergence Services (Nsm Procedure)
Auth Password Specifies the authentication Enter the authentication password used by the SRX password. Series MGW to authenticate itself to the peer call server, if the peer call server challenges it to do so. Copyright © 2010, Juniper Networks, Inc.
Page 215 Convergence Services (NSM Procedure) on page 193 Configuring Media Gateway SIP Stations and Templates for SRX Series Integrated Convergence Services (NSM Procedure) on page 195 Configuring the SRX Series Survivable Call Service (NSM Procedure) on page 204 Copyright © 2010, Juniper Networks, Inc.
Page 216: Disabling Media Gateway Registration To The Peer Call Server For Srx Series Integrated Convergence Services (Nsm Procedure)
WARNING: Disabling registration to a peer call server does not disable registration of a foreign exchange station (FXS) on the Integrated Convergence Services device to the SRX Series MGW. FXS registration remains a requirement. Copyright © 2010, Juniper Networks, Inc.
Page 217: Configuring Media Gateway Analog Stations And Templates For Srx Series Integrated Convergence Services (Nsm Procedure)
Specifies the types of calls Select the class of restriction that can be made from the policy. station, for example, local calls and long-distance calls. By default, intrabranch and emergency calls are always allowed. Copyright © 2010, Juniper Networks, Inc.
Page 218 To disable VAD, select disable. speech in an audio signal and sends only audio packets. VAD You can disable VAD in a can reduce bandwidth and template and apply the computational costs. template to a station. Copyright © 2010, Juniper Networks, Inc.
Page 219: Configuring Media Gateway Sip Stations And Templates For Srx Series Integrated Convergence Services (Nsm Procedure)
Add or modify settings as specified in Table 132 on page 195. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Table 132: SIP Station Configuration Details Option Function Your Action Station > station Name Specifies the station name. Enter the station name. Copyright © 2010, Juniper Networks, Inc.
Page 220 Select the SIP template to be be used. used. Station Template > Sip Template Name Specifies the template name. Enter the template name. Dtmf Method Specifies the dual-tone Select the DTMF method. multifrequency (DTMF) signaling method. Copyright © 2010, Juniper Networks, Inc.
Page 221: Configuring The Srx Series Integrated Convergence Services Media Gateway
SRX240 device. It includes media gateway (SRX Series MGW) and survivable call server (SRX Series SCS) components. The SRX Series MGW functionality is used predominantly when the peer call server is available to provide call services and call Copyright © 2010, Juniper Networks, Inc.
Page 222 Convergence Services (NSM Procedure) on page 202 Configuring the Media Gateway Peer Call Server for SRX Series Integrated Convergence Services (NSM Procedure) on page 190 Configuring the SRX Series Survivable Call Service (NSM Procedure) on page 204 Copyright © 2010, Juniper Networks, Inc.
Page 223: (Nsm Procedure)
Specifies the policy name. Enter a name for the COR policy. Comment Specifies a comment describes Enter an appropriate comment. the policy. Permission Specifies the permission for the Select a permission from the drop-down list. policy. Copyright © 2010, Juniper Networks, Inc.
Page 224: Configuring Trunks For Srx Series Integrated Convergence Services
OK—Saves the changes. Cancel—Cancels the modifications. Table 135: Trunk Configuration Details Option Function Your Action trunk Name Specifies the trunk name. Enter the trunk name. Comment Specifies the comment for Enter a comment. trunk. Copyright © 2010, Juniper Networks, Inc.
Page 225: Procedure)
In the NSM navigation tree, select Device Manager > Devices. Click the Device Tree tab, and then double-click the SRX Series Integrated Convergence Services device for which you want to configure a trunk group. Copyright © 2010, Juniper Networks, Inc.
Page 226: Configuring A Media Gateway Dial Plan Using Route Patterns For Srx Series Integrated Convergence Services (Nsm Procedure)
You configure a dial plan to implement digit patterns for the types of calls that the enterprise supports—emergency, internal, local, long-distance, international, and custom—so that the system can recognize the digits of a called number that correspond to a pattern and act on it to route the call. Copyright © 2010, Juniper Networks, Inc.
Page 227 Configuring Trunks for SRX Series Integrated Convergence Services (NSM Procedure) Documentation on page 200 Configuring Trunk Groups for SRX Series Integrated Convergence Services (NSM Procedure) on page 201 Configuring the SRX Series Integrated Convergence Services Media Gateway (NSM Procedure) on page 197 Copyright © 2010, Juniper Networks, Inc.
Page 228: Configuring The Srx Series Survivable Call Service (Nsm Procedure)
SRX Series SCS timeout. accepts registrations from SIP Range: 30 to 86,400 seconds. stations and redirects any call Default: 60 seconds. requests to the peer call server after the peer call server has regained control. Copyright © 2010, Juniper Networks, Inc.
Page 229 Minimum Specifies the minimum Enter the minimum percent. percent of times the peer call Range: 10 to 100 percent. server must respond to Default: 75 percent. timeout messages during the watch period. Service Point Copyright © 2010, Juniper Networks, Inc.
Page 230: Configuring A Digit Transform Rule For The Srx Series Survivable Call Service (Nsm Procedure)
Services > Digit Manipulation > Digit Transform. Add or modify settings as specified in Table 139 on page 206. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Table 139: Digit Transform Rule Configuration Details Option Function Your Action survivable-call-service Copyright © 2010, Juniper Networks, Inc.
Page 231: Configuring The Registrar Address For Srx Series Integrated Convergence Services (Nsm Procedure)
Services> Peer Call Server. Click the plus sign (+). The New peer-call-server window opens. Select Registrar Address. Add or modify settings as specified in Table 140 on page 208. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 232: Configuring Call Park For Srx Series Integrated Convergence Services
Click the Configuration tab. In the configuration tree, select Services > Convergence Services > Features. Select the Enable Feature check box. In the configuration tree, select Features > Call Park. Select the Enable Feature check box. Copyright © 2010, Juniper Networks, Inc.
Page 233: Procedure)
Click the Device Tree tab, and then double-click the SRX Series Integrated Convergence Services device for which you want to configure hunt groups. Click the Configuration tab. In the configuration tree, select Services > Convergence Services > Features. Copyright © 2010, Juniper Networks, Inc.
Page 234: Configuring Pickup Groups For Srx Series Integrated Convergence Services (Nsm Procedure)
Members can belong concurrently to more than one pickup group. Stations that belong to a pickup group must be of the same type. For example, an SIP phone and an analog phone cannot belong to the same pickup group. Copyright © 2010, Juniper Networks, Inc.
Page 235: Configuring Ring Groups For Srx Series Integrated Convergence Services
Before you can configure a ring group, you must configure a station for each member of the group. You can create more than one ring group, but you must use a unique logical extension for each one. Copyright © 2010, Juniper Networks, Inc.
Page 236 Configuring Call Park for SRX Series Integrated Convergence Services (NSM Procedure) Documentation on page 208 Configuring Hunt Groups for SRX Series Integrated Convergence Services (NSM Procedure) on page 209 Configuring Pickup Groups for SRX Series Integrated Convergence Services (NSM Procedure) on page 210 Copyright © 2010, Juniper Networks, Inc.
Page 237: Configuring Snmp For Network Management In J Series Services Routers And Srx Series Services Gateways
Click the Device Tree tab and then double-click the device for which you want to configure basic system identification information. Click the Configuration tab. In the configuration tree, select Snmp. Add or modify basic system identification information as specified in Table 145 on page 214. Click one: Copyright © 2010, Juniper Networks, Inc.
Page 238: Configuring Snmp Communities (Nsm Procedure)
In the navigation tree, select Device Manager > Devices In the Devices list, double-click the device to select it. Click the tab. Configuration In the configuration tree, expand SNMP Select Community Click the Edit icon. Copyright © 2010, Juniper Networks, Inc.
Page 239 You must configure a view to enable Set requests. Client List Name Specifies a client list or prefix list to be Expand the Community tree and assigned to an SNMP community. select Client List Name 2. Select a name. Copyright © 2010, Juniper Networks, Inc.
Page 240: Configuring Snmp Trap Groups (Nsm Procedure)
In the navigation tree, select Device Manager > Devices. In the Devices list, double-click the device to select it. Click the Configuration tab. In the configuration tree, expand SNMP. Select Trap Group. Select the Enable Feature check box. Copyright © 2010, Juniper Networks, Inc.
Page 241 (do not enter hostnames). Related Configuring Basic System Identification for SNMP (NSM Procedure) on page 213 Documentation Configuring SNMP Communities (NSM Procedure) on page 214 Configuring SNMP Views (NSM Procedure) on page 218 Copyright © 2010, Juniper Networks, Inc.
Page 242: Configuring Snmp Views (Nsm Procedure)
2. Click the New button or select an OID and click the Edit button. Name Specifies the MIB for the view. Enter the OID of the MIB in either dotted-integer format or subtree-name format. Copyright © 2010, Juniper Networks, Inc.
Page 243: Configuring Client Lists (Nsm Procedure)
Select Client List. Click the Add or Edit icon. Enter the parameters as specified in Table 149 on page 220. Click one: OK—To save the changes. Cancel—To cancel the modifications. Apply—To apply the SNMP settings. Copyright © 2010, Juniper Networks, Inc.
Page 244 SNMP client list access to the device. If you leave the Restrict check box cleared by default, access is permitted for this particular client list. Related Configuring SNMP Communities (NSM Procedure) on page 214 Documentation Copyright © 2010, Juniper Networks, Inc.
Page 245: Configuring The Snmp Local Engine Id (Nsm Procedure)
Devices section in the Network and Security Manager Administration Guide for more information. Table 150: Configuring Engine Id Fields Option Function Your Action Comment Specifies the comment Enter a comment. for the engine ID. Copyright © 2010, Juniper Networks, Inc.
Page 246: Configuring Snmp Health Monitoring (Nsm Procedure)
Select Health Monitor. Select the Enable Feature check box. Enter the parameters as specified in Table 151 on page 223. Click one: OK—To save the changes. Cancel—To cancel the modifications. Apply—To apply the SNMP settings. Copyright © 2010, Juniper Networks, Inc.
Page 247 After a falling event is generated, another falling event is not generated until the sampled value rises above this threshold and reaches the rising threshold. Copyright © 2010, Juniper Networks, Inc.
Page 248: Configuring The Interfaces On Which Snmp Requests Can Be Accepted
You can update multiple devices at one time. See the Updating Devices section in the Network and Security Manager Administration Guide for more information. Copyright © 2010, Juniper Networks, Inc.
Page 249: Configuring The Snmp Commit Delay Timer (Nsm Procedure)
You can update multiple devices at one time. See the Updating Devices section in the Network and Security Manager Administration Guide for more information. Copyright © 2010, Juniper Networks, Inc.
Page 250: Configuring Snmp Rmon Alarms And Events (Nsm Procedure)
You can update multiple devices at one time. See the Updating Devices section in the Network and Security Manager Administration Guide for more information. Copyright © 2010, Juniper Networks, Inc.
Page 251 Chapter 15: Configuring SNMP for Network Management in J Series Services Routers and SRX Series Services Gateways Table 154: Configuring Rmon Fields Option Function Your Action Comment Specifies the comment Enter the comment. for the RMON configuration. Copyright © 2010, Juniper Networks, Inc.
Page 253 65,535. The default is 0. Syslog Subtag—Specify the tag to be added to the system log message. You can specify a string of not more than 80 uppercase characters as the system log tag. Copyright © 2010, Juniper Networks, Inc.
Page 254: Enabling Snmp Access Over Routing Instances (Nsm Procedure)
To configure access lists for SNMP access over routing instances in NSM: In the navigation tree, select Device Manager > Devices. In the Devices list, double-click the device to select it. Click the Configuration tab. In the configuration tree, expand SNMP. Copyright © 2010, Juniper Networks, Inc.
Page 255 Restrict—Select this check box to deny the specified SNMP client list access to the routing instance. If you leave the Restrict check box cleared by default, access is permitted for this particular list. Related Configuring SNMP Communities (NSM Procedure) on page 214 Documentation Copyright © 2010, Juniper Networks, Inc.
Page 256: Configuring Tracing Of Snmp Activity (Nsm Procedure)
You can update multiple devices at one time. See the Updating Devices section in the Network and Security Manager Administration Guide for more information. Copyright © 2010, Juniper Networks, Inc.
Page 258: Configuring Snmp Trap Options (Nsm Procedure)
Click the Configuration tab. In the configuration tree, expand SNMP. Select Trap Options. Select the Enable Feature check box. Enter the parameters as specified in Table 157 on page 235. Click one: OK—To save the changes. Copyright © 2010, Juniper Networks, Inc.
Page 259 3. Configure the following to create and define a routing instance instances. entry: Name—Specify the name of the routing instance. Comment—Enter a comment for the routing instance. Copyright © 2010, Juniper Networks, Inc.
Page 260: Configuring Snmpv3 (Nsm Procedure)
In the configuration tree, expand SNMP. Select V3. Enter the parameters as specified in Table 158 on page 237. Click one: OK—To save the changes. Cancel—To cancel the modifications. Apply—To apply the SNMP settings. Copyright © 2010, Juniper Networks, Inc.
Page 261 Specify the OID using either a sequence of dotted integers or a subtree name. None include—Include the subtree of MIB objects represented by the specified OID. exclude—Exclude the subtree of MIB objects represented by the specified OID. Copyright © 2010, Juniper Networks, Inc.
Page 262 Logical System—On routers only, specify the logical system group for this SNMPv3 target address. Target Parameters—Specify the message processing and security parameters to be used in sending notifications to a particular management target. Copyright © 2010, Juniper Networks, Inc.
Page 263 Security Name—The user name (if USM is used) or the SNMP community name (if SNMPv1 or SNMPv2c security models are used) when generating the notification. Copyright © 2010, Juniper Networks, Inc.
Page 264 Configure the plain-text password used to generate the key used for encryption meeting these requirements on a device: The password must be at least eight characters long. The password can include alphabetic, numeric, and special characters, but not control characters. Copyright © 2010, Juniper Networks, Inc.
Page 265 Specify this group’s security model: usm —SNMPv3 security model. v1—SNMPv1 message process model v2c—SNMPv2c message process model. Related Configuring SNMP Trap Groups (NSM Procedure) on page 216 Documentation Copyright © 2010, Juniper Networks, Inc.
Page 267: Gateways
Configuring RADIUS Server (NSM Procedure) on page 270 Configuring Root Authentication (NSM Procedure) on page 271 Configuring Static Host Mapping (NSM Procedure) on page 272 Configuring TACACS+ Options (NSM Procedure) on page 273 Configuring TACACS+ Server (NSM Procedure) on page 274 Copyright © 2010, Juniper Networks, Inc.
Page 268: Configuring Accounting (Nsm Procedure)
Enter a comment in the Destination workspace that describes the destination. Add or modify settings as specified in Table 159 on page 245. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Apply—Applies the destination settings. Copyright © 2010, Juniper Networks, Inc.
Page 269 Specifies the TACACS+ authentication server port Set the TACACS+ authentication server port number. number. Range: 1 - 65535. Secret Specifies the shared secret with the authentication Enter the password for the secret with the server. authentication server. Copyright © 2010, Juniper Networks, Inc.
Page 270: Configuring Events
Click the Configuration tab. In the configuration tree, select System > Accounting > Traceoptions. Enter a comment for the traceoptions. Select the No Remote Trace check box to enable remote tracing. Add or modify settings as specified in Table 160 on page 247. Click one: Copyright © 2010, Juniper Networks, Inc.
Page 271: Configuring Archival (Nsm Procedure)
Click the Device Tree tab, and then double-click the device for which you want to configure the archival feature. Click the Configuration tab. In the configuration tree, select System > Archival. Enter a comment in the Archival workspace that describes the archival feature. Copyright © 2010, Juniper Networks, Inc.
Page 272: Configuring Arp (Nsm Procedure)
Click the Device Tree tab, and then double-click the device for which you want to configure the ARP. Click the Configuration tab. In the configuration tree, select System > Arp. Select Enable Feature to enable this feature. Copyright © 2010, Juniper Networks, Inc.
Page 273 Specifies the change in the ARP aging time value. Set the aging timer value. Range: 1 - 240. Related Configuring Archival (NSM Procedure) on page 247 Documentation Configuring Accounting (NSM Procedure) on page 244 Configuring Auto Configuration (NSM Procedure) on page 250 Copyright © 2010, Juniper Networks, Inc.
Page 274: Configuring Authentication Order (Nsm Procedure)
Click the Configuration tab. In the configuration tree, select System > Auto Configuration. Select Enable Feature check box to enable this feature. Enter a comment in the Auto Configuration workspace that describes the auto configuration. Copyright © 2010, Juniper Networks, Inc.
Page 275 System > Auto Configuration > Traceoptions > Flag Name Specifies the trace flag name. Enter a trace flag name. Comment Supplies a descriptive comment for the trace flag. (Optional) Enter a comment. Related Configuring ARP (NSM Procedure) on page 248 Documentation Copyright © 2010, Juniper Networks, Inc.
Page 276: Configuring A Backup Router (Nsm Procedure)
Configuring a Commit (NSM Procedure) on page 252 Configuring a Commit (NSM Procedure) You can configure a commit to automatically result in a commit and synchronize the actions between dual routing engines within the same chassis. Copyright © 2010, Juniper Networks, Inc.
Page 277: Configuring Diag Port Authentication (Nsm Procedure)
Click one: OK—Saves the changes. Cancel—Cancels the modifications. Apply—Applies the diag port authentication settings. Related Configuring a Domain Search (NSM Procedure) on page 254 Documentation Configuring a Backup Router (NSM Procedure) on page 252 Copyright © 2010, Juniper Networks, Inc.
Page 278: Configuring A Domain Search (Nsm Procedure)
Click the Configuration tab. In the configuration tree, select System > Extensions. Select Enable Feature check box to enable this feature. Enter a comment for the extensions feature. Click one: Copyright © 2010, Juniper Networks, Inc.
Page 279: Configuring Providers
Click the Configuration tab. In the configuration tree, select System > Extensions > Resource Limits. Enter a comment for the resource limits. Add or modify settings as specified in Table 165 on page 256. Click one: Copyright © 2010, Juniper Networks, Inc.
Page 280 Specifies the maximum size of a core file that can be Enter the core file size. created. package/process > Resources > Memory Comment Supplies a descriptive comment for the memory. (Optional) Enter a comment. Copyright © 2010, Juniper Networks, Inc.
Page 281: Configuring An Inet6 Backup Router (Nsm Procedure)
Click the Configuration tab. In the configuration tree, select System > Inet6 Backup Router. Add or modify the settings as described in Table 166 on page 258. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Apply—Applies the Inet6 backup router settings. Copyright © 2010, Juniper Networks, Inc.
Page 282: Configuring Internet Options (Nsm Procedure)
OK—Saves the changes. Cancel—Cancels the modifications. Apply—Applies the internet options configuration settings. Table 167: Internet Options Configuration Details Option Function Your Action Comment Supplies a descriptive comment for the (Optional) Enter a comment. internet option. Copyright © 2010, Juniper Networks, Inc.
Page 283 OS to disable RFC 1323 TCP extensions. No Tcp Rfc1323 Paws Specifies that you can configure the Junos Select No Tcp Rfc1323 Paws to enable this OS to disable the RFC 1323 Protection feature. Against Wrapped Sequence (PAWS) number extension. Copyright © 2010, Juniper Networks, Inc.
Page 284 Supplies a descriptive comment for the (Optional) Enter a comment. source port. Upper Limit Specifies the upper limit of the source port Set the upper limit value. Range: 5000 - 65535. selection range. Default value is none. Copyright © 2010, Juniper Networks, Inc.
Page 285: Configuring Location (Nsm Procedure)
Enter a long distance service area of the location. Vcoord Specifies the Bellcore vertical coordinate information. Enter a Bellcore vertical coordinate value. Hcoord Specifies the Bellcore horizontal coordinate Enter a Bellcore horizontal coordinate value. information. Copyright © 2010, Juniper Networks, Inc.
Page 286: Configuring Login (Nsm Procedure)
Enter an announcement in the Login workspace that describes the system announcement message. Enter a message in the Login workspace that describes the system login message. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 287: Configuring Class
Specifies that you can execute this login script while Enter a login script. logging in. Login Tip Specifies the display login tip when logging in. Enable the Login Tip check box to enable this feature. Copyright © 2010, Juniper Networks, Inc.
Page 288: Configuring Password
OK—Saves the changes. Cancel—Cancels the modifications. Apply—Applies the password settings. Table 170: Password Configuration Details Option Function Your Action System > Login > Password Comment Supplies a descriptive comment for the password. (Optional) Enter a comment. Copyright © 2010, Juniper Networks, Inc.
Page 289: Configuring Retry Options
Set the maximum number of times a Disconnect to attempt to enter a password to log in through SSH or user is allowed to attempt to enter a Telnet. password. Range: 1 - 10. Copyright © 2010, Juniper Networks, Inc.
Page 290: Configuring User
Supplies a descriptive comment for the user. (Optional) Enter a comment. Full Name Specifies the complete name of the user. Enter the complete name. Specifies the user identifier for a login account. Set the user identifier. Range: 100 - 64000. Copyright © 2010, Juniper Networks, Inc.
Page 291: Configuring A Name Server (Nsm Procedure)
Enter a DNS name server address in the name-server workspace. Enter a comment for the DNS name server in the name-server workspace. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Apply—Applies the name server settings. Copyright © 2010, Juniper Networks, Inc.
Page 292: Configuring Pic Console Authentication (Nsm Procedure)
Click the Configuration tab. In the configuration tree, select System > Ports. Enter a comment in the Ports workspace that describes the ports. Add or modify the settings as specified in Table 173 on page 269. Click one: Copyright © 2010, Juniper Networks, Inc.
Page 293: Configuring Radius Options (Nsm Procedure)
Click the Device Tree tab. Then double-click the device for which you want to configure radius options. Click the Configuration tab. In the configuration tree, select System > Radius Options. Enter a comment in the Radius Options workspace that describes the RADIUS options. Copyright © 2010, Juniper Networks, Inc.
Page 294: Configuring Radius Server (Nsm Procedure)
Click the Configuration tab. In the configuration tree, select System > Radius Server. Add or modify settings as specified in the Table 175 on page 271. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Apply—Applies the RADIUS server settings. Copyright © 2010, Juniper Networks, Inc.
Page 295: Configuring Root Authentication (Nsm Procedure)
Click the Configuration tab. In the configuration tree, select System > Root Authentication. Enter a plaintext password in the Plain text Password Value. NOTE: You can specify only one plain text password. Copyright © 2010, Juniper Networks, Inc.
Page 296: Configuring Static Host Mapping (Nsm Procedure)
Click the plus sign (+) to add static host mapping. Add or modify settings as specified in the Table 177 on page 273. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Apply—Applies the static host mapping settings. Copyright © 2010, Juniper Networks, Inc.
Page 297: Configuring Tacacs+ Options (Nsm Procedure)
OK—Saves the changes. Cancel—Cancels the modifications. Apply—Applies the TACACS+ options settings. Table 178: TACACS+ Options Configuration Details Option Function Your Action Comment Supplies a descriptive comment for the TACACS+ option. (Optional) Enter a comment. Copyright © 2010, Juniper Networks, Inc.
Page 298: Configuring Tacacs+ Server (Nsm Procedure)
Table 179: TACACS+ Server Configuration Details Option Function Your Action Name Specifies the TACACS+ authentication server address. Enter the TACACS+ authentication server address name. Comment Supplies a descriptive comment of the TACACS+ server. (Optional) Enter a comment. Copyright © 2010, Juniper Networks, Inc.
Page 299 Specifies the source address for the TACACS+ server. Enter the source address name. Related Configuring TACACS+ Options (NSM Procedure) on page 273 Documentation Configuring RADIUS Server (NSM Procedure) on page 270 Configuring Static Host Mapping (NSM Procedure) on page 272 Copyright © 2010, Juniper Networks, Inc.
Page 301: Configuring J Series Services Routers And Srx Series Services Gateways
Option Function Your Action Maximum Lease Time Specifies the maximum length Select the maximum lease of time in seconds for which a time. client can request and hold a lease on a DHCP server. Copyright © 2010, Juniper Networks, Inc.
Page 302 Enter the IP address. the pool that is available for dynamic address assignment. High Specifies highest IP address in Enter the IP address. the pool that is available for dynamic address assignment. Dhcp > Domain Search Copyright © 2010, Juniper Networks, Inc.
Page 303: Configuring The Device As A Dhcp Client (Nsm Procedure)
To configure the device as a DHCP client: In the NSM navigation tree, select Device Manager > Devices. Click the Device Tree tab and then double-click the device for which you want to configure a DHCP client. Copyright © 2010, Juniper Networks, Inc.
Page 304 Select the DHCP client identifier as either an ASCII or identifier, and type the ASCII hexadecimal value. or hexadecimal value. Related Configuring the Device as a DHCP Server (NSM Procedure) on page 277 Documentation Copyright © 2010, Juniper Networks, Inc.
Page 305: Services Gateways
Configuring CoS Rewrite Rules (NSM Procedure) on page 298 Configuring CoS Schedulers (NSM Procedure) on page 301 Configuring CoS and Applying Scheduler Maps (NSM Procedure) on page 302 Configuring CoS Traffic Control Profiles (NSM Procedure) on page 304 Copyright © 2010, Juniper Networks, Inc.
Page 306: Configuring Cos Classifiers (Nsm Procedure)
Click Add new entry next to Dscp. classifiers for DiffServ CoS. 2. In the Name box, type the name of the behavior aggregate classifier—for example, ba-classifier. 3. In the Import box, type the name of the default DSCP map. Copyright © 2010, Juniper Networks, Inc.
Page 307 4. In the Unit number box, type the logical interface unit number—for example, 5. Click Configure next to Classifiers. 6. In the Classifiers box, under Dscp, type the name of the previously configured behavior aggregate classifier—for example, ba-classifier. 7. Click OK. Copyright © 2010, Juniper Networks, Inc.
Page 308: Configuring Cos Code Point Aliases (Nsm Procedure)
NOTE: After you make changes to a device configuration, you must push that updated device configuration to the physical security device for those changes to take effect. You can update multiple devices at one time. See the Network and Security Manager Administration Guide for more information. Copyright © 2010, Juniper Networks, Inc.
Page 309: Configuring Cos Drop Profile (Nsm Procedure)
100 percent. To configure drop profiles in NSM: In the navigation tree, select Device Manager > Devices. Click the Device Tree tab, and then double-click the device for which you want to configure drop profiles. Copyright © 2010, Juniper Networks, Inc.
Page 310 Edit button. 2. Expand the Drop Profile tree and select Fill Level. 3. Click the New button or select a fill level and click the Edit button. 4. Select a value from Name list. Copyright © 2010, Juniper Networks, Inc.
Page 311: Configuring Cos Forwarding Classes (Nsm Procedure)
CoS forwarding classes. Click the Configuration tab. In the configuration tree, expand Class of Service. Select Forwarding Classes. Add or modify settings as specified in Table 185 on page 288. Click one: OK—Saves the changes. Copyright © 2010, Juniper Networks, Inc.
Page 312 Configuring CoS Interfaces (NSM Procedure) on page 292 Configuring CoS Rewrite Rules (NSM Procedure) on page 298 Configuring CoS Schedulers (NSM Procedure) on page 301 Configuring CoS and Applying Scheduler Maps (NSM Procedure) on page 302 Copyright © 2010, Juniper Networks, Inc.
Page 313: Configuring Cos Forwarding Policy (Nsm Procedure)
2. In the Name box, enter the name of forwarding class. override the incoming 3. Click Classification Override next to Class. packet classification. 4. In the Forwarding Class box, enter the name of the forwarding class. Copyright © 2010, Juniper Networks, Inc.
Page 314: Configuring Cos Fragmentation Maps (Nsm Procedure)
Click the Device Tree tab, and then double-click the device for which you want to configure CoS Fragmentation Maps. Click the Configuration tab. In the configuration tree, expand Class of Service. Select Fragmentation Maps. Add or modify settings as specified in Table 187 on page 291. Click one: Copyright © 2010, Juniper Networks, Inc.
Page 315: Configuring Cos Host Outbound Traffic (Nsm Procedure)
Class-of-Service Host Outbound Traffic. Click the Configuration tab. In the configuration tree, expand Class of Service. Select Host Outbound Traffic. Add or modify settings as specified in Table 188 on page 292. Click one: Copyright © 2010, Juniper Networks, Inc.
Page 316: Configuring Cos Interfaces (Nsm Procedure)
NOTE: After you make changes to a device configuration, you must push that updated device configuration to the physical security device for those changes to take effect. You can update multiple devices at one time. See the Network and Security Manager Administration Guide for more information. Copyright © 2010, Juniper Networks, Inc.
Page 317 2. Click the New button or particular chassis in the select an interface and chassis queue. click the Edit button in Interface. 3. Select the scheduler map chassis from the list. Copyright © 2010, Juniper Networks, Inc.
Page 318 Edit button in logical interface. Interface. 2. Expand the Interface tree and select Output Traffic Control Profile Remaining. 3. Specify a comment and a profile name. 4. Click Ok. Copyright © 2010, Juniper Networks, Inc.
Page 319 2. Click the New button or equally to interface sets that select an interface set and include child nodes and those click the Edit button. that do not include child nodes. 3. Set the internal node. Copyright © 2010, Juniper Networks, Inc.
Page 320 2. Click the New button or select an interface set and click the Edit button. 3. Expand interface—set tree and select Input Traffic Control Profile 4. Specify the comment and profile name. 5. Click Ok. Copyright © 2010, Juniper Networks, Inc.
Page 321 Configuring CoS Drop Profile (NSM Procedure) on page 285 Configuring CoS Forwarding Classes (NSM Procedure) on page 287 Configuring CoS Rewrite Rules (NSM Procedure) on page 298 Configuring CoS Schedulers (NSM Procedure) on page 301 Copyright © 2010, Juniper Networks, Inc.
Page 322: Configuring Cos Rewrite Rules (Nsm Procedure)
Configure rewrite Click Configure next to Rewrite Rules. rules for DiffServ CoS. 2. Click Add new entry next to Dscp. 3. In the Name box, type the name of the rewrite rules—for example, rewrite-dscps. Copyright © 2010, Juniper Networks, Inc.
Page 323 7. Click Add new entry next to Loss priority. 8. From the Loss val list, select high. 9. In the Code point box, type the value of the high-priority code point for expedited forwarding traffic—for example, 101111. 10. Click OK twice. Copyright © 2010, Juniper Networks, Inc.
Page 324 Configuring CoS Forwarding Classes (NSM Procedure) on page 287 Configuring CoS Interfaces (NSM Procedure) on page 292 Configuring CoS Schedulers (NSM Procedure) on page 301 Configuring CoS and Applying Scheduler Maps (NSM Procedure) on page 302 Copyright © 2010, Juniper Networks, Inc.
Page 325: Configuring Cos Schedulers (Nsm Procedure)
To specify buffer size as a percentage of the total buffer, select percent and type an integer from 1 through 100. To specify buffer size as the remaining available buffer, select remainder. 5. Click OK. Copyright © 2010, Juniper Networks, Inc.
Page 326: Configuring Cos And Applying Scheduler Maps (Nsm Procedure)
To configure CoS and apply scheduler maps: In the navigation tree, select Device Manager > Devices. Click the Device Tree tab, and then double-click the device for which you want to configure CoS and apply scheduler maps. Copyright © 2010, Juniper Networks, Inc.
Page 327 Select Forwarding Class and click Add new entry. class and scheduler. 2. In the Name box, type the name of the previously configured assured forwarding class—for example, af-class. 3. Select the previously configured assured forwarding scheduler—for example, af-scheduler. 4. Click Copyright © 2010, Juniper Networks, Inc.
Page 328: Configuring Cos Traffic Control Profiles (Nsm Procedure)
Click the Configuration tab. In the configuration tree, expand Class of Service. Select Traffic Control Profiles. Add or modify settings as specified in Table 193 on page 305. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 329 Related Configuring CoS Drop Profile (NSM Procedure) on page 285 Documentation Configuring CoS Host Outbound Traffic (NSM Procedure) on page 291 Configuring CoS Routing Instances (NSM Procedure) Configuring CoS Translation Table (NSM Procedure) Copyright © 2010, Juniper Networks, Inc.
Page 331: Configuring Event Options In J Series Services Routers And Srx Series
2. Click Add new entry next to File. (XSLT) or Stylesheet Language 3. In the Name box, enter the filename. Alternative Syntax (SLAX) file 4. In the Comment box, enter the comment. containing an event script. Copyright © 2010, Juniper Networks, Inc.
Page 332: Generating Internal Events (Nsm Procedure)
Configuring Event Policy Tracing Operations (NSM Procedure) on page 312 Generating Internal Events (NSM Procedure) To generate an internal event, based on a time interval or the time of day, you can use the generate event option. To generate internal events in NSM: Copyright © 2010, Juniper Networks, Inc.
Page 333: Configuring Event Policy (Nsm Procedure)
Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Event Options. Select Policy. Add or modify settings as specified in Table 196 on page 310. Click one: Copyright © 2010, Juniper Networks, Inc.
Page 334 6. In the Output Filename box, enter the filename to which to write command or script output for the specified commands or script. 7. From the Output Format list, select the format for the output of the specified commands. Copyright © 2010, Juniper Networks, Inc.
Page 335 3. From the Destination list, select the name of a destination. 4. From the User Name list, select the username. 5. From the transfer relay list, select the delay before transferring files. Copyright © 2010, Juniper Networks, Inc.
Page 336: Configuring Event Policy Tracing Operations (Nsm Procedure)
In the NSM navigation tree, select Device Manager > Devices. Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Event Options. Select Traceoptions. Copyright © 2010, Juniper Networks, Inc.
Page 337 4. In the Comment box, enter the comment for the flag. Related Configuring Destinations for File Archiving (NSM Procedure) Documentation Configuring Event Script (NSM Procedure) on page 307 Generating Internal Events (NSM Procedure) on page 308 Configuring Event Policy (NSM Procedure) on page 309 Copyright © 2010, Juniper Networks, Inc.
Page 339: Gateways
Click the Configuration tab. In the configuration tree, expand Firewall > Family > Any. Add or modify settings as specified in Table 198 on page 316. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 340 Select one of the following: single-rate—if the named tricolor policer is a single-rate policer. two-rate—if the named tricolor policer is a two-rate policer. Related Configuring the Firewall Filter for Bridge Family Type (NSM Procedure) on page 317 Documentation Copyright © 2010, Juniper Networks, Inc.
Page 341: Configuring The Firewall Filter For Bridge Family Type (Nsm Procedure)
6. Select Interface Specific to configure interface-specific names for firewall counters. Configure accounting for Click Accounting Profile next to filter. firewall filter. 2. In the New accounting-profile window, enter the name to be assigned to the accounting profile. Copyright © 2010, Juniper Networks, Inc.
Page 342 Related Configuring the Firewall Filter for Any Family Type (NSM Procedure) on page 315 Documentation Configuring the Firewall Filter for Ccc Family Type (NSM Procedure) on page 319 Copyright © 2010, Juniper Networks, Inc.
Page 343: Configuring The Firewall Filter For Ccc Family Type (Nsm Procedure)
Configure accounting for Click Accounting Profile next to filter. firewall filter. 2. Click Add new entry next to Accounting Profile. 3. In the New accounting-profile window, enter the name to be assigned to the accounting profile. Copyright © 2010, Juniper Networks, Inc.
Page 344 Configuring the Firewall Filter for Bridge Family Type (NSM Procedure) on page 317 Documentation Configuring the Firewall Filter for MPLS Family Type (NSM Procedure) Configuring the Firewall Filter for VPLS Family Type (NSM Procedure) Copyright © 2010, Juniper Networks, Inc.
Page 345: Configuring Filters For Inet Family Type (Nsm Procedure)
Configure accounting for Click Accounting Profile next to filter. firewall filters. 2. Click Add new entry next to Accounting Profile. 3. In the New accounting-profile window, enter the name to be assigned to the accounting profile. Copyright © 2010, Juniper Networks, Inc.
Page 346 23. From the Loss Priority list, set the packet loss priority (PLP) to low, medium-low, medium-high, or high. 24. In the Forwarding Class box, enter the packet forwarding class name. 25. From the Prefix Action list, select the prefix specific action. Copyright © 2010, Juniper Networks, Inc.
Page 347: Configuring Prefix-Specific Actions (Nsm Procedure)
Click the Configuration tab. In the configuration tree, expand Firewall > Family > Inet. Click Prefix Action. Add or modify settings as specified in Table 202 on page 324. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 348: Configuring Service Filters (Nsm Procedure)
Configure service filter. Click Service Filter next to Inet. 2. Click Add new entry next to Service Filter. 3. Expand service-filter. 4. In the Name box, enter the name that identifies the service filter. Copyright © 2010, Juniper Networks, Inc.
Page 349: Configuring Simple Filters (Nsm Procedure)
The next-term action is not supported. The except and protocol-except match conditions are not supported. Noncontiguous masks are not supported. Only one source-address and one destination-address prefix are allowed for each filter term. Copyright © 2010, Juniper Networks, Inc.
Page 350 10. From the Loss Priority list, select the packet loss priority (PLP) level to set it as low, medium-low, medium-high, or high. 11. In the Forwarding Class box, enter the packet forwarding class name. Copyright © 2010, Juniper Networks, Inc.
Page 351: Configuring Application Layer Gateways In J Series Services Routers And Srx Series Services Gateways
OK—Saves the changes. Cancel—Cancels the modifications. Table 205: H.323 ALG Configuration Details Option Function Your Action Endpoint Registration Controls how long entries Enter a value between 10 and 50,000 Timeout remain in the NAT table. seconds. Copyright © 2010, Juniper Networks, Inc.
Page 352 VoIP packets. If a packet cannot be identified, it is always dropped. If a packet is identified as a supported protocol, the message is forwarded without processing. Copyright © 2010, Juniper Networks, Inc.
Page 353: Configuring Sip Alg (Nsm Procedure)
Click the Configuration tab. In the configuration tree, select Security > Alg > Sip. Add or modify settings as specified in Table 206 on page 330. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 354 Because many SIP timers scale with the T1-Interval (as described in RFC 3261), when you change the value of the T1-Interval timer, those SIP timers also are adjusted. Copyright © 2010, Juniper Networks, Inc.
Page 355 SIP application screen select an IP address. to protect the server at some or all destination IP addresses against INVITE attacks. You can include up to 16 destination IP addresses of servers to be protected. Copyright © 2010, Juniper Networks, Inc.
Page 356: Configuring Sccp Alg (Nsm Procedure)
Enabling or Disabling ALGs (NSM Procedure) on page 337 Configuring SCCP ALG (NSM Procedure) SCCP is a protocol for call signaling. Skinny is based on a call-agent-based call-control architecture. The control protocol uses binary-coded frames encoded on TCP frames Copyright © 2010, Juniper Networks, Inc.
Page 357 Threshold Protects SCCP ALG clients Select a value for call flood threshold from flood attacks by from 2 to 1,000. limiting the number of calls they attempt to process. Copyright © 2010, Juniper Networks, Inc.
Page 358: Configuring Mgcp Alg (Nsm Procedure)
Enabling or Disabling ALGs (NSM Procedure) on page 337 Configuring MGCP ALG (NSM Procedure) MGCP is a text-based Application Layer Protocol used for call setup and call control between the media gateway and the media gateway controller (MGC). Copyright © 2010, Juniper Networks, Inc.
Page 359 NTFY from the gateway to the call agent or a 200 OK from the call agent to the gateway. The Juniper Networks device tracks these transactions, and clears them when they time out. Copyright © 2010, Juniper Networks, Inc.
Page 360 VoIP packets. If a packet cannot be identified, it is always dropped. If a packet is identified as a supported protocol, the message is forwarded without processing. Copyright © 2010, Juniper Networks, Inc.
Page 361: Enabling Or Disabling Algs (Nsm Procedure)
Basic Internet Protocols Provides an ALG for the Select the Disable check box to Domain Name System. The disable the DNS ALG. DNS ALG monitors DNS query and reply packets and closes session if the Copyright © 2010, Juniper Networks, Inc.
Page 362 There are two types of talk servers: ntalk and talkd. The TALK ALG processes packets of both ntalk and talkd formats. It also performs NAT and gate opening as necessary. Copyright © 2010, Juniper Networks, Inc.
Page 363 Related Configuring H.323 ALG (NSM Procedure) on page 327 Documentation Configuring SIP ALG (NSM Procedure) on page 329 Configuring SCCP ALG (NSM Procedure) on page 332 Configuring MGCP ALG (NSM Procedure) on page 334 Copyright © 2010, Juniper Networks, Inc.
Page 365: Configuring Unified Threat Management Features In J Series Services Routers And Srx Series Services Gateways
Select Symantec Sbl and enable the feature. Expand Symantec Sbl and select Profile. Add or modify antispam profile settings as specified in Table 210 on page 342. Click one: New—Adds a new profile. OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 366: Configuring Local List Antispam (Nsm Procedure)
Objects. Select Url Pattern and click New. Enter a unique name for the list. Select Value and add a new entry. Enter a value for the URL pattern for whitelist or blacklist antispam filtering. Copyright © 2010, Juniper Networks, Inc.
Page 367: Configuring A Custom Url Category List Custom Object
Click the Configuration tab. In the configuration tree, select Security > Utm > Feature Profile > Anti Spam. Select Symantec Sbl and enable the feature. Expand Symantec Sbl and select Profile. Copyright © 2010, Juniper Networks, Inc.
Page 368: Configuring A Utm Policy For Snmp
Once you have configured a UTM policy for SNMP, attach the UTM policy to a security policy that you create. Related Configuring Antivirus Protection (NSM Procedure) on page 345 Documentation Configuring Content Filtering (NSM Procedure) on page 350 Configuring Web Filtering (NSM Procedure) on page 353 Copyright © 2010, Juniper Networks, Inc.
Page 369: Configuring Antivirus Protection (Nsm Procedure)
Select Filename Extension and click New. Enter a unique name for the extension list. Select Value and add a new entry. Enter the extensions in the Value box. Click OK to save the changes. Copyright © 2010, Juniper Networks, Inc.
Page 370: Configuring A Url Pattern List Custom Object
Select Custom Url Category and click New. Enter a unique name for the list. Select Value and add a new entry. Enter the name of the URL pattern list you created for bypassing scanning. Click OK to save the changes. Copyright © 2010, Juniper Networks, Inc.
Page 371: Configuring An Antivirus Feature Profile
Pattern Update > Email Notify Admin Email Specifies the Enter the e-mail addresses of the administrators e-mail addresses who should receive e-mail notifications when of the updates are made to the pattern file. administrators. Copyright © 2010, Juniper Networks, Inc.
Page 372 Fallback Block fallback nonblock, e-mail. and virus Fallback Non Block notify-mail-sender—Select this option to detection. Virus Detection notify the sender of the mail. Type—Select protocol-only or message from the Type list. Profile > Scan Options Copyright © 2010, Juniper Networks, Inc.
Page 373: Configuring A Utm Policy For Express Antivirus
Click the Device Tree tab, and then double-click the device that you want to configure. Click the Configuration tab. In the configuration tree, select Security > Utm > Utm Policy. Click New to add a new UTM policy entry. Enter a unique name for the UTM policy. Copyright © 2010, Juniper Networks, Inc.
Page 374: Configuring Content Filtering (Nsm Procedure)
Select Protocol Command and click New. Enter a unique name for the protocol command custom object. Select Value and add a new entry. Enter the commands for the protocol in Value. Click OK to save the changes. Copyright © 2010, Juniper Networks, Inc.
Page 375: Configuring A Filename Extension List Custom Object
Click the Configuration tab. In the configuration tree, select Security > Utm > Feature Profile > Content Filering > Profile. Add or modify content-filtering profile settings as specified in Table 213 on page 352. Click one: Copyright © 2010, Juniper Networks, Inc.
Page 376 Enter the exception MIME list custom custom object. object you created for MIME patterns that will not be blocked. Profile > Notification Options Enable Feature Enables notification options. Select this option to enable notification options. Copyright © 2010, Juniper Networks, Inc.
Page 377: Configuring A Utm Policy For Content-Filtering
Configuring Web Filtering (NSM Procedure) on page 353 Configuring Web Filtering (NSM Procedure) This section includes the following topics: Configuring a URL Pattern List Custom Object on page 354 Configuring a Custom URL Category List Custom Object on page 354 Copyright © 2010, Juniper Networks, Inc.
Page 378: Configuring A Url Pattern List Custom Object
Click the Configuration tab. In the configuration tree, select Security > Utm > Custom Objects. Select Custom Url Category and click New. Enter a unique name for the list. Select Value and add a new entry. Copyright © 2010, Juniper Networks, Inc.
Page 379: Configuring A Web Filtering Feature Profile
(The default is 24 hours and the maximum allowed life span.) Size Specifies the size limit for the Enter a size limit for the cache in kilobytes. cache. (The default is 500 KB.) Surf Control Integrated > Server Copyright © 2010, Juniper Networks, Inc.
Page 380 Specifies the name of the Enter the name of the custom URL category category. list custom object you created. Action Specifies the action to be Select log-and-permit, permit, or block taken. from the list. Copyright © 2010, Juniper Networks, Inc.
Page 381: Configuring A Utm Policy For Web Filtering
Once you have configured a UTM policy for Web filtering, attach the UTM policy to a security policy that you create. Related Configuring Local List Antispam (NSM Procedure) on page 342 Documentation Configuring Content Filtering (NSM Procedure) on page 350 Configuring Antivirus Protection (NSM Procedure) on page 345 Copyright © 2010, Juniper Networks, Inc.
Page 383: Configuring Network Address Translation In J Series Services Routers And Srx Series Services Gateways
Specifies the name of the new pool. Click the New button. 2. Enter a name and comment. Comment Specifies the comment for the new pool. This 3. Click OK. is optional. Pool > Address Copyright © 2010, Juniper Networks, Inc.
Page 384 3. Enter the comment and the higher range. 4. Click OK. Pool > Routing Instance Ri Name Specifies the routing instance name. Enter a comment. 2. Select the routing instance name from the drop-down list. 3. Click OK. Copyright © 2010, Juniper Networks, Inc.
Page 385 Chapter 23: Configuring Network Address Translation in J Series Services Routers and SRX Series Services Gateways Related NSM and Device Management Overview on page 3 Documentation Communication Between NSM and a Device Overview on page 3 Copyright © 2010, Juniper Networks, Inc.
Page 387: Services Gateways
Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Bridge Domains. Select Domain. Add or modify settings as specified in Table 22 on page 36. Click one: Copyright © 2010, Juniper Networks, Inc.
Page 388: Configuring Layer 2 Learning And Forwarding Properties For A Bridge Domain
Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Bridge Domains. Select Domain. Add or modify settings as specified in Table 23 on page 37. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 389 3. From the Limit list, select the maximum number of MAC bridge domain, virtual switch, addresses learned from an interface. or set of bridge domains. Range: 1 through 131,071 MAC addresses per interface Copyright © 2010, Juniper Networks, Inc.
Page 390: Configuring Forwarding Options (Nsm Procedure)
2. For configuring relay option 60 information for forwarding client client traffic to specific traffic to specific DHCP servers, see Configuring Relay Option DHCP servers. 60 Information for Forwarding Client Traffic to Specific DHCP Servers (NSM Procedure). Copyright © 2010, Juniper Networks, Inc.
Page 391: Configuring Logical Interfaces (Nsm Procedure)
Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Bridge Domains. Select Domain. Add or modify settings as specified in Table 25 on page 40. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 392: Configuring Multicast Snooping Options (Nsm Procedure)
In the Devices list, double-click the device to select it. In the Configuration tab, expand Bridge Domains. Select Domain. Add or modify the settings as specified in Table 26 on page 41. Click one: OK—saves the changes Cancel—cancels the modifications Copyright © 2010, Juniper Networks, Inc.
Page 393 2. In the Comment box, enter the comments. multicast snooping. 3. From the Restart Duration list, select the duration for graceful restart. Range: 0 to 300 seconds Default : 180 seconds Copyright © 2010, Juniper Networks, Inc.
Page 394 10. Click Flag next to Trace Options. 11. Click Add new entry next to flag. 12. From the Name list, select a tracing operation to perform. 13. In the Comment box, enter the comments. Copyright © 2010, Juniper Networks, Inc.
Page 395: Configuring Igmp Snooping (Nsm Procedure)
Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Bridge Domains. Select Domain. Add or modify settings as specified in Table 27 on page 44. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 396 The router loses contact with the hosts that properly remain in the multicast group until they send join requests in response to the next general multicast listener query from the router. Copyright © 2010, Juniper Networks, Inc.
Page 397 Click Proxy next to Igmp Snooping. proxy mode. 2. In the Comment box, enter the comment. 3. In the Source Address box, enter the IP address to use as the source for IGMP snooping reports in proxy mode. Copyright © 2010, Juniper Networks, Inc.
Page 398 9. Click Add new entry next to Flag. 10. From the Name list, select the flag to perform the trace operation. 11. In the Comment box, enter the comment for the flag. 12. Select the corresponding flag modifier check box. Copyright © 2010, Juniper Networks, Inc.
Page 399 The router loses contact with the hosts that properly remain in the multicast group until they send join requests in response to the next general multicast listener query from the router. Copyright © 2010, Juniper Networks, Inc.
Page 400: Configuring Vlan Id (Nsm Procedure)
Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Bridge Domains. Select Domain. Add or modify settings as specified in Table 28 on page 49. Click one: Copyright © 2010, Juniper Networks, Inc.
Page 401 4. Select vlan tag to tag the VLAN interface so that it can be compared with the normalizing VLAN identifier. 5. In the Comment box, enter the comment. 6. In the Inner box, enter the VLAN identifier. 7. In the Outer box, enter the VLAN identifier. Copyright © 2010, Juniper Networks, Inc.
Page 403: Configuring Forwarding Options In J Series Services Routers And Srx
Click the Configuration tab. In the configuration tree, expand Forwarding Options. Select Accounting. Add or modify the settings as specified in Table 223 on page 380. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 404 13. Select the Caida Compliant check box to record source and destination mask length values in compliance with the Version 2.1b1 release of the cflowd application from the Cooperative Association for Internet Data Analysis (CAIDA). Copyright © 2010, Juniper Networks, Inc.
Page 405: Specifying Address Family For Filters (Nsm Procedure)
3. In the Comment box, enter the comment. 4. From the Input list, select the name of the applied filter. 5. From the Output list, select the name of the applied filter. Copyright © 2010, Juniper Networks, Inc.
Page 406: Configuring Load Balancing Using Hash Key (Nsm Procedure)
Click the Configuration tab. In the configuration tree, expand Forwarding Options > Hash Key. Add or modify settings as specified in Table 225 on page 383. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 407: Configuring Helpers (Nsm Procedure)
Configuring Per-Flow and Per-Prefix Load Balancing (NSM Procedure) on page 391 Configuring Helpers (NSM Procedure) You can enable Trivial File Transfer Protocol (TFTP) or Domain Name System (DNS) request packet forwarding, or configure the router or interface to act as a Dynamic Host Copyright © 2010, Juniper Networks, Inc.
Page 408: Configuring A Router Or Interface To Act As A Bootstrap Protocol Relay
4. From the Minimum Wait Time list, select the minimum time allowed. Default: 3 seconds 5. From the Client Response Ttl list, select the IIP time-to-live (TTL) value in DHCP response packets sent to a DHCP client. Copyright © 2010, Juniper Networks, Inc.
Page 409 ID. 14. Click Vendor Id next to Dhcp Option82. 15. In the Comment box, enter the comment. 16. In the Use String check box, enter the raw string instead of the default remote ID. Copyright © 2010, Juniper Networks, Inc.
Page 410 10. From the Minimum Wait Time list, select the minimum time allowed. Default: 3 seconds 11. From the Client Response Ttl list, select the IIP time-to-live (TTL) value in DHCP response packets sent to a DHCP client. Copyright © 2010, Juniper Networks, Inc.
Page 411: Enabling Dns Request Packet Forwarding
DNS and TFTP request packets. To enable DNS request packet forwarding in NSM: In the NSM navigation tree, select Device Manager > Devices. Click the Device Tree tab, and then double-click the device to select it. Copyright © 2010, Juniper Networks, Inc.
Page 412 18. In the Comment box, enter the comment. 19. In the Address box, enter the address of the server. 20. Expand Server. 21. Click Logical System next to Server. 22. Select logical-system or routing-instance. Copyright © 2010, Juniper Networks, Inc.
Page 413: Configuring A Port For A Dhcp Or Bootp Relay Agent
Click the Configuration tab. In the configuration tree, expand Forwarding Options > Helpers. Select Port. Add or modify settings as specified in Table 228 on page 390. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 414: Configuring Tracing Operations For Bootp, Dns, And Tftp Packet Forwarding
In the NSM navigation tree, select Device Manager > Devices. Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Forwarding Options > Helpers > TFTP. Copyright © 2010, Juniper Networks, Inc.
Page 415: Configuring Per-Flow And Per-Prefix Load Balancing (Nsm Procedure)
Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Forwarding Options > Load Balance. Add or modify settings as specified in Table 230 on page 392. Click one: Copyright © 2010, Juniper Networks, Inc.
Page 416: Configuring Port Mirroring (Nsm Procedure)
Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Forwarding Options > Port Mirroring. Add or modify settings as specified in Table 231 on page 393. Click one: OK—Saves the changes. Copyright © 2010, Juniper Networks, Inc.
Page 417 3. In the Name box, enter the name of the port-mirroring instance. 4. To configure the address type family to sample for port mirroring, refer Table 231 on page 393. 5. To configure input packet properties for port mirroring, refer Table 231 on page 393. Copyright © 2010, Juniper Networks, Inc.
Page 418 Related Configuring Per-Flow and Per-Prefix Load Balancing (NSM Procedure) on page 391 Documentation Configuring Load Balancing Using Hash Key (NSM Procedure) on page 382 Specifying Address Family for Filters (NSM Procedure) on page 381 Copyright © 2010, Juniper Networks, Inc.
Page 419: Gateways
In the NSM navigation tree, select Device Manager > Devices. Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Interfaces. Select Interface. Copyright © 2010, Juniper Networks, Inc.
Page 420 Management Protocol (SNMP) notifications when the state of the connection changes. no-traps—To disable the sending of Simple Network Management Protocol (SNMP) notifications when the state of the connection changes. 15. From the Accounting Profile list, select the accounting profile. Copyright © 2010, Juniper Networks, Inc.
Page 421: Damping Interface Transitions (Nsm Procedure)
Range: 0 through 4,294,967,295 milliseconds Default: 0 milliseconds 6. From the Down list, select the hold time to use when an interface transitions from up to down Range: 0 through 4,294,967,295 milliseconds Default: 0 milliseconds Copyright © 2010, Juniper Networks, Inc.
Page 422: Configuring Receive Bucket Properties On Interfaces (Nsm Procedure)
Configuring Tracing Operations of an Individual Router Interface (NSM Procedure) You can define tracing operations for individual interfaces using this option. To specify more than one tracing operation, include multiple flag statements. To configure tracing operations of an router interface in NSM: Copyright © 2010, Juniper Networks, Inc.
Page 423: Configuring Transmit Leaky Bucket Properties (Nsm Procedure)
Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Interfaces. Select Interface. Add or modify settings as specified in Table 236 on page 400. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 424: Configuring Logical Interface Properties (Nsm Procedure)
Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Interfaces. Select Interface. Add or modify settings as specified in Table 237 on page 401. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 425: Configuring An Ip Demux Underlying Interface (Nsm Procedure)
Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Interfaces. Select Interface. Add or modify settings as specified in Table 238 on page 402. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 426: Configuring The Logical Demux Source Family Type On The Ip Demux Underlying Interface (Nsm Procedure)
Configuring Epd Threshold for the Logical Interface (NSM Procedure) To configure Epd threshold for the logical interface in NSM: In the NSM navigation tree, select Device Manager > Devices. Click the Device Tree tab, and then double-click the device to select it. Copyright © 2010, Juniper Networks, Inc.
Page 427: Procedure)
Procedure) on page 418 Configuring Protocol Family (TCC) Information for the Logical Interface (NSM Procedure) on page 420 Configuring Protocol Family (Ccc) Information for the Logical Interface (NSM Procedure) To configure ccc family information in NSM: Copyright © 2010, Juniper Networks, Inc.
Page 428 Click Add new entry next to output-list. b. In the New output-list window, enter the filter names. Up to 16 filters can be included in a filter input list. Copyright © 2010, Juniper Networks, Inc.
Page 429: Configuring Protocol Family (Inet) Information For The Logical Interface
Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Interfaces. Select Interface. Add or modify settings as specified in Table 242 on page 406. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 430 5. In the Comment box, enter the comment. 6. Select the Input check box to configure at least one expected ingress point. 7. Select the Output check box to configure at least one expected egress point. Copyright © 2010, Juniper Networks, Inc.
Page 431 Virtual Router Redundancy Protocol (VRRP) advertisement packets. Range: 100 through 999 milliseconds inet6-advertise-interval—To configure the interval between Virtual Router Redundancy Protocol (VRRP) IPv6 advertisement packets Range: 100 to 40,950 milliseconds (ms) Copyright © 2010, Juniper Networks, Inc.
Page 432 11. From the Priority Cost list, select the VRRP routers’ priority cost for becoming the master default router. The router with the highest priority within the group becomes the master. Range: 1 through 254 Copyright © 2010, Juniper Networks, Inc.
Page 433 Click Add new entry next to input-list. b. In the New input-list window, enter the filter names. Up to 16 filters can be included in a filter input list. Copyright © 2010, Juniper Networks, Inc.
Page 434 2. Select the Input check box to configure at least one expected ingress point. traffic to be 3. Select the Output check box to configure at least one expected egress sampled. point. Copyright © 2010, Juniper Networks, Inc.
Page 435: Configuring Protocol Family (Inet6) Information For The Logical Interface (Nsm
Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Interfaces. Select Interface. Add or modify settings as specified in Table 243 on page 412. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 436 5. In the Comment box, enter the comment. 6. Select the Input check box to configure at least one expected ingress point. 7. Select the Output check box to configure at least one expected egress point. Copyright © 2010, Juniper Networks, Inc.
Page 437 Virtual Router Redundancy Protocol (VRRP) advertisement packets. Range: 100 through 999 milliseconds inet6-advertise-interval—To configure the interval between Virtual Router Redundancy Protocol (VRRP) IPv6 advertisement packets Range: 100 to 40,950 milliseconds (ms) Copyright © 2010, Juniper Networks, Inc.
Page 438 10. From the Priority Cost list, select the VRRP router’s priority cost for becoming the master default router. The router with the highest priority within the group becomes the master. Range: 1 through 254 Copyright © 2010, Juniper Networks, Inc.
Page 439 Click Add new entry next to input-list. b. In the New input-list window, enter the filter names. Up to 16 filters can be included in a filter input list. Copyright © 2010, Juniper Networks, Inc.
Page 440 In the Comment box, enter the comment. traffic to be sampled. 2. Select the Input check box to configure at least one expected ingress point. 3. Select the Output check box to configure at least one expected egress point. Copyright © 2010, Juniper Networks, Inc.
Page 441: Configuring Protocol Family (Iso) Information For The Logical Interface (Nsm
Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Interfaces. Select Interface. Add or modify settings as specified in Table 244 on page 418. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 442: Configuring Protocol Family (Mpls) Information For The Logical Interface (Nsm
Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Interfaces. Select Interface. Add or modify settings as specified in Table 245 on page 419. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 443 3. In the Input box, enter the name of one policer to evaluate when packets are received on the interface. 4. In the Output box, enter the name of one policer to evaluate when packets are transmitted on the interface. Copyright © 2010, Juniper Networks, Inc.
Page 444: Configuring Protocol Family (Tcc) Information For The Logical Interface (Nsm
When you use an ATM encapsulation on ATM1 and ATM2 IQ interfaces, you can define bandwidth utilization, which consists of either a constant rate or a peak cell rate, with sustained cell rate and burst tolerance. To configure traffic shaping profile in NSM: Copyright © 2010, Juniper Networks, Inc.
Page 445 In the Comment box, enter the comment. b. In the Peak box, enter the peak rate. c. In the Sustained box, enter the sustained rate. d. In the Burst box, enter the burst length. Copyright © 2010, Juniper Networks, Inc.
Page 446: Configuring Interface Set On The Routing Platform (Nsm Procedure)
11. From the Name list, select the outer VLAN ID. 12. In the Comment box, enter the comment. Related Configuring Interfaces on the Routing Platform (NSM Procedure) on page 395 Documentation Configuring Trace Options on the Routing Platform (NSM Procedure) Copyright © 2010, Juniper Networks, Inc.
Page 447: Configuring Multicast Snooping Options In J Series Services Routers And Srx Series Services Gateways
In the Devices list, double click the device to select it. In the Configuration tab, expand Multicast Snooping Options. Add or modify the settings as specified in Table 249 on page 424. Click one: OK—To save the changes. Cancel—To cancel the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 448 7. From the Mark list, select the time interval in seconds to mark the trace file. Range : -2147483647 seconds to 2147483647 Seconds Default : 0 8. Expand Syslog. 9. Click Level next to Syslog. 10. Select the Level of severity to be logged. Copyright © 2010, Juniper Networks, Inc.
Page 449 12. Click Add new entry next to flag. 13. From the Name list, select a tracing operation to perform. 14. In the Comment box, enter the comments. Related Configuring Interfaces on the Routing Platform (NSM Procedure) on page 395 Documentation Copyright © 2010, Juniper Networks, Inc.
Page 451: Managing J Series Services Routers And Srx Series Services Gateways
Using System Management Features in J Series Services Routers and SRX Series Services Gateways on page 429 Topology Manager on page 433 IDP Management in J Series Services Routers and SRX Series Services Gateways on page 437 Copyright © 2010, Juniper Networks, Inc.
Page 453: Using System Management Features In J Series Services Routers And Srx Series Services Gateways
It also provides features to update the NSM database with the most current inventory information from the device. In addition, you can use Device Monitor, Device List, and the device tooltip to view the status of inventory synchronization. Copyright © 2010, Juniper Networks, Inc.
Page 454: Viewing Device Inventory In Nsm (Nsm Procedure)
Select the Software tab to display information about the software packages installed in the device, including the installed OS and its version, and any other installed packages. Related Viewing and Reconciling Device Inventory Overview on page 429 Documentation Copyright © 2010, Juniper Networks, Inc.
Page 455: Removing A J Series Or Srx Series Device From Nsm Management (Nsm Procedure)
Remove the device by clicking Next. The Delete dialog box displays the progress of the deletion. After NSM finishes, click Finish to close the dialog box. Related Adding J Series Services Routers or SRX Series Services Gateways in NSM Overview Documentation on page 8 Copyright © 2010, Juniper Networks, Inc.
Page 457: Topology Manager
NSM user interface (UI) to discover and manage the physical topology of a network of devices connected to a Juniper Networks EX-series switch. These include networking devices such as the J Series, M-series, MX-series, and EX-series, as well as ScreenOS and IDP devices, IP phones, desktops, printers, and servers.
Page 458: Understanding The Nsm Topology Manager Toolbar
The Topology Manager status bar at the bottom of the screen indicates the timestamp of the last completed topology discovery and whether a discovery is in progress. For more information about the Topology Manager, see the Network and Security Manager Administration Guide. Copyright © 2010, Juniper Networks, Inc.
Page 459 Chapter 29: Topology Manager Related Overview of the NSM Topology Manager on page 433 Documentation Requisites for a Topology Discovery Overview on page 433 Copyright © 2010, Juniper Networks, Inc.
Page 461: Idp Management In J Series Services Routers And Srx Series Services
Notify Later—Notifies the completion of the update process. Close—Closes the Job Information page. After you have updated the attack object database on the NSM GUI server, you can use that database to update the attack object database on your managed devices. Copyright © 2010, Juniper Networks, Inc.
Page 462: Loading The Idp Detector Engine On A J Series Or Srx Series Device (Nsm Procedure)
Select the JUNOS device to be updated and click Finish. The progress and status of the attack object database update process appears in the Job Information page. Click one: Cancel Job—Cancels the attack object database update process. Refresh—Refreshes the status of the update process. Copyright © 2010, Juniper Networks, Inc.
Page 463 Close—Closes the Job Information page. Related Updating the NSM Attack Database (NSM Procedure) on page 437 Documentation Loading the IDP Detector Engine on a J Series or SRX Series Device (NSM Procedure) on page 438 Copyright © 2010, Juniper Networks, Inc.
Page 465: Monitoring J Series Services Routers And Srx Series Services Gateways
PART 4 Monitoring J Series Services Routers and SRX Series Services Gateways Real Time Monitoring of J Series Services Routers and SRX Series Services Gateways on page 443 Copyright © 2010, Juniper Networks, Inc.
Page 467: Gateways
The Realtime Monitor does the work of a management expert by first gathering information about specific processes and network activity, and then color-coding each event to organize problems. Related Realtime Monitor Overview on page 443 Documentation Viewing Device Status on page 444 Copyright © 2010, Juniper Networks, Inc.
Page 468: Viewing Device Status
A device in this state cannot connect to NSM. Update Needed—An update to this device is required. Managed—The device is currently being managed by NSM. Managed, In Sync—The physical device configuration is synced with the modeled configuration in NSM. Copyright © 2010, Juniper Networks, Inc.
Page 469 N/A—The device's alarm is not pollable or discoverable, for example, this column shows "N/A" for ScreenOS and IDP devices. Alarm is colored: Red for Major. Orange for Minor. Green for Ignore, None, Unknown, or N/A. Copyright © 2010, Juniper Networks, Inc.
Page 470: Viewing Device Monitor Alarm Status (Nsm Procedure)
From Device Monitor, right-click the device row entry and select the View Alarm option. The device Alarm Status dialog box displays the alarm list and polling time for the device. Retrieve the current alarm status in the device by clicking the Refresh button. Copyright © 2010, Juniper Networks, Inc.
Page 471: Configuring The Polling Interval For Device Alarm Status (Nsm Procedure)
The maximum interval is 2,147,483,647 seconds. You cannot disable polling. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Related Viewing Device Status on page 444 Documentation Viewing Device Monitor Alarm Status (NSM Procedure) on page 446 Copyright © 2010, Juniper Networks, Inc.
Page 475: Index
363 bridge domains properties fate sharing configuring..............35, 363 configuring................95 firewall filter any family type, configuring........315 chassis alarms, configuring..........34 bridge family type, configuring.........317 chassis FPC, configuring............49 ccc family type, configuring........319 inet family type, configuring........321 Copyright © 2010, Juniper Networks, Inc.
Page 476 OSPF....................111 interface routes configuring...............98 port mirroring interface set, configuring...........422 configuring..............392 interfaces protocols logical interface properties, configuring....400 802.1x................104 properties, configuring..........395 BGP..................101 receive bucket properties, configuring....398 GVRP................106 tracing operations, configuring......398 IGMP..................107 traffic shaping profile, configuring......420 OSPF...................111 Copyright © 2010, Juniper Networks, Inc.
Page 477 VRRP...................118 multicast................77 VSTP...................116 multipath................80 Options................81 resolution................82 rib..................85 rib groups................83 source routing..............87 Static Routes..............88 scheduler maps..............302 schedulers................301 SNMP client lists................219 commit delay timer.............225 See also nonvolatile Copyright © 2010, Juniper Networks, Inc.

This manual is also suitable for:

Network and security manager 2010.4

Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING J SERIES SERVICES ROUTERS AND SRX SERIES SERVICES GATEWAYS GUIDE REV Manual

Chapter 1 Understanding J Series Services Router and SRX Series Services Gateway

Chapter 2 J Series Services Routers and SRX Series Services Gateways and NSM Installation and Integration Overview

Chapter 3 Configuring Access in J Series Services Routers and SRX Series Services Gateways

Chapter 4 Configuring Accounting Options in J Series Services Routers and SRX Series Services Gateways

Chapter 5 Configuring Applications in J Series Services Routers and SRX Series Services Gateways

Chapter 6 Configuring User Authentication in J Series Services Routers and SRX

Chapter 7 Configuring Chassis in J Series Services Routers and SRX Series Services

Chapter 8 Configuring USB Modem Interfaces in J Series Services Routers and SRX

Chapter 9 Configuring Policy Options in J Series Services Routers and SRX Series

Chapter 10 Configuringroutingoptionsinjseriesservicesroutersandsrxseries

Chapter 11 Configuringprotocolsforjseriesservicesroutersandsrxseries

Chapter 12 Configuringsecurityforjseriesservicesroutersandsrxseriesservices

Chapter 13 Configuring Services for J Series Services Routers and SRX Series Services

Chapter 14 Configuringintegratedconvergenceservicesonthesrxseriesservices

Chapter 15 Configuring SNMP for Network Management in J Series Services Routers and SRX Series Services Gateways

Chapter 16 Configuringsystemforjseriesservicesroutersandsrxseriesservices

Chapter 17 Configuring J Series Services Routers and SRX Series Services Gateways

Chapter 18 Configuringclassofserviceinjseriesservicesroutersandsrxseries

Chapter 19 Configuring Event Options in J Series Services Routers and SRX Series

Chapter 20 Configuringfirewallinjseriesservicesroutersandsrxseriesservices

Chapter 21 Configuring Application Layer Gateways in J Series Services Routers and SRX Series Services Gateways

Quick Links

Related Manuals for Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING J SERIES SERVICES ROUTERS AND SRX SERIES SERVICES GATEWAYS GUIDE REV

Summary of Contents for Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING J SERIES SERVICES ROUTERS AND SRX SERIES SERVICES GATEWAYS GUIDE REV