Device Configuration Validation; Policy Validation; Atomic Configuration And Updating; Device Image Updates - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01 Manual

Device Configuration Validation

Policy Validation

Atomic Configuration and Updating

Device Image Updates

Auditing

Copyright © 2010, Juniper Networks, Inc.
NSM automatically alerts you to configuration errors while you work in the UI. Each field
that has incorrect or incomplete data displays a icon— move your mouse cursor over the
icon to get details on the missing data. For more details on validation, see "Understanding
Validation Icons and Validation Data in the NSM User Interface" on page 21.
The policy validation tool checks your security policies and alerts you to possible problems
before you install that policy on your managed devices.
On devices running ScreenOS 5.x, if the configuration deployment fails for any reason,
the device automatically uses the last installed stable configuration. Additionally, if the
configuration deployment succeeds, but the device loses connectivity to the management
system, the device restores the last installed configuration. This minimizes downtime
and ensures that NSM always maintains a stable connection to the managed device.
Devices running ScreenOS 5.1 and later also support atomic updating, which enables the
device to receive the entire modeled configuration (all commands) before executing
those commands (instead of executing commands as they are received from the
management system). Because the device no longer needs to maintain a constant
connection to the management system during updating, you can configure changes to
the management connection from the NSM UI.
You can update the software that runs on your devices by installing a new ScreenOS
image on all your security devices. The image updates are as follows:
NSM updates—Use NSM to upload the new image file to multiple security devices with
a single click.
RMA updates—Replace failed devices, by setting the device to the RMA state, which
enables NSM to retain the device configuration without a serial number or connection
statistics. When you install the replacement device, activate the device with the serial
number of the replacement unit.
Use the Audit Log Viewer to track administrative actions so you will always know exactly
when and what changes were made using the management system. The Audit Log Viewer
displays log entries in the order generated, and it includes:
Date and time the administrative action occurred
NSM administrator who performed the action
Action performed
Chapter 1: NSM User Interface and NSM Key Management Features
9