About Configuring Security Devices; About Configuring Extranet Devices; Configuring Advanced Properties For Screenos Device Details - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01 Manual

Configuring ScreenOS Devices Guide

About Configuring Security Devices

About Configuring Extranet Devices

Related
Documentation

Configuring Advanced Properties for ScreenOS Device Details

26
NOTE: When you open a device for viewing or editing, the NSM UI loads the
entire device configuration into memory to enhance UI performance while
configuring the device. When you close a device to which you made changes,
the UI unloads some of the device configuration from the client memory.
Although this memory optimization occurs quickly, you might see the following
message appear: "Optimizing client memory usage for device."
NSM does not support all device configuration settings. You may need to make some
changes to the device directly using a Web UI or CLI. Additionally, some changes can
affect the management connection between the NSM device server and the managed
device.
A security device provides perimeter and boundary protection using data encryption,
authentication, access control, and some attack detection and prevention. Firewalls and
virtual private networks (VPNs) are designed for high speed operation at the Network
Layer.
While firewalls provide protection, there are attacks contained within the allowed traffic
that firewalls are not designed to detect.
NSM also enables you to configure an existing extranet device (that is, a third-party
router). You can do this by creating a script to perform the required actions on the extranet
device.
Add the extranet device in the Device Manager, and then configure the required metadata
in a shared object in the Object Manager under "Extranet Policies." This data may include:
credential information (user/password), IP address, interface list, comments, action
script, and other additional data. When you update the device, the specified script is
invoked. The device update job displays the XML output.
Configuring Advanced Properties for ScreenOS Device Details on page 26
Understanding Device Configurations Running ScreenOS 5.4 FIPS and Later Overview
on page 29
Understanding Templates and Groups on page 32
Configuring Extranet Devices Details (NSM Procedure) on page 30
When a denial-of-service (DoS) attack occurs, the CPU recognizes the attack and drops
the traffic. A DoS attack can cause high CPU utilization and cause the security device to
drop all packets. To prevent high CPU utilization during a DoS attack, the packet dropping
feature was moved to the application-specific integrated circuit (ASIC) in ScreenOS 6.0.
Copyright © 2010, Juniper Networks, Inc.