Configuring ScreenOS Devices Guide
About Configuring Security Devices
About Configuring Extranet Devices
Related
Documentation
Configuring Advanced Properties for ScreenOS Device Details
26
NOTE: When you open a device for viewing or editing, the NSM UI loads the
entire device configuration into memory to enhance UI performance while
configuring the device. When you close a device to which you made changes,
the UI unloads some of the device configuration from the client memory.
Although this memory optimization occurs quickly, you might see the following
message appear: "Optimizing client memory usage for device."
NSM does not support all device configuration settings. You may need to make some
changes to the device directly using a Web UI or CLI. Additionally, some changes can
affect the management connection between the NSM device server and the managed
device.
A security device provides perimeter and boundary protection using data encryption,
authentication, access control, and some attack detection and prevention. Firewalls and
virtual private networks (VPNs) are designed for high speed operation at the Network
Layer.
While firewalls provide protection, there are attacks contained within the allowed traffic
that firewalls are not designed to detect.
NSM also enables you to configure an existing extranet device (that is, a third-party
router). You can do this by creating a script to perform the required actions on the extranet
device.
Add the extranet device in the Device Manager, and then configure the required metadata
in a shared object in the Object Manager under "Extranet Policies." This data may include:
credential information (user/password), IP address, interface list, comments, action
script, and other additional data. When you update the device, the specified script is
invoked. The device update job displays the XML output.
Configuring Advanced Properties for ScreenOS Device Details on page 26
Understanding Device Configurations Running ScreenOS 5.4 FIPS and Later Overview
on page 29
Understanding Templates and Groups on page 32
Configuring Extranet Devices Details (NSM Procedure) on page 30
When a denial-of-service (DoS) attack occurs, the CPU recognizes the attack and drops
the traffic. A DoS attack can cause high CPU utilization and cause the security device to
drop all packets. To prevent high CPU utilization during a DoS attack, the packet dropping
feature was moved to the application-specific integrated circuit (ASIC) in ScreenOS 6.0.
Copyright © 2010, Juniper Networks, Inc.