1. Manuals
  2. Brands
  3. Juniper Manuals
  4. Software
  5. NETWORK AND SECURITY MANAGER NSMXPRESS SERIES II - ...
  6. Quick start manual

Juniper NETWORK AND SECURITY MANAGER NSMXPRESS SERIES II - QUICK START REV1 Quick Start Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
Network and Security Manager
NSMXpress Series II Quick Start
November 17, 2010
Revision 1
Copyright © 2010, Juniper Networks, Inc.
NSMXpress Series II is an appliance version of Network and Security Manager (NSM).
NSMXpress Series II simplifies the complexity of network administration by providing a
single, integrated management interface that controls device parameters.
This robust hardware management system installs in minutes with full high availability
(HA) support, making it easy to scale and deploy. Enterprise customers with limited
resources can benefit significantly from NSMXpress Series II because it eliminates the
need to have dedicated resources for maintaining a network and security management
solution.
NSMXpress Series II makes it easy for administrators to control device configuration,
network settings, and security policy settings for multiple families of Juniper devices
including:
IDP Series Intrusion Detection and Prevention Appliances and Firewall and VPN devices
running ScreenOS
Devices running Junos OS, such as J Series Services Routers, SRX Series Services
Gateways, EX Series Ethernet Switches, M Series Multiservice Edge Routers, and MX
Series Ethernet Services routers
SA Series SSL VPN Appliances
IC Series Unified Access Control Appliances
For a complete list of supported device families and platforms, see the Network and
Security Manager Administration Guide.
Up to 10 administrators can log into NSMXpress Series II concurrently.
This quick start explains the following steps for installing and configuring NSMXpress
Series II and for configuring NSM.
Install the NSMXpress Series II appliance hardware.
1.
Set up the NSMXpress Series II appliance using the serial port.
2.
1

Advertisement

Table of Contents
loading

Related Manuals for Juniper NETWORK AND SECURITY MANAGER NSMXPRESS SERIES II - QUICK START REV1

Summary of Contents for Juniper NETWORK AND SECURITY MANAGER NSMXPRESS SERIES II - QUICK START REV1

  • Page 1 This quick start explains the following steps for installing and configuring NSMXpress Series II and for configuring NSM. Install the NSMXpress Series II appliance hardware. Set up the NSMXpress Series II appliance using the serial port. Copyright © 2010, Juniper Networks, Inc.

  • Page 2: Table Of Contents

    SNMP Trap Configuration ........31 Copyright © 2010, Juniper Networks, Inc.
  • Page 3 Revision History ........... . 56 Copyright © 2010, Juniper Networks, Inc.

  • Page 4: Contents Hardware Installation

    Connections from the NSM GUI Client to NSM 7802 Heartbeat between peers in an HA cluster 7803 Connections from managed IDP devices to NSM 7804 Connections from devices running Junos , Secure Access devices, or Infranet Controller devices Copyright © 2010, Juniper Networks, Inc.

  • Page 5: Installing The Hardware

    Remove the NSMXpress Series II device from the shipping container and place it on a flat surface. Mount NSMXpress Series II in your server rack using the attached mounting brackets. Plug the power cord into the AC receptacle on the rear panel. Copyright © 2010, Juniper Networks, Inc.
  • Page 6 The internal port uses two LEDs to indicate the LAN connection status, which is described in Table 2 on page 7. Hardware installation is now complete. The next step is to set up the software, as described in “Initial Setup Configuration” on page 7. Copyright © 2010, Juniper Networks, Inc.

  • Page 7: Initial Setup Configuration

    After entering these settings, you can continue configuring the appliance using the CLI or the Web interface. You are not prompted for the initial setup information again. Copyright © 2010, Juniper Networks, Inc.

  • Page 8: Boot Nsmxpress Series Ii

    Enter the subnet mask for interface eth0 and press Enter. Enter the default route or default gateway address for interface eth0 and press Enter. Applying changes... Re-loading database ip_tables: (C) 2000 2002 Netfilter core team Copyright © 2010, Juniper Networks, Inc.

  • Page 9: Web Interface Configuration

    Your NSMXpress Series II appliance comes preconfigured as a regional server or a central manager. Most installation and configuration steps in this section are identical for both types of server. All exceptions are noted. Copyright © 2010, Juniper Networks, Inc.

  • Page 10: Configuring Basic Settings

    NSM Central Manager window (see Figure 4 on page 11), as the case may be. NOTE: The “admin” user default username is admin and the password is the one you created in Step 6 of “Boot NSMXpress Series II” on page 8. Copyright © 2010, Juniper Networks, Inc.
  • Page 11 Configuring the NSM Software Figure 3: Regional Server Configuration Main Menu Figure 4: Central Manager Configuration Main Menu Copyright © 2010, Juniper Networks, Inc.

  • Page 12: Configuring High Availability

    See the Network and Security Manager installation Guide for more information about NSM licensing. Click Submit to save any changes, and then click Install to install the software. Configuring High Availability To configure high availability (HA) settings: Copyright © 2010, Juniper Networks, Inc.
  • Page 13 Click Menu next to Shared Disk (see Figure 5 on page 13) to configure a shared disk for regional servers (see Figure 6 on page 14) or for central managers (see Figure 7 on page 14). This step is optional. Copyright © 2010, Juniper Networks, Inc.
  • Page 14 If you configure HA with just one heartbeat link, then device management traffic and data replication traffic both use that link. If you configure two links, device management traffic uses the first link and data replication uses the second. Copyright © 2010, Juniper Networks, Inc.

  • Page 15: Advanced Options

    To display the Advanced Options menu, on the NSM Configuration Main Menu, select Menu next to Advanced Options. The Advanced Options menu appears as shown in Figure 11 on page 15. Figure 11: Advanced Options Menu Advanced installation options include: Copyright © 2010, Juniper Networks, Inc.

  • Page 16: Enabling And Configuring Remote Replication Of The Database

    Backup information is copied to the /var/netscreen/dbbackup directory on the remote server. The “nsm” user must exist on both servers and you must establish an SSH trust relationship. See the Network and Security Manager Installation Guide, for details. Copyright © 2010, Juniper Networks, Inc.

  • Page 17: Enabling And Configuring Srs (Regional Server Only)

    SRS database. SRS DB Owner Name The default value is netscreen. To enter another name, click the radio button next to the blank text box and enter the name in the text box. Copyright © 2010, Juniper Networks, Inc.

  • Page 18: Installing Nsm Software

    Scheduling Security Updates on page 22 Changing the Superuser Password To change the superuser password, select NSM Administration > NSM Super User Password. See Figure 14 on page 18. Figure 14: Change Superuser Password Copyright © 2010, Juniper Networks, Inc.

  • Page 19: Downloading Nsm Mibs (Regional Server Only)

    Exporting Device Logs (Regional Server Only) To export device logs, select NSM Administration > Export Device Logs. See Figure 17 on page 19. This option is not available on the central manager. Figure 17: Export Device Logs Copyright © 2010, Juniper Networks, Inc.

  • Page 20: Generating Reports (Regional Server Only)

    Modifying NSM Configuration Files To manually edit the files, select NSM Administration GuiSrv.cfg DevSvr.dfg HaSvr.cfg > Modify NSM Configuration Files. The example in Figure 19 on page 21, shows the option to modify the file. GuiSvr.cfg Copyright © 2010, Juniper Networks, Inc.

  • Page 21: Backing Up The Nsm Database

    Backing Up the NSM Database To configure backups of the NSM database, select NSM Administration > NSM Database Backup link under NSM Administration. See Figure 20 on page 22. Copyright © 2010, Juniper Networks, Inc.

  • Page 22: Changing The Nsm Management Ip

    > NSM Management IP link under NSM Administration. See Figure 21 on page 22. Figure 21: Change Management IP Scheduling Security Updates To schedule security updates, select NSM Administration > Schedule Security Updates. See Figure 22 on page 23. Copyright © 2010, Juniper Networks, Inc.

  • Page 23: Managing System Administration

    To reboot or shut down NSMXpress Series II, select System Administration > Bootup and Shutdown, and then click either Reboot System or Shutdown System. See Figure 23 on page 23. Figure 23: ReBoot or Shut Down Copyright © 2010, Juniper Networks, Inc.

  • Page 24: Changing The User Password

    Routing and Gateways on page 25 Hostname and DNS Clients on page 25 Host Addresses on page 26 Network Interfaces Use this option to manage the network interfaces. See Figure 26 on page 25. Copyright © 2010, Juniper Networks, Inc.

  • Page 25: Routing And Gateways

    Use this option to configure and manage routes and gateways. See Figure 27 on page 25. Figure 27: Routes and Gateways Hostname and DNS Clients Use this option to configure and manage hostnames and DNS clients. See Figure 28 on page 26. Copyright © 2010, Juniper Networks, Inc.

  • Page 26: Host Addresses

    NSMXpress:ATTRIBUTE Juniper-Nsmxpress-Profile Juniper-VSA(6, string) r . You will also need to add NSMXpress Series II users with their associated user profiles (SysAdmin, NSMAdmin, Operator, Guest), to the RADIUS database. For more details see Steel-Belted Radius Documentation. Copyright © 2010, Juniper Networks, Inc.

  • Page 27: Adding A Radius Server

    : The name of the user to be authenticated by the RADIUS server. Name : The IP address or the hostname of the RADIUS Server. Server address : The shared secret NSMXpress Series II and the RADIUS server use Shared secret for secure authentication. Copyright © 2010, Juniper Networks, Inc.

  • Page 28: Changing The Priority Of Radius Servers

    RADIUS Servers that have been added. Click the name of the server whose properties you want to edit. The Edit RADIUS Server dialog box appears. See Figure 32 on page 29. Copyright © 2010, Juniper Networks, Inc.

  • Page 29: Monitoring With Snmp

    SNMP System Information on page 30 SNMP Trap Configuration on page 31 SNMP Configuration To configure SNMP: Select System Administration > SNMP Monitoring. Select the SNMP Config tab, which is shown in Figure 33 on page 30. Copyright © 2010, Juniper Networks, Inc.

  • Page 30: Snmp System Information

    Select the System Info tab, which is shown in Figure 34 on page 30. Figure 34: Configuring SNMP System Information Enter the following information, which is required for any SNMP-managed device: Contact—Contact information for the appliance. Location—Location of the appliance. Copyright © 2010, Juniper Networks, Inc.

  • Page 31: Snmp Trap Configuration

    Enter the percentage of free memory below which SNMP issues a trap. CPU high Enter the percentage of CPU use over which SNMP issues a trap. NSM start/stop Admin Logon/Logoff External IP unreachable Enter the IP address of the required device. Click Save. Copyright © 2010, Juniper Networks, Inc.

  • Page 32: Forwarding Syslog Messages

    To view the syslog receivers configured on your NSMXpress Series II appliance, follow these steps: Select System Administration > Syslog Forwarding. The Syslog Forwarding window appears. Figure 36 on page 34 shows an example. Copyright © 2010, Juniper Networks, Inc.

  • Page 33: Adding And Configuring Syslog Receivers

    Server log, and HA Server log. The syslog facility is a field included in the syslog message to help identify the data source. Click Save. Click Add new Receiver. The syslog receiver configuration window appears as shown in Figure 36 on page 34. Copyright © 2010, Juniper Networks, Inc.
  • Page 34 In the IP field, Enter the IP address of the syslog receiver. In the Transport field, select the type of syslog receiver: Select UDP for basic syslog implementations. Select TCP for rsyslog or syslog-NG implementations. Copyright © 2010, Juniper Networks, Inc.

  • Page 35: Editing Syslog Receiver Configurations

    Configure an NTP server to synchronize the system time with an external clock. Installing Updates Select System Administration > System Update to perform the following tasks: Check for updates and install them. Enable or disable automatic updates. Copyright © 2010, Juniper Networks, Inc.

  • Page 36: Managing Users

    NSMXpress users. See Figure 37 on page 36. Figure 37: NSMXpress Users Dialog Box Click The Create NSMXpress user dialog box appears. Create a new NSMXpress User. See Figure 38 on page 37. Copyright © 2010, Juniper Networks, Inc.
  • Page 37 Enter a user name in the text box. Username Select from the password drop-down list and enter the password you want to Set to set in the password text box. Reenter the password in the text box. Confirm Password Copyright © 2010, Juniper Networks, Inc.

  • Page 38: Deleting A User

    When a user logs in, NSMXpress Series II modules are displayed or hidden based on the user profile and the permissions associated with the profile. For more details about user profiles and permissions, see Table 5 on page 39. Copyright © 2010, Juniper Networks, Inc.
  • Page 39 Change NSM Super User Password Download NSM MIBs Export Audit Logs Export Device Logs Generate Reports NSM Configuration Files NSM Database Backup NSM Management IP Schedule Security Updates Maintenance System Statistics Troubleshooting Action Audit Logs Copyright © 2010, Juniper Networks, Inc.

  • Page 40: Configuring The Web Interface

    Upgrading the Recovery Partition on page 42 Viewing System Statistics To view system statistics, select System Administration > Maintenance > System Statistics. The system Statistics window appears as shown in Figure 41 on page 41. Copyright © 2010, Juniper Networks, Inc.

  • Page 41: Cpu

    Select Disk to view graphs that monitor the file system disk space usage hourly, daily, weekly, and monthly. Tile All Graphs Select Tile all graphs to display all the statistical graphs for the system in one window. Copyright © 2010, Juniper Networks, Inc.

  • Page 42: Upgrading The Recovery Partition

    One set makes up the NSMXpress Series II OS, the other a set of upgrade script packages. Both sets are usually retained in the local file system. The NSMXpress Series II OS set can also be downloaded form the Juniper Networks software repository.

  • Page 43: Troubleshooting

    Troubleshooting > Action Audit Logs . The NSMXpress Actions Log dialog box appears. See Figure 42 on page 43. Figure 42: NSMXpress Actions Dialog Box Select the Action Audit Logs that you want to view: Copyright © 2010, Juniper Networks, Inc.

  • Page 44: Error Logs

    . The Search Results dialog box appears with the result of your query. See Search Figure 43 on page 44. Figure 43: Search Results Dialog Box Error Logs To review error logs, select Troubleshooting > Error Logs. Figure 44 on page 45 shows an example, Copyright © 2010, Juniper Networks, Inc.

  • Page 45: Network Utilities

    SeeFigure 46 on page 45. Figure 46: Network Utilities Options Ping Ping is a tool for checking network connectivity. NSMXpress prompts with questions so you can focus your search. Figure 47 on page 46 shows an example. Copyright © 2010, Juniper Networks, Inc.

  • Page 46: Traceroute

    Traceroute Traceroute is a tool to print the route a packet takes to a network host. See Figure 48 on page 47. Copyright © 2010, Juniper Networks, Inc.

  • Page 47: Lookup

    (See Figure 50 on page 48) When you calculate a netmask by the number of hosts, NSMXpress returns the smallest network available. Copyright © 2010, Juniper Networks, Inc.

  • Page 48: Tech Support

    > Tech Support. To help analyze problems, select a detail type in the drop-down list box, and then click Run Tech-Support Script. NSMXpress creates a file you can download and send to Juniper Networks technical support. See Figure 51 on page 48. Figure 51: Juniper Tech Support...

  • Page 49: Rack-Mounting The Nsmxpress Series Ii Appliance

    Front-Mounting Flush to Rack To mount the appliance using this option: Attach the chassis to the equipment rack using 4 rack-mount screws on each side of the system. See Figure 53 on page 50. Copyright © 2010, Juniper Networks, Inc.

  • Page 50: Front-Mounting Recessed In Rack

    Verify that the mounting screws on one side of the rack are aligned with the mounting screws on the opposite side and that the appliance is level. Figure 54: Front-Mounting recessed in rack Copyright © 2010, Juniper Networks, Inc.

  • Page 51: Front-Rear-Mounting Flush To Rack

    Remove the rear screws on each side of the system’s front rails and the two small screws towards the front of the chassis. Tighten the side rail screws. Insert the two small screws in the recessed holes on the front rails and tighten. Copyright © 2010, Juniper Networks, Inc.

  • Page 52: Mid-Mount In Two Post Equipment Rack

    See Figure 57 on page 53. Verify that the mounting screws on one side of the rack are aligned with the mounting screws on the opposite side and that the appliance is level. Copyright © 2010, Juniper Networks, Inc.

  • Page 53: List Of Technical Publications

    Describes NSM features related to device configuration and Manager Configuring management. It also explains how to configure basic and advanced ScreenOS and IDP Devices NSM functionality, including deploying new device configurations, Guide managing security policies and VPNs, and general device administration. Copyright © 2010, Juniper Networks, Inc.

  • Page 54: Requesting Technical Support

    Series Devices Guide Requesting Technical Support Technical product support is available through the Juniper Networks Technical Assistance Center (JTAC). If you are a customer with an active J-Care or JNASC support contract, or are covered under warranty, and need post-sales technical support, you can access our tools and resources online or open a case with JTAC.

  • Page 55: Self-Help Online Tools And Resources

    7 days a week, 365 days a year. Self-Help Online Tools and Resources For quick and easy problem resolution, Juniper Networks has designed an online self-service portal called the Customer Support Center (CSC) that provides you with the following features: Find CSC offerings: http://www.juniper.net/customers/support/...

  • Page 56: Revision History

    Products made or sold by Juniper Networks or components thereof might be covered by one or more of the following patents that are owned by or licensed to Juniper Networks: U.S. Patent Nos. 5,473,599, 5,905,725, 5,909,440, 6,192,051, 6,333,650, 6,359,479, 6,406,312, 6,429,706, 6,459,579, 6,493,347, 6,538,518, 6,538,899, 6,552,918, 6,567,902, 6,578,186, and 6,590,785.

This manual is also suitable for:

Network and security manager nsmxpress series ii

Table of Contents