Sign In
Upload
Manuals
Brands
Juniper Manuals
Software
NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1
Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1 Manuals
Manuals and User Guides for Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1. We have
1
Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1 manual available for free PDF download: Administration Manual
Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1 Administration Manual (1000 pages)
Brand:
Juniper
| Category:
Software
| Size: 13.05 MB
Table of Contents
Table of Contents
7
About this Guide
45
Audience
45
Objectives
45
Conventions
46
Table 1: Notice Icons
46
Table 2: Text Conventions
46
About this Guide
47
Documentation
47
Table 3: Syntax Conventions
47
Table 4: Network and Security Manager Publications
47
Requesting Technical Support
49
Self-Help Online Tools and Resources
49
Opening a Case with JTAC
50
Getting Started with NSM
51
Chapter 1 Introduction to Network and Security Manager
53
About NSM
53
Security Integration
54
Device Configuration
54
Network Organization
54
Role-Based Administration
54
Centralized Device Configuration
55
Introduction to Network and Security Manager
55
Device Management
56
Device Modeling
56
Importing Devices
56
Policy-Based Management
56
Rapid Deployment
56
Error Prevention, Recovery, and Auditing
57
Atomic Configuration and Updating
57
Device Configuration Validation
57
Introduction to Network and Security Manager
57
Policy Validation
57
Auditing
58
Device Image Updates
58
Complete System Management
58
VPN Abstraction
58
Integrated Logging and Reporting
59
Job Management
59
Monitoring Status
59
Technical Overview
60
Architecture
60
Figure 1: NSM Network Architecture
60
Figure 2: NSM System Architecture
61
Management System
61
User Interface
61
Table 5: GUI Server Processes
62
Managed Devices
63
Firewall and IDP (Screenos/Idp) Devices
63
Table 6: Device Server Processes
63
Table 7: Supported Security Devices
63
Devices Running JUNOS Software
66
Table 8: J Series Services Routers and SRX Series Services Gateways NSM Supports
67
Table 9: M Series Multiservice Edge Routers and MX Series Ethernet Services Routers NSM Supports
68
Table 10: EX Series Ethernet Switches NSM Supports
69
SSL VPN Secure Access Products
70
Table 11: Secure Access Products NSM Supports
70
Extranet Devices
71
Juniper Networks IC Series Unified Access Control Appliances
71
Distributed Data Collection
71
Table 12: IC Series UAC Appliances NSM Supports
71
Device Schemas
72
Security
72
Scaling and Performance
72
Working in the User Interface
73
Characters Not Supported in Login Passwords
73
Managing Blocked Login Attempts
73
Configuring UI Preferences
73
UI Overview
73
Common Tasks Pane
74
Figure 3: Overview of the User Interface
74
Navigation Tree
74
Main Display Area
75
Menu Bar
75
Status Bar
75
Toolbar
75
NSM Modules
75
Investigate Modules
75
Configure Modules
77
Administer Modules
81
Validation Icons in the User Interface
81
Table 13: Validation Status for Devices
81
Validation and Data Origination Icons
82
Table 14: Validation Icons
82
Working with Other NSM Administrators
83
Searching in the User Interface
83
Contains String [C] Search Mode
84
Figure 4: UI Search Modes
84
Figure 5: "Contains String" Search Mode Example
84
Starts with [S] Search Mode
84
Figure 6: "Starts With" Search Mode Example
85
Figure 7: "Regular Expression" Search Mode Details
85
Regular Expression [R] Search Mode
85
Figure 8: "Regular Expression" Search Mode Example
86
IP [I] Search Mode
86
Figure 9: "IP Address" Search Mode Example
87
Search for an Exact Match (E)
87
Global Search
88
Figure 10: Exact String Search Mode Example
88
New Features in 2010.2
89
Chapter 2 Planning Your Virtual Network
91
Configuring Devices Overview
91
Importing Existing Devices
92
Modeling New Devices
93
Planning Your Virtual Network
93
Editing a Device Configuration
94
Configuring IDP-Capable Devices Overview
95
Common Criteria EAL2 Compliance
95
Guidance for Intended Usage
95
Guidance for Personnel
95
Guidance for Physical Protection
95
Supported IDP-Capable Devices
95
Enabling Jumbo Frames (ISG1000 Only)
96
Enabling IDP Functionality
97
Installing Advanced License Keys
97
Module
97
Updating Attack Objects
97
Adding Objects (Optional)
98
Configuring a Security Policy for IDP
98
Reviewing IDP Logs
103
Maintaining IDP
104
Creating IDP-Only Administrators
104
Simplifying Management
104
Using Device Groups
105
Using Configuration Groups
105
Using Device Templates
105
Merging Policies
106
Using a Naming Convention
106
Example: Using a Naming Convention for Address Objects
106
Example: Using a Naming Convention for Devices
106
Creating an Information Banner
107
Adding an Information Banner
107
Figure 11: Selecting the GUI Server in Central Manager
108
Figure 12: Setting up an Information Banner
109
Figure 13: Information Banner Login into Central Manager
109
Modifying an Information Banner
110
Deleting an Information Banner
110
Chapter 3 Configuring Role-Based Administration
111
Domains
111
About Roles
112
Enterprise Organizations
113
Administrator Types
114
Service Providers
115
Internal Network
115
Managed Security Service Provider (MSSP)
115
Configuring Role-Based Administration
116
Creating Administrators
117
Configuring Authorization
117
Configuring General Settings
117
RADIUS Authentication and Authorization
118
Table 15: How to Authenticate Users
118
Figure 14: Creating Custom Domain
120
Figure 15: User in Domain "Global" with a Predefined Role
121
Figure 16: User in Domain "Global" with Custom Role "R1
121
Figure 17: User in Subdomain "D1" with a Predefined Role
122
Figure 18: User in Subdomain "D1" with a Custom Role "R1
122
Figure 19: Assigning Multiple Roles to a User in Global Domain
122
Figure 20: Assigning Multiple Roles to a User in Subdomain
123
Figure 21: Assigning Roles Defined in Domain "Global
123
Figure 22: Assigning Roles Defined in Domain "Global" to Subdomain Only
123
Configuring Roles
124
Creating Custom Roles
124
Table 16: Predefined NSM Administrator Activities
125
Permissions Changes in Release 2008.1
136
Roles and Permissions
136
Table 17: Changes to Edit Devices, Device Groups, & Templates Activity
137
Assigning and Viewing Custom Roles
138
Configuring a User Activity in a Custom Role
138
Table 18: Changes to View Devices, Device Groups, & Templates Role
138
Forcing an Administrator to Log out
139
Viewing Logged Administrators
139
Creating Subdomains
140
Viewing Current Domain Detail
140
Example: Configuring Role-Based Administration
141
Step 1: Create the Subdomains
141
Step 2: Create the Subdomain Administrator
141
Step 3: Create the Viewing and Reporting Administrator
142
Figure 23: Manage Administrators and Domains: Administrators Tab
143
Step 4: Verify Administrator Accounts
143
Chapter 4 Adding Devices
147
About Device Creation
148
Adding Devices
149
Determine Device Status
149
Managing the Device
150
Verifying Device Configuration
150
Before You Begin Adding Devices
150
Importing Versus Modeling
151
Importing Device Configurations
151
Modeling Device Configurations
151
Device Add Process
152
Selecting the Domain
152
Figure 24: Connecting Devices from Different Domains in Vpns
153
Adding Single or Multiple Devices
153
Specifying the os and Version
154
Determining Port Mode (Screenos Devices Only)
154
Figure 25: Trust-Untrust Port Mode Bindings
155
Figure 26: Home-Work Port Mode Bindings
155
Combined Port Mode
156
Figure 27: Dual-Untrust Port Mode Bindings
156
Figure 28: Combined Port Mode Bindings
157
Trust-Untrust-DMZ Port Mode
157
Figure 29: Trust-Untrust-DMZ Port Mode Bindings
158
Figure 30: Extended Port-Mode Interface to Zone Bindings
158
Table 19: Extended Bindings
158
Figure 31: DMZ Dual Untrust Port Mode
159
Table 20: Security Device Port Mode Summary (Part 1)
160
Table 21: Security Device Port Mode Summary (Part 2)
160
Changing the Port Mode
161
Table 22: Supported Add Device Workflows by Device Family
161
Importing Devices
162
Requirements
163
Adding and Importing Devices with Static IP Addresses
163
Screenos Devices
163
IDP Sensors
165
JUNOS Devices
166
SA and IC Devices
167
Adding Devices with Dynamic IP Addresses
168
IDP Sensors
170
Device
171
Adding and Importing a JUNOS Device with a Dynamic IP Address
174
Verifying Imported Device Configurations
177
Using Device Manager
178
Using Configuration Summaries
179
Modeling Devices
180
Modeling a Device
180
Requirements
180
Creating a Device Configuration
181
Activating a Device
182
Devices with Static IP Addresses
182
Devices with Dynamic IP Addresses
185
Using Rapid Deployment (Screenos Only)
188
Creating the Configlet
190
Installing the Configlet
193
Preparing the Device
193
Updating the Device Configuration
195
Delta Option
195
Summarize Delta Configuration
195
But Has no Admin Privileges
196
Fails
196
Option
196
Adding Vsys Devices
196
Figure 32: Connecting Vsys Devices Across Domains
197
Importing Vsys Devices
197
Placing the Root Device in a Global Domain or a Subdomain
197
Modeling Vsys Devices
198
Adding L2V Root Systems
200
Adding an Extranet Device
200
Adding Clusters
201
Adding a Cluster Device Object
201
Adding Members to the Cluster
202
Adding Screenos or IDP Clusters
202
Adding Secure Access or Infranet Controller Clusters
202
Through Reachable Workflow
204
Through Unreachable Workflow
204
Adding Clusters of Routers Running JUNOS Software
205
Adding and Importing a JUNOS Cluster
206
Activating and Updating a Modeled JUNOS Cluster
207
Adding a JUNOS Cluster with Modeled Cluster Members
207
Figure 33: Adding a Secure Access Cluster
208
Example: Adding and Importing a Cluster
208
Adding the Cluster
208
Adding the Cluster Members
209
Adding the Cluster
210
Figure 34: Adding a J Series Cluster
210
Importing the Cluster Configuration
210
Figure 35: Adding the First Member to a J Series Cluster
211
Modeling the Cluster Members
211
Activating the Cluster Members
212
Figure 36: Adding the Second Member to a J Series Cluster
212
Figure 37: Cluster Member Icons
212
Updating the Cluster
214
Adding a Vsys Cluster and Vsys Cluster Members
214
Example: Adding a Vsys Cluster
214
Figure 38: Configuring Cluster Members for Paris Vsys Cluster
215
Figure 39: Paris Cluster Members and Paris Vsys Cluster Members
216
Adding a Device Discovery Rule
217
Running a Device Discovery Rule
218
Adding Many Devices Using CSV Files
218
Creating the CSV File
219
Devices with Static IP Addresses
219
Device with Dynamic IP Addresses
220
Table 23: CSV File Information for Devices with Static IP Addresses
220
Table 24: CSV File Information for Devices with Dynamic IP Addresses
221
Table 25: CSV File Information for Undeployed Devices
223
Validating the CSV File
225
Importing Many Devices
225
Adding and Importing Many Devices with Dynamic IP Addresses
226
Adding and Importing Many Devices with Static IP Addresses
226
Modeling Many Devices
227
Using Rapid Deployment
227
Modeling and Activating Many Devices with Configlets
228
Activating Many Devices with Configlets
229
Adding Device Groups
229
Example: Creating a Device Group
230
Setting up NSM to Work with Infranet Controller and Infranet Enforcer
231
Avoiding Naming Conflicts of the Authorization Server Object
231
Avoiding NACN Password Conflicts
233
Chapter 5 Configuring Devices
235
About Device Configuration
236
About Configuring Device Families
236
Objects
236
Configuring Devices
237
Configuration Features
237
About Device Templates
237
About the Device Editor
237
About Configuration Groups
238
Editing Devices Using the Device Editor
238
Figure 40: Device Info and Configuration Tabs
239
Figure 41: Screenos and IDP Device Configuration Information
240
Validation and Data Origination Icons
240
Configuring Device Features
241
Configuring Screenos/Idp Device Features
242
Figure 42: Screenos Device Object Configuration Data
242
Configuring Secure Access or Infranet Controller Device Features
244
Figure 43: Secure Access Device Object
244
Configuring JUNOS Device Features
245
Table 26: Validation Icons
241
Updating the Configuration on the Device
246
Using Device Templates
246
Modifying Values in Templates
247
Example: Creating and Applying a Device Template for DNS Settings
248
Applying the Template
249
Figure 44: Example of Setting Values in a Template
249
Figure 45: Applying a Template
250
Templates and Importing Devices
250
Promoting a Device Configuration to a Template
250
Figure 46: Template Override Icon
251
Figure 47: Revert to a Template or Default Value
251
Changing Values Inherited from Templates
251
Reverting a Configuration to Default Values of a Template
252
Templates and Validation
252
Applying Multiple Templates
252
Example: Using Multiple Device Templates
253
Figure 48: View Denial of Service Defense Values from Dos Template
254
Figure 49: Configure Dos Defense Settings for the Dos2 Template
255
Figure 50: View Template Priority (Dos Highest)
256
Figure 51: View Values from Dos and Dos2 Templates
256
Figure 52: View Dos2 Value for Source IP Based Session Limit
257
Figure 53: View Dos Value for SYN-ACK-ACK Proxy Protection Setting
257
Figure 54: View Default SYN-ACK-ACK Proxy Protection Setting
257
Template Limitations
257
Maximum of 63 Templates
257
Default Values
258
Device Groups
258
List Key Fields
258
Predefined Device Data
258
Figure 55: up and down Arrows for Changing the Sequence of a List
259
Specifying the Order of List Entries
259
Combining Template Data with Device Object Data
260
Operations that Change the Sequence of Ordered Lists
260
Order
260
Examples of Reordered Lists
261
Rules for Reordering Lists
261
Configuration Group Order
264
Figure 56: Identifying Ordered List Entries that Do Not Match the Template
265
Using the Template Operations Directive
265
Figure 57: Template Operations Directive
266
Select Devices Section
266
Select os Name Section
266
Select Template Section
266
Figure 58: Select Template Dialog Box
267
Options Section
267
Template Operation Section
267
Template Operations Box Recommended Workflow
268
Figure 59: Template Operations Job Information Dialog Box
269
Removing Templates with the Template Operations Directive
269
Exporting and Importing Device Templates
270
Exporting a Device Template
270
Importing a Device Template
270
Using Configuration Groups
271
Creating and Editing Configuration Groups
272
Creating a Configuration Group
272
Editing a Configuration Group
273
Figure 60: Adding a Configuration Group
273
Ordered Lists and Wildcard Matching
274
Validating a Configuration Group
274
Applying a Configuration Group
274
Figure 61: Applying a Configuration Group
275
Figure 62: Configuration Group Applied
275
Excluding a Configuration Group
275
Figure 63: Excluding a Configuration Group
276
Editing a Device Object that Uses Configuration Groups
276
Deleting a Configuration Group
277
Adding Ordered List Entries Using Configuration Groups
277
Reordering Lists
277
Using Configuration Groups with Templates
278
Sharing Configuration Group Definitions Across Multiple Devices
278
Configuring Clusters
282
Configuring Cluster Objects Directly by Editing the Configuration
282
Configuring Cluster Objects Using Templates
282
Configuring Member-Level Data in a JUNOS Cluster
283
Configuring JUNOS Devices with Redundant Routing Engines
284
Configuring a Routing Engine
284
Figure 64: Configuring Routing Engine Specific Parameters
285
Viewing a Routing Engine Configuration
285
Figure 65: Viewing the Routing Engine Configuration
286
Overview of VRRP Support in NSM
286
Platforms on Which NSM Supports VRRP
287
Activating VRRP on a Device Interface
287
Defining a VSI as a VRRP Interface
287
Managing Configuration Files
288
Viewing and Comparing Configuration File Versions
288
Updating the Device with a Configuration File Version
288
Importing or Viewing the Current Version of the Configuration File
288
Automatic Import of Configuration Files
289
Chapter 6 Updating Devices
291
About Updating
291
How the Update Process Works
292
Updating Devices
293
Devices
295
Knowing When to Update
296
Verifying Device Status in Device Monitor
297
Configuration Status
297
Connection Status
297
Verifying Device Status in Device Manager
299
Reviewing Logs
299
Identifying Administrative Changes
300
Reviewing Reports
300
Using Preview Tools
300
Running a Configuration Summary
301
Using a Delta Configuration Summary
301
Table 28: Delta Configuration Summary Information
302
Figure 66: Delta Configuration Summary Example
303
Performing an Update
304
Retrying a Failed Update
305
Configuring Update Options
305
Update Options for DMI-Compatible Devices
306
Tracking Device Updates
306
Figure 67: Job Manager Module
307
Figure 68: Job Information Dialog Box
308
Reviewing Job Information
308
Table 29: Device States During Update
309
Understanding Updating Errors
310
Figure 69: Failed Update Job Dialog Box
311
Chapter 7 Managing Devices
313
Managing Device Software Versions
314
Upgrading the Device Software Version
314
Managing Devices
315
Upgrading a Device Software Version from NSM
316
Upgrading a Device Software Version Outside NSM
316
Adjusting the Device os Version
317
Downgrading the Device os Version
317
Rolling Back the Device os Version
317
Deleting the Device os Version
318
Upgrading Device Support
318
Managing License Keys (Screenos Only)
318
Installing License Keys on a Device
319
Importing License Key Information into NSM
319
Installing Trial License Keys
319
Viewing and Reconciling Device Inventory
320
Viewing the Device Inventory
320
Figure 70: Viewing the Device Inventory
321
Comparing and Reconciling Device Inventory
321
Figure 71: Comparing the Device Inventory with the NSM Database
322
Uploading and Linking Large Binary Data Files
324
Figure 72: Adding a Shared Binary Data Object
325
Figure 73: Linking to a Shared Binary Data Object
326
Importing Custom Sign-In Pages
326
Creating a Custom Sign-In Page
327
Linking to a Custom Sign-In Page Shared Object
327
Importing Antivirus Live Update Settings
327
Linking to a Live Update File Shared Object
328
Importing Endpoint Security Assessment Plug-In (ESAP) Packages
328
Uploading ESAP Packages
328
Linking to an ESAP Package Shared Object
329
Importing Third-Party Host Checker Policies
329
Uploading a Third-Party Host Checker Policy
329
Linking to a Third-Party Host Checker Policy Shared Object
330
Uploading a Secure Virtual Workspace Wallpaper Image
330
Importing Hosted Java Applets (Secure Access Devices Only)
331
Linking to a Hosted Java Applet Shared Object
331
Uploading a Java Applet
331
Importing a Custom Citrix Client .Cab File (Secure Access Devices Only)
332
Linking to a Custom Citrix .Cab File Shared Object
332
Uploading a Custom Citrix Client .Cab File
332
Backing up and Restoring SA and IC Devices
332
Backing up an SA or IC Device
333
Restoring SA or IC Devices
333
Backing up Multiple SA or IC Devices
333
Configuring Preferences for Backing up and Restoring SA or IC Devices
333
Viewing Backed up Versions for an SA or IC Device
334
Setting the RMA State on an SA/IC Device
334
Activating an SA/IC Device Set to the RMA State
335
Performing a Full Restore of an SA or IC Device
336
Managing User Sessions for SA and IC Devices
336
Activating Subscription Services
337
Managing the Attack Object Database
337
Updating the Attack Object Database
338
Updating Attack Objects for IDP-Enabled Devices
338
Updating DI Attacks on Screenos 5.0 Devices
340
Using Updated Attack Objects
341
Verifying the Attack Object Database Version
341
Automatic Verification
341
Managing Different Attack Database Versions
342
Manual Verification
342
Versions
343
Updating the IDP Detector Engine
343
Figure 74: Attack Update Summary
344
Example: Confirm IDP Engine Version
344
Scheduling Security Updates
344
Table 30: Scheduled Security Update (SSU) Command Line Parameters
345
Example: Update Attack Objects and Push to Connected Devices
346
Scheduling the Update
346
Example: Using Crontab to Schedule Attack Updates
347
Viewing Scheduled Security Updates in the Audit Log Viewer
348
Viewing Scheduled Security Updates in the Job Manager
348
Updating AV Pattern Files
348
Updating the Web Category List
348
Miscellaneous Device Operations
349
Launching a Telnet CLI Window
350
Launching a Web UI for a Device
350
Rebooting Devices
350
Refreshing DNS Entries
351
Updating the Device Clock with an NTP Server
351
Setting the Root Administrator on a Device
352
Failing over or Reverting Interfaces
353
Setting the RMA State on a Device
353
Troubleshooting a BGP Peer Session on a Device
354
Upgrading the os Version During an RMA-Activate Device Workflow
354
Finding Usages
355
Reactivating Wireless Connections
355
Managing Screenos Device Capabilities
355
Abstract Data Model
356
Data Model Schema
356
Data Model Updating
357
Figure 76: Data Model Update
358
Data Model Importing
359
Figure 77: Data Model Importing
360
Figure 75: Import/Update Architecture
356
Archiving and Restoring
361
Archiving Logs and Configuration Data
361
Restoring Logs and Configuration Data
362
Managing Device Schemas through the Juniper Update Mechanism
362
Downloading Schemas
363
Downloading Schemas Using the GUI Server CLI
364
Downloading Schemas Using the NSM UI
364
Applying a Schema
365
Chapter 8 Configuring Objects
369
About Objects
370
Configuring Objects
371
Replacing Objects
372
Using Objects Across Domains
372
Working with Object Versions
373
Working with Unused Shared Objects
373
Deleting an Unused Shared Object
373
Searching for Unused Shared Objects
373
Configuring Address Objects
374
Searching for and Deleting Duplicate Objects
374
Creating Address Objects
375
Adding an Address Object Group
377
Editing and Deleting Address Objects
377
Replacing Address Objects
377
Adding a Multicast Group Address Object
378
Adding Static DNS Host Addresses
379
Table 31: Application Table Tab Information
380
Viewing Address Objects
375
Blocked Hosts
380
Configuring Application Objects
380
Viewing Predefined Application Objects
380
Creating Custom Application Objects
381
Editing and Deleting Application Objects
381
Configuring Schedule Objects
382
Creating Schedule Objects
382
Configuring Access Profile Objects
382
Configuring Quality of Service Profiles
383
Creating a Quality of Service Profile
383
Deleting a Quality of Service Profile
384
Editing a Quality of Service Profile
384
Working with DI Attack Objects
385
Viewing Predefined DI Attack Objects
385
Viewing Attack Version Information for Attack Objects
385
Viewing Predefined DI Attack Object Groups
386
Updating Predefined DI Attack Objects and Groups
386
Creating DI Profiles
386
Table 32: Deep Inspection Profile Actions
387
Table 33: Deep Inspection IP Actions
388
Working with IDP Attack Objects
388
Viewing Predefined IDP Attacks
389
Viewing Predefined IDP Attack Groups
389
Viewing Attack Version Information for Attack Objects and Groups
390
Updating Predefined IDP Attack Objects and Groups
390
Configuring Custom DI and IDP Attack Objects
390
Using the Attack Object Wizard
391
Objects
391
Configuring Attack Name and Description
392
Configuring Extended Information
393
Configuring External References
393
Configuring Target Platforms
394
Creating a Signature Attack Object
395
Configuring General Attack Properties
395
Table 34: IP Protocol Name and Type Numbers
396
Table 35: Supported Services for Service Bindings
397
Configuring Attack Detection Properties
399
Table 36: Attack Pattern Syntax
400
Table 37: Attack Pattern Syntax Example Matches
400
Configuring Header Match Properties
402
Table 38: DI Attack Header Match Modifiers
403
Configuring a Protocol Anomaly Attack Object
405
Configuring a Compound Attack Object
406
Configuring General Attack Properties
406
Configuring Compound Attack Members
407
Configuring the Direction Filter
409
Creating Custom DI Attack Groups
409
Creating Custom IDP Attack Groups
409
Creating Static Attack Groups
410
Creating Dynamic Attack Groups (IDP Only)
410
Figure 78: New Dynamic Group
412
Figure 79: New Dynamic Group Members
413
Updating Dynamic Groups
413
Editing a Custom Attack Group
414
Deleting a Custom Attack Group
414
Unified Threat Management
414
Creating UTM Profiles
414
Creating an Antivirus Profile
415
Creating an Antispam Profile
416
Creating a Content Filtering Profile
416
Creating a URL Filtering Profile
417
Miscellaneous UTM Features
418
Multipurpose Internet Mail Extension (MIME) Lists
418
Command Lists
419
Extension Lists
419
URL Patterns
419
URL Categories
420
Configuring External AV Profiles
421
Configuring Internal AV Profiles
422
Configuring ICAP AV Servers and Profiles
423
Configuring ICAP AV Profiles
424
Configuring Web Filtering Objects
425
Configuring Custom Policy Fields
426
Defining Metadata
427
Instantiating New Objects
427
Adding Custom Detail Object to Rules
427
Open Log Viewer
428
Configuring GTP Objects
428
Configuring Info
428
Limiting GTP Message Length
428
Limiting GTP Message Rate
429
Limiting GTP Tunnels
429
Removing Inactive GTP Tunnels
429
Validating Sequence Numbers
429
Filtering GTP-In-GTP Packets
430
Inspecting Tunnel Endpoint Ids
430
Removing GTP R6 Informational Elements
430
Configuring Traffic Logging and Counting
430
Traffic Counting
430
Traffic Logging
430
Configuring IMSI Prefix and APN Filtering
431
Creating an APN Filter
431
Creating an IMSI Prefix Filter
432
Configuring GTP Message Filtering
433
Configuring Subscriber Tracing (Lawful Interception)
433
Example: Creating a GTP Object
433
Configuring Service Objects
434
Viewing Predefined Services
434
Table 39: Service Table Tab Information
435
Creating Custom Services
436
Service Object Groups
437
Example: Creating a Custom Service and Group
438
Example: Creating a Custom Sun-RPC Service
439
Example: Creating a Custom MS-RPC Service
440
Editing and Deleting Service Objects
441
Replacing Service Objects
441
Configuring SCTP Objects
442
Configuring an SCTP Object
442
Configuring Authentication Servers
442
Configuring General Authentication Server Settings
443
Configuring Authentication Server Redundancy
443
Configuring Authentication for User Types
444
Domain Name Stripping
444
Configuring Authentication Server Types
445
Configuring a RADIUS Authentication Server
445
Configuring a Securid Authentication Server
448
Configuring a TACACS Authentication Server
450
Configuring an LDAP Authentication Server
450
Configuring User Objects
451
Configuring Local Users
451
Configuring Local User Groups
452
Configuring External Users
452
Configuring External User Groups
452
Configuring VLAN Objects
455
Configuring IP Pools
455
Using Multiple IP Ranges
456
Configuring Group Expressions
456
Table 40: Group Expression Operators
457
Figure 80: Configure External User Groups for Sales and Marketing
459
Figure 81: Configure Group Expression for Sales and Marketing
459
Configuring Remote Settings
459
Configuring Routing Instance Objects
460
Viewing Routing Instance Objects
460
Creating Routing Instance Objects
460
Configuring NAT Objects
461
Configuring DIP Objects
461
Configuring MIP Objects
462
Configuring VIP Objects
462
Configuring Certificate Authorities
462
Using Certificate Authorities
463
Configuring Certificate Authorities
463
Configuring CRL Objects
465
Using Crls
465
Configuring Crls
465
Configuring Extranet Policies
465
Configuring Binary Data Objects
466
Adding Binary Data Objects
467
Viewing, Editing, and Deleting Binary Data Objects
467
Configuring Protected Resources
467
Creating Protected Resources
468
Editing Protected Resources
468
Configuring IKE Proposals
469
Creating Custom IKE Phase1 Proposals
469
Creating Custom IKE Phase 2 Proposals
470
Configuring Dial-In Objects
471
Creating a Dial-In Profile
472
Linking the Dial-In Profile with the Device
472
Setting the Time-Out Period for the Modem Dial-In Authentication
472
Configuring Border Signaling Gateway Objects
472
Chapter 9 Configuring Security Policies
475
About Security Policies
476
Viewing Rulebase Columns for a Security Policy
476
Configuring Security Policies
477
Figure 82: Displaying the Select Visible Columns Dialog Box
477
Viewing and Editing Custom Policy Fields
477
About Rulebases
478
Rule Execution Sequence
479
About Rules
480
About Firewall Rulebases
480
VPN Links and Rules
481
About Rule Groups
482
About the Multicast Rulebase
482
About IDP Rulebases on ISG Family Devices
482
About IDP Rulebases on Standalone IDP Sensors
483
Enabling Ipsec Null Encryption for IDP Inspection
484
Managing Security Policies
484
Creating a Security Policy
484
Configuring Objects for Rules
485
Applying the same Object to Multiple Rules
485
Naming of Address Objects in a Security Policy that References Devices Running Screenos or JUNOS Software
486
Using the Policy Filter Tool
486
Filtering the Comment Field
486
Using a Predefined IDP Policy
486
Using the Policy Creation Wizard
487
Adding Rulebases
488
Configuring Firewall Rules
488
Defining Match for Firewall Rules
489
Configuring Source and Destination Zones for Firewall Rules
489
Configuring Source and Destination Addresses for Firewall Rules
490
Support for Any-Ipv6 as a Source Address
491
Configuring Services for Firewall Rules
492
Defining Actions for Firewall Rules
492
Selecting Devices for Firewall Rules
493
Configuring Firewall Rule Options
494
Enabling NAT
494
Configuring Traffic Shaping in a Security Policy
495
Enabling GTP for Firewall Rules
495
Enabling Logging and Counting for Firewall Rules
497
Miscellaneous
498
Configuring Web Filtering for Firewall Rules
500
Configuring Authentication for Firewall Rules
501
Configuring Antivirus for Firewall Rules
502
Configuring a DI Profile/Enable IDP for Firewall Rules
503
Configuring the Session Close Notification Rule
504
Limiting Sessions Per Policy from Source Ips
504
Comments for Firewall Rules
505
Configuring Multicast Rules
505
Configuring Source and Destination Zones
506
Configuring Source and Destination Groups
506
Configuring Rule Options
506
Configuring Antivirus Rules
507
Configuring Antispam Rules
508
Configuring IDP Rules
508
Defining Match for IDP Rules
509
Configuring Source and Destination Address Objects for IDP Rules
509
Configuring Source and Destination Zones for IDP Rules (Does Not Apply to Standalone IDP Sensor Rulebases)
509
Configuring User Roles for IDP Rules
510
Configuring Services for IDP Rules
511
Configuring Terminal IDP Rules
512
Table 41: IDP Rule Actions
513
Defining Actions for IDP Rules
513
Configuring Attack Objects in IDP Rules
515
Adding IDP Attack Object Groups by Category
515
Adding Custom Dynamic Attack Groups
516
Adding IDP Attack Objects by Operating System
516
Adding IDP Attack Objects by Severity
516
Table 42: Severity Levels, Recommended Actions and Notifications
516
Figure 83: Configure IP Action
517
Configuring IP Actions in IDP Rules
517
Choosing a Block Option
517
Choosing an IP Action
517
Setting Logging Options
518
Setting Timeout Options
518
Configuring Notification in IDP Rules
518
Setting VLAN Tags for IDP Rules
519
Setting Severity for IDP Rules
520
Setting Target Devices for IDP Rules
520
Entering Comments for IDP Rules
520
Configuring Multiple IDP Policies for an MX Series Router
521
Configuring Application Policy Enforcement (APE) Rules
522
Adding the APE Rulebase Using the Policy Manager
522
Adding the APE Rulebase to a Policy Using the Application Profiler
523
Defining Matches for APE Rules
524
Configuring Applications for APE Rules
524
Configuring Source and Destination Address Objects for APE Rules
524
Configuring Services for APE Rules
525
Configuring User Roles for APE Rules
525
Table 43: APE Rule Actions
526
Configuring Actions for APE Rules
526
Configuring IP Actions in APE Rules
527
Choosing an IP Action
527
Choosing a Block Option
528
Setting Logging Options
528
Setting Timeout Options
528
Configuring Notification in APE Rules
528
Setting VLAN Tags for APE Rules
529
Setting Severity for APE Rules
529
Setting Target Security Devices for APE Rules
530
Entering Comments for APE Rules
530
Configuring Exempt Rules
530
Adding the Exempt Rulebase
530
Defining a Match
531
Configuring Source and Destination Address Objects
531
Configuring Source and Destination Zones
531
Setting Attack Objects
531
Specifying Vlans
532
Setting Target Devices
532
Entering Comments
532
Creating an Exempt Rule from the Log Viewer
532
Configuring Backdoor Rules
532
Adding the Backdoor Rulebase
533
Configuring Services
534
Configuring Source and Destination Address Objects
534
Configuring Source and Destination Zones
534
Defining a Match
534
Setting Operation
535
Table 44: Actions for Backdoor Rule
535
Setting Actions
535
Setting Notification
535
Setting Logging
535
Logging Packets
536
Setting an Alert
536
Setting Severity
536
Setting Target Devices
536
Specifying Vlans
536
Entering Comments
537
Configuring SYN Protector Rules
537
The TCP Handshake
537
SYN-Floods
537
Adding the SYN Protector Rulebase
538
Configuring Services
538
Configuring Source and Destination Address Objects
538
Defining a Match
538
Setting Mode
538
Setting Logging
539
Setting Notification
539
Entering Comments
540
Logging Packets
540
Setting an Alert
540
Setting Severity
540
Setting Target Devices
540
Specifying Vlans
540
Detecting TCP and UDP Port Scans
541
Detecting Other Scans
541
Example: Traffic Anomalies Rule
541
Example: Session Limiting
542
Example: Traffic Anomalies Rule
542
Session Limiting
542
Adding the Traffic Anomalies Rulebase
542
Defining a Match
542
Configuring Source and Destination Address Objects
542
Configuring Services
543
Setting Detect Options
543
Setting Response Options
543
Setting Notification
543
Setting Logging
543
Setting Severity
544
Logging Packets
544
Setting an Alert
544
Specifying Vlans
544
Setting Target Devices
544
Entering Comments
544
Configuring Network Honeypot Rules
545
Impersonating a Port
545
Adding the Network Honeypot Rulebase
545
Defining a Match
545
Configuring Destination Address Objects and Services
545
Configuring the Source
545
Setting Response Options
546
Setting Operation
546
Setting Notification
546
Logging Packets
546
Setting an Alert
546
Setting Logging
546
Setting Target Devices
547
Setting Severity
547
Entering Comments
547
Specifying Vlans
547
Installing Security Policies
547
Assigning a Security Policy to a Device
547
Validating Security Policies
548
Rule Duplication
549
Table 45: Rule Shadowing Example
549
Unsupported Options
550
Installing New Security Policies
550
Configuring IDP Policy Push Timeout
551
Updating Existing Security Policies
551
Updating Only the IDP Rulebases on ISG Devices
552
Managing Rules and Policies
553
Helpful Tips
553
Selecting Rules
554
Using Cut, Copy, and Paste on Rule Fields
554
Using Cut, Copy, and Paste on Rules
554
Dragging and Dropping Objects
555
Deleting a Rule
556
Disabling a Rule
556
Using Rule Groups
556
Reimporting Devices and Security Policies
556
Merging Policies
557
Figure 84: Security Policy a Rules (before Policy Merge)
558
Figure 85: Security Policy B Rules (before Policy Merge)
558
Figure 86: Security Policy Rules (Merged from Policy a and Policy B)
558
Importing SRX Series Devices that Contain Inactive Policies
559
Exporting Policies
559
Automatic Policy Versioning
560
Setting NSM to Automatic Policy Versioning
560
Viewing Existing Policy Versions
560
Creating a New Policy Version
561
Editing Comments for an Existing Policy Version
561
Using a Filter to Search for a Policy Version
561
Comparing Two Versions
562
Restore an Older Version
562
Viewing, Editing, Filtering, and Sorting Database Versions
563
Displaying the Differences between Database Versions
564
Update Device with an Older Database Version
564
Pre and Post Rules
565
Rule Application Sequence
566
Validation of Prerules and Postrules
566
Install-On Column for Prerules and Postrules
567
Managing Prerules and Postrules
567
Add Prerules and Postrules
567
Push Prerules and Postrules to Regional Server
567
Delete Prerules and Postrules
568
Modify Prerules and Postrules
568
Polymorphic Objects
568
Customizing Polymorphic Objects
568
Access Control of Polymorphic Object
569
Supported Polymorphic Object Categories
569
Table 46: Polymorphic Objects
569
Validation of Polymorphic Object
569
Manage Polymorphic Objects
570
Add a Polymorphic Object to a Pre/Post Rule
570
Create a Polymorphic Object
570
Devices
571
Map a Polymorphic Object to a Real Value
571
Chapter 10 Configuring Voice Policies
573
Adding a BSG Transaction Rulebase
573
Adding Rules to the BSG Transaction Rulebase
574
Chapter 11 Configuring Vpns
577
About Vpns
578
Creating System-Level Vpns with VPN Manager
578
Configuring Vpns
579
Creating Device-Level Vpns in Device Manager
579
Supported VPN Configurations
579
Planning for Your VPN
579
Determining Your VPN Members and Topology
580
Site-To-Site
580
Using Network Address Translation (NAT)
580
Creating Redundancy
581
Full Mesh
581
Hub and Spoke
581
Protecting Data in the VPN
582
Using Ipsec
582
Using L2TP
584
Choosing a VPN Tunnel Type
584
About Policy-Based Vpns
584
About Route-Based Vpns
585
VPN Checklist
585
Define Members and Topology
585
Define Method: VPN Manager or Device-Level
586
Define Security Protocol (Encryption and Authentication)
586
Define VPN Type: Policy-Based, Route-Based, or Mixed-Mode
586
Preparing VPN Components
588
Preparing Basic VPN Components
588
Preparing Required Policy-Based VPN Components
588
Configuring Address Objects
589
Configuring Protected Resources
589
Configuring Shared NAT Objects
589
Configuring Remote Access Service (RAS) Users
590
Configuring Required Routing-Based VPN Components
591
Configuring Static and Dynamic Routes
592
Configuring Tunnel Interfaces and Tunnel Zones
592
Configuring Optional VPN Components
593
Creating Authentication Servers
593
Creating Certificate Objects
593
Creating PKI Defaults
594
Creating Vpns with VPN Manager
594
Adding the VPN
595
Adding RAS Users
598
Adding Routing-Based Members
598
Configuring Topology
600
Configuring Common VPN Topologies
600
Configuring Gateway Properties
602
Configuring Gateways
602
Defining Termination Points
602
Configuring Gateway Security
604
Configuring IKE Ids
605
Configuring IKE
606
IKE Properties
606
Configuring Security Level
607
Autogenerating VPN Rules
608
Configuring Overrides
608
Editing Policy Rules
608
Editing Device Configuration
609
Viewing the Device Tunnel Summary
610
Adding the VPN Link
610
Editing Vpns
610
Editing the VPN Configuration
611
Editing Users
611
Editing VPN Overrides
611
Editing VPN Protected Resources
611
VPN Manager Examples
611
Example: Configuring an Autokey IKE, Policy-Based Site-To-Site VPN
612
Figure 87: Create Tokyo Protected Resource Object for Autokey IKE VPN
613
Figure 88: Create Paris Protected Resource Object for Autokey IKE VPN
613
Figure 89: Configure Gateway Parameters for Autokey IKE VPN
615
Figure 90: View Autogenerated Rules for Autokey IKE VPN
615
Example: Configuring an Autokey IKE RAS, Policy-Based VPN
616
Figure 91: Add Chicago Protected Resource for Autokey IKE RAS VPN
617
Figure 92: Add New Local User for Autokey IKE RAS VPN
617
Figure 93: Configure Security for Autokey IKE RAS VPN
619
Example: Configuring an Autokey IKE, Route-Based Site-To-Site VPN
619
Figure 94: View Tunnel Summary for Autokey IKE, RB Site-To Site VPN
621
Example: Configuring Xauth Authentication with External User Group
622
Creating Device-Level Vpns
626
Supported Configurations
627
Creating Autokey IKE Vpns
627
Ikev2 and EAP Support
627
Configuring Gateways
628
Configuring Routes (Route-Based Only)
632
Configuring the VPN
632
Adding a VPN Rule
635
Creating Manual Key Vpns
635
Adding Xauth Users
636
Configuring Routes (Route-Based Only)
636
Configuring the VPN
636
Adding a VPN Rule
638
Creating L2TP Vpns
639
Adding L2TP Users
639
Configuring L2TP
639
Creating L2TP over Autokey IKE Vpns
640
Adding a VPN Rule
640
Adding VPN Rules
640
Configuring the VPN
640
Assign and Install the Security Policy
641
Configuring the Security Policy
641
Device-Level VPN Examples
641
Example: Configuring a Route-Based Site-To-Site VPN, Manual Key
642
Figure 95: Configure Tokyo Route for RB Site-To-Site VPN, MK
644
Figure 96: Configure Tokyo Trust Route for RB Site-To-Site VPN, MK
644
Figure 97: View Tokyo Routing Table for RB Site-To-Site VPN, MK
645
Figure 98: Configure Rules for RB Site-To-Site VPN, MK
646
Example: Configuring a Policy-Based Site-To-Site VPN, Manual Key
647
Example: Configuring a Policy-Based RAS VPN, L2TP
648
Auto-Connect Virtual Private Network
650
Configuring ACVPN
650
IVE VPN Monitoring
652
Chapter 12 Central Manager
653
Central Manager Overview
653
Regional Server and Central Manager Self-Sufficiency
653
Self-Sufficient Central Manager
653
Self-Sufficient Regional Server
654
Super Admin User
654
Regional Server Management
654
Management Modes for J Series and SRX Series Devices
654
Central Management Mode
654
Using Central Manager
655
Deleting a Regional Server Object
656
Logging into a Regional Server
656
Installing Global Policy to a Regional Server
656
Prerule and Postrule Updates During Global Policy Install
657
Name Space Conflict Resolution for Shared Objects
657
Shared Objects Update During Global Policy Install
657
Name Space Conflict Resolution for Polymorphic Objects
658
Chapter 13 Topology Manager
659
Overview of the NSM Topology Manager
659
About the NSM Topology Manager
659
Requirements for a Topology Discovery
659
About the NSM Topology Manager Toolbar
660
Initiating a Topology Discovery
661
Viewing a Network Topology
662
About the NSM Topology Map Views
662
Subnets View
662
Groups View
663
Menu Options in the Topology Map View
663
About the NSM Topology Table Views
664
Devices View
664
Endpoint Devices View
665
Free Ports View
665
Links View
665
About Topology Manager Preferences
665
Default Credentials Tab
666
Refresh Interval Tab
666
Preferred Subnets Tab
666
Adding Discovered Devices to NSM
666
Chapter 14 Role-Based Port Templates
669
Using Role-Based Port Templates
669
Managing Port Template Associations
670
Apply or Edit a Port Template
670
Detect and Resolve Configuration Conflicts
672
Clone a Port Template
672
Edit a Port Template
673
Chapter 15 Unified Access Control Manager
675
Overview of the Unified Access Control (UAC) Manager Views
675
The Infranet Controller View
675
The Enforcement Point View
676
Manager
676
Manager
677
Enabling 802.1X on Enforcement Point Ports in the UAC Manager
678
Disabling 802.1X on Enforcement Point Ports in the UAC Manager
679
Chapter 16 Realtime Monitoring
683
About the Realtime Monitor
683
Realtime Monitor Views
684
Monitoring Managed Devices
684
Viewing Device Status
684
Realtime Monitoring
685
Table 47: Device Status Information
685
Device Polling Intervals
687
Table 48: Device Polling Intervals
688
Viewing Device Monitor Alarm Status
688
Setting the Polling Interval for Device Alarm Status
688
Table 49: Device Detail Status Items
689
Viewing Additional Device Detail and Statistics
689
Viewing Device Details
689
Table 50: Device Statistics Summary
690
Viewing Device Statistics
690
Table 51: Device-Specific Views
691
Table 52: Policy Distribution Items
693
Table 53: Protocol Distribution Items
694
Table 54: VPN Monitor Table
696
Table 55: Active VPN Table
697
Table 56: Ethernet Statistics View Data
699
Table 57: Flow Statistics View Data
701
Table 58: Attack Counters
701
Table 59: Resource Statistics Items
705
Table 60: Administrators View
705
Table 61: Authenticated Users View
706
Table 62: Active Sessions Items
706
Table 63: HA Statistics View
709
Table 64: Device Status Information
710
Monitoring IDP Sensors
710
Viewing IDP Device Status
710
Table 65: IDP Device Detail Status Items
711
Viewing IDP Device Detail and Statistics
711
Viewing IDP Device Details
711
Table 66: IDP Sensor Process Status Items
712
Table 67: Device Statistics Summary (for IDP Sensors)
713
Table 68: VPN Tunnel Summary
714
Monitoring Vpns
714
Viewing the VPN Status Summary
714
Configuring a VPN Filter
715
Modifying a VPN Filter
715
Deleting a VPN Filter
716
Configuring a VPN Display Filter
716
Viewing Active VPN Details
716
Viewing Device-Specific VPN Information
716
Monitoring NSRP Statistics
716
Viewing NSRP Summary Information
716
Table 69: NSRP Device Summary
717
Viewing VSD/RTO Information
717
Table 70: VSD/RTO Summary
718
Table 71: VSD Counter Details
718
Table 72: RTO Counters Details
719
Table 73: IDP Cluster Monitor
719
Viewing RTO Counter Details
719
Monitoring IDP Clusters
719
Table 74: IDP Cluster Summary
720
Viewing IDP Cluster Summary Information
720
Monitoring IDP Cluster Members
721
Table 75: IDP Cluster Member Monitor
721
Using the Realtime Monitor
721
Monitoring the Management System
721
Configuring Servers
722
Configuring Device Servers
722
Configuring the GUI Server
723
Table 77: GUI Server Table
723
Table 76: Server Information
722
Using Server Monitor
724
Figure 99: Server Monitor (Machine-Wide Info)
725
Table 78: Server Monitor (Machine-Wide Info) Data
725
Table 79: Server Detail Status
726
Viewing Additional Server Status Details
726
Viewing Process Status
727
Figure 100: Process Status for the Device Server
728
Figure 101: Process Status for the GUI Server
728
Table 80: Process Status
728
Table 81: Management System Utilities
729
Using Schema Information
730
Viewing Device Schema
731
Chapter 17 Analyzing Your Network
733
About the Dashboard
733
About the Profiler
733
Example of Unique Events
734
Analyzing Your Network
735
Setting up the Profiler
735
Configuring the Profiler
736
Table 82: General IDP Profiler Settings
736
Enabling os Fingerprinting
737
Configuring Context Profiles
737
Configuring Alerts
738
Updating Profiler Settings
738
Customizing Profiler Preferences
739
Starting Profiler Operations on ISG Devices Without IDP Rules
739
Starting the Profiler
739
Stopping the Profiler
739
About Profiler Views
740
About the Protocol Profiler
741
Table 83: Protocol Profiler Data
741
About the Network Profiler
742
Table 84: Network Profiler Data
742
About the Violation Viewer
743
Configuring Permitted Objects
743
Table 85: Applciation Profiler Data
745
About the Application Profiler
745
Using Profiler Views
746
Violation Viewer
746
Filtering and Sorting from the Application Profiler
747
Refreshing Profiler Data
748
Viewing Database Information
748
Table 86: Detailed Network Information Data
749
Purging the Database
750
Recommended Profiler Options
750
Configuring a Network Baseline
751
Identifying a Baseline
751
Setting a Baseline
751
Keeping Your Network Current
751
Proactively Updating Your Network
752
Reacting to Vulnerability Announcements
752
Example: Identifying Vulnerable Components
752
Stopping Worms and Trojans
753
Example: SQL Worm
753
Example: Blaster Worm
754
Accessing Data in the Profiler Database
754
About Security Explorer
755
Figure 102: Security Explorer
756
Security Explorer Main Graph
756
Graph Types
757
Connections Detail Pane
757
Log Viewer
758
Reference Point Pane
758
Reports Viewer
758
Using Security Explorer
758
Permissions
759
Analyzing Relationships
759
Viewing Data
759
Setting a Time Duration
760
Table 87: Transitional Graphs
760
Transitioning to Other Relational Graphs
760
Viewing Predefined Reports
760
Adding and Removing Panels
761
Refreshing Data
761
Exporting to HTML
761
Logging
763
Chapter 18 Logging
763
About Logging
763
About Log Entries
764
About Log Events
764
About Log Severity
765
Table 89: Log Entry Severity Levels for DMI Devices
765
Table 90: Log Entry Severity Levels for Screenos and IDP Devices
765
Table 88: Event-Generated Log Entries
764
Viewing Logs
766
Device Limitations for Viewing Logs
767
Configuring the Device for Logging
767
Configuring Severity Settings
768
Table 91: Destinations of Log Entry Severities
768
Configuring E-Mail Server Settings
769
Forwarding Self Log Entries (Firewall Options)
769
Table 92: Self Log Entry Settings
769
Table 93: Email Server Settings for Log Entries
769
Configuring Events Reporting Settings
770
Deep Inspection Alarm Log Entries
771
Event Alarm Log Entries
771
Traffic Alarm Log Entries
771
Configuration Log Entries
772
Information Log Entries
772
Self Log Entries
773
Traffic Log Entries
773
Attack Statistics
774
Ethernet Statistics
774
Flow Statistics
774
Policy Statistics
774
Protocol Distribution
774
Atomic Updating Events
775
Configuring SNMP Reporting Settings
775
Directing Logs to a Syslog Server
776
Directing Data to a Webtrends Server
777
Managing Packet Data in Logs
777
Table 94: Syslog Settings for Log Entries
777
Table 95: Webtrends Settings for Log Entries
777
Figure 103: View Packet Data in a Log
779
Figure 104: Sample Packet Data
780
Using the Log Viewer
780
Using Log Views
781
Table 96: EX Series Switch Predefined Log Views
781
Table 97: SSL/UAC Predefined Log Views
782
Creating Custom Views and Folders
783
Table 98: Predefined Log Views
783
Creating Per-Session Views
784
Table 99: Log Viewer Columns
784
Log Viewer Detail Panes
787
Figure 105: View Category and Severity Filters
788
Log Viewer Status Bar
788
Navigating the Log Viewer
788
Table 100: Log Viewer Navigation Controls
788
Searching Log Entries
788
Log Timeline
789
Table 101: Search Tools for Log Viewer
789
Figure 106: Log Viewer Time Slider
790
Figure 107: Log Viewer Time Display
790
Table 102: Log Viewer Flags
791
Using Flags
791
Using Log ID Number
792
Using the Find Utility
792
Filtering Log Entries by Event and Time
792
Setting a Category Filter
792
Setting a Flag Filter
793
Setting a Protocol Filter
793
Setting an Address Filter
793
Setting an Alert Filter
793
Setting a Domain Filter
794
Setting a Time-Based Filter
794
Filtering Log Entries by Range
794
Setting a Bytes in or Bytes out Range Filter
795
Setting a Port Number Range Filter
795
Customizing Columns
796
Hide, Unhide, and Move Columns
796
Using Column Settings
796
Filtering Log Entries by Column
798
Figure 108: Filter Summary Dialog Box
799
Using Log Viewer Integration
800
Jump to Device Configuration
800
Jump to Policy
800
Figure 109: Viewing Summary Panel
801
Table 103: Irrelevant Versus Relevant Attacks
801
Identifying Irrelevant Attacks
801
Using the Log Investigator
802
About the Log Investigator UI
803
Figure 110: Log Investigator UI Overview
803
Configuring Log Investigator Options
804
Configuring a Time Period
804
Configuring Axes
805
Figure 111: Configure Time Period Filter
805
Figure 112: Changing Time Period Filter
805
Setting a Log Entry Limit
806
Table 104: Log Investigator Filters
807
Example: Setting Filters in the Log Investigator
808
Figure 113: View Log Investigator Results
809
Investigating Log Entry Data
809
Using Rows and Columns
809
Table 105: Log Investigator Analysis
810
Using Cells
810
Zoom Details
811
Excluding Data
812
Jumping to the Log Viewer
812
Using the Audit Log Viewer
812
Figure 114: Audit Log Viewer UI Overview
813
Table 106: Audit Log Information
813
Managing the Audit Log Table
814
Setting a Start Time for Audit Log Entries
816
Target View and Device View
816
Managing Log Volume
816
Automatic Device Log Cleanup
817
Archiving Logs
818
Log Archival Mechanism
818
Setting Log Storage Limits
818
Obsolete Logs
819
Required Disk Space
819
System-Wide Retention Policy
819
Forwarding Logs
820
Sending E-Mail Notification of Downed Device
820
Using the Action Manager to Forward Logs by Domain
820
Configuring Action Parameters
821
Setting Device Log Action Criteria
822
Using the Log2Action Utility to Export Logs
824
Using Filters
824
Table 107: Common Filters
825
Exporting to CSV
827
Exporting to XML
827
Using XML Required and Optional Format-Specific Filters
827
Viewing XML Format Output
827
Exporting to SNMP
828
Using CSV Required and Optional Format-Specific Filters
828
Viewing CSV Format Output
828
Exporting to E-Mail
829
Using SNMP Required and Optional Format-Specific Filters
829
Viewing SNMP Format Output
829
Exporting to Syslog
830
Using E-Mail Required and Optional Format-Specific Filters
830
Using Syslog Required and Optional Format-Specific Filters
830
Exporting to a Script
831
Using Script Required and Optional Format-Specific Filters
831
Viewing Syslog Format Output
831
Reporting
833
Chapter 19 Reporting
833
About Reporting
833
Report Type Groupings
833
Graphical Data Representation
834
Integration with Logs
834
Central Access to Management Information
834
Report Types
835
Predefined Reports
835
Table 108: Firewall and VPN Reports
835
Table 109: DI/IDP Reports
836
Table 110: Screen Reports
837
Table 111: Administrative Reports
838
Table 112: UAC Reports
838
SSL/VPN Reports
839
Table 113: Profiler Reports
839
Table 114: AVT Reports
839
EX Series Switches Report
840
Table 115: SSL/VPN Reports
840
Table 116: EX-Switch Reports
840
My Reports
840
Shared Reports
840
Working with Reports
840
Generating a Predefined Report
841
Creating a Custom Report
841
Example: Creating a Custom Report
841
Deleting Reports
842
Organizing Reports in Folders
842
Generating Reports Automatically
842
Running Reports Using the Guisvrcli.sh Utility
842
Creating and Editing Action Scripts
843
Using Cron with Scheduled Reports
844
Exporting Reports to HTML
845
Setting Report Options
846
Naming a Report
846
Setting the Report Type
846
Configuring Report Source Data
847
Configuring a Report Time Period
847
Configuring the Data Point Count
847
Configuring the Chart Type
847
Sharing Your Custom Report
847
Modifying Report Filters
847
Configuring Report Processing Warnings
848
Saving Your Report Settings
848
Log Viewer Integration
848
Viewing Logs from Report Manager
848
Figure 115: Generating a Quick Report
849
Generating Quick Reports
849
Using Reports
849
Example: Using Administrative Reports to Track Incidents
849
Figure 116: Logs by User-Set Flag Report
850
Example: Using Administrative Reports to Optimize Rulebases
850
Figure 117: Top FW/VPN Rules Report
851
Example: Using EX Switch Reports to Track Configuration Changes
851
Figure 118: Top Configuration Changes Report
852
Example: Using SSL/VPN Reports to Track Authentication Failures
852
Example: Using Screen Reports to Identify Attack Trends
852
Example: Using DI Reports to Detect Application Attacks
853
Using the Watch List
853
Appendix A Glossary
857
Network and Security Manager (NSM) Term Definitions
857
Table 117: CIDR Translation
861
Table 118: Unmanaged Commands for Firewall/Vpn Devices
883
Appendix B Unmanaged Screenos Commands
883
Table 119: Surfcontrol Web Categories
885
Appendix D Common Criteria EAL2 Compliance
893
Guidance for Intended Usage
893
Guidance for Personnel
893
Guidance for Physical Protection
893
Appendix E Log Entries
895
Table 120: Screen Alarm Log Entries
895
Table 121: Alarm Log Entries
897
Deep Inspection Alarm Log Entries
898
Table 122: Deep Inspection Alarm Log Entries
899
Table 123: Configuration Log Entries
973
Information Log Entries
975
Table 124: Information Log Entries
976
Traffic Log Entries
977
Self Log Entries
977
GTP Log Entries
978
Index
981
Advertisement
Advertisement
Related Products
Juniper NETWORK AND SECURITY MANAGER 2010.2
Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01
Juniper NETWORK AND SECURITY MANAGER 2010.4 - API GUIDE REV 1
Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING J SERIES SERVICES ROUTERS AND SRX SERIES SERVICES GATEWAYS GUIDE REV
Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1
Juniper NETWORK AND SECURITY MANAGER 2010.4 - NSMXPRESS SERIES II REV 1
Juniper NETWORK AND SECURITY MANAGER 2010.4 - REV1
Juniper NETWORK AND SECURITY MANAGER 2010.4 - M-SERIES AND MX-SERIES DEVICES GUIDE REV 1
Juniper Categories
Network Router
Switch
Gateway
Software
Network Hardware
More Juniper Manuals
Login
Sign In
OR
Sign in with Facebook
Sign in with Google
Upload manual
Upload from disk
Upload from URL