Sign In
Upload
Manuals
Brands
Juniper Manuals
Software
NETWORK AND SECURITY MANAGER 2010.3
Juniper NETWORK AND SECURITY MANAGER 2010.3 Manuals
Manuals and User Guides for Juniper NETWORK AND SECURITY MANAGER 2010.3. We have
3
Juniper NETWORK AND SECURITY MANAGER 2010.3 manuals available for free PDF download: Administration Manual, Manual
Juniper NETWORK AND SECURITY MANAGER 2010.3 Administration Manual (1016 pages)
Brand:
Juniper
| Category:
Software
| Size: 13 MB
Table of Contents
Table of Contents
7
About this Guide
45
Audience
45
Objectives
45
Conventions
46
Table 1: Notice Icons
46
Table 2: Text Conventions
46
About this Guide
47
Documentation
47
Table 3: Syntax Conventions
47
Table 4: Network and Security Manager Publications
47
Requesting Technical Support
49
Self-Help Online Tools and Resources
49
Opening a Case with JTAC
50
Getting Started with NSM
51
Chapter 1 Introduction to Network and Security Manager
53
About NSM
53
Security Integration
54
Device Configuration
54
Network Organization
54
Role-Based Administration
54
Centralized Device Configuration
55
Introduction to Network and Security Manager
55
Device Management
56
Device Modeling
56
Importing Devices
56
Policy-Based Management
56
Rapid Deployment
56
Error Prevention, Recovery, and Auditing
57
Atomic Configuration and Updating
57
Device Configuration Validation
57
Introduction to Network and Security Manager
57
Policy Validation
57
Auditing
58
Device Image Updates
58
Complete System Management
58
VPN Abstraction
58
Integrated Logging and Reporting
59
Job Management
59
Monitoring Status
59
Technical Overview
60
Architecture
60
Figure 1: NSM Network Architecture
60
Figure 2: NSM System Architecture
61
Management System
61
User Interface
61
Table 5: GUI Server Processes
62
Managed Devices
63
Firewall and IDP (Screenos/Idp) Devices
63
Table 6: Device Server Processes
63
Table 7: Supported Security Devices
63
Devices Running Junos os
66
Table 8: J Series Services Routers and SRX Series Services Gateways NSM Supports
67
Table 9: M Series Multiservice Edge Routers and MX Series Ethernet Services Routers NSM Supports
68
Table 10: EX Series Ethernet Switches NSM Supports
69
SSL VPN Secure Access Products
70
Table 11: Secure Access Products NSM Supports
70
Extranet Devices
71
Juniper Networks IC Series Unified Access Control Appliances
71
Distributed Data Collection
71
Table 12: IC Series UAC Appliances NSM Supports
71
Device Schemas
72
Security
72
Scaling and Performance
72
Working in the User Interface
73
Characters Not Supported in Login Passwords
73
Managing Blocked Login Attempts
73
Configuring UI Preferences
73
UI Overview
73
Common Tasks Pane
74
Figure 3: Overview of the User Interface
74
Navigation Tree
74
Main Display Area
75
Menu Bar
75
Status Bar
75
Toolbar
75
NSM Modules
75
Investigate Modules
75
Configure Modules
77
Administer Modules
81
Validation Icons in the User Interface
81
Table 13: Validation Status for Devices
81
Validation and Data Origination Icons
82
Table 14: Validation Icons
82
Working with Other NSM Administrators
83
Searching in the User Interface
83
Contains String [C] Search Mode
84
Figure 4: UI Search Modes
84
Figure 5: "Contains String" Search Mode Example
84
Starts with [S] Search Mode
84
Figure 6: "Starts With" Search Mode Example
85
Figure 7: "Regular Expression" Search Mode Details
85
Regular Expression [R] Search Mode
85
Figure 8: "Regular Expression" Search Mode Example
86
IP [I] Search Mode
86
Figure 9: "IP Address" Search Mode Example
87
Search for an Exact Match (E)
87
Global Search
88
Figure 10: Exact String Search Mode Example
88
New Feature in 2010.3
89
Chapter 2 Planning Your Virtual Network
91
Configuring Devices Overview
91
Importing Existing Devices
92
Modeling New Devices
93
Planning Your Virtual Network
93
Editing a Device Configuration
94
Configuring IDP-Capable Devices Overview
95
Common Criteria EAL2 Compliance
95
Guidance for Intended Usage
95
Guidance for Personnel
95
Guidance for Physical Protection
95
Supported IDP-Capable Devices
95
Enabling Jumbo Frames (ISG1000 Only)
96
Enabling IDP Functionality
97
Installing Advanced License Keys
97
Module
97
Updating Attack Objects
97
Adding Objects (Optional)
98
Configuring a Security Policy for IDP
98
Reviewing IDP Logs
103
Maintaining IDP
104
Creating IDP-Only Administrators
104
Simplifying Management
104
Using Device Groups
105
Using Configuration Groups
105
Using Device Templates
105
Merging Policies
106
Using a Naming Convention
106
Example: Using a Naming Convention for Address Objects
106
Example: Using a Naming Convention for Devices
106
Creating an Information Banner
107
Adding an Information Banner
107
Figure 11: Selecting the GUI Server in Central Manager
108
Figure 12: Setting up an Information Banner
109
Figure 13: Information Banner Login into Central Manager
109
Modifying an Information Banner
110
Deleting an Information Banner
110
Chapter 3 Configuring Role-Based Administration
111
Domains
111
About Roles
112
Enterprise Organizations
113
Administrator Types
114
Service Providers
115
Internal Network
115
Managed Security Service Provider (MSSP)
115
Configuring Role-Based Administration
116
Creating Administrators
117
Configuring Authorization
117
Configuring General Settings
117
RADIUS Authentication and Authorization
118
Table 15: How to Authenticate Users
118
Figure 14: Creating Custom Domain
120
Figure 15: User in Domain "Global" with a Predefined Role
121
Figure 16: User in Domain "Global" with Custom Role "R1
121
Figure 17: User in Subdomain "D1" with a Predefined Role
122
Figure 18: User in Subdomain "D1" with a Custom Role "R1
122
Figure 19: Assigning Multiple Roles to a User in Global Domain
122
Figure 20: Assigning Multiple Roles to a User in Subdomain
123
Figure 21: Assigning Roles Defined in Domain "Global
123
Figure 22: Assigning Roles Defined in Domain "Global" to Subdomain Only
123
Configuring Roles
124
Creating Custom Roles
124
Table 16: Predefined NSM Administrator Activities
125
Permissions Changes in Release 2008.1
136
Roles and Permissions
136
Table 17: Changes to Edit Devices, Device Groups, & Templates Activity
137
Assigning and Viewing Custom Roles
138
Configuring a User Activity in a Custom Role
138
Table 18: Changes to View Devices, Device Groups, & Templates Role
138
Forcing an Administrator to Log out
139
Viewing Logged Administrators
139
Creating Subdomains
140
Viewing Current Domain Detail
140
Example: Configuring Role-Based Administration
141
Step 1: Create the Subdomains
141
Step 2: Create the Subdomain Administrator
141
Step 3: Create the Viewing and Reporting Administrator
142
Figure 23: Manage Administrators and Domains: Administrators Tab
143
Step 4: Verify Administrator Accounts
143
Chapter 4 Adding Devices
147
About Device Creation
148
Adding Devices
149
Determine Device Status
149
Managing the Device
150
Verifying Device Configuration
150
Before You Begin Adding Devices
150
Importing Versus Modeling
151
Importing Device Configurations
151
Modeling Device Configurations
151
Device Add Process
152
Selecting the Domain
152
Figure 24: Connecting Devices from Different Domains in Vpns
153
Adding Single or Multiple Devices
153
Specifying the os and Version
154
Determining Port Mode (Screenos Devices Only)
154
Figure 25: Trust-Untrust Port Mode Bindings
155
Figure 26: Home-Work Port Mode Bindings
155
Combined Port Mode
156
Figure 27: Dual-Untrust Port Mode Bindings
156
Figure 28: Combined Port Mode Bindings
157
Trust-Untrust-DMZ Port Mode
157
Figure 29: Trust-Untrust-DMZ Port Mode Bindings
158
Figure 30: Extended Port-Mode Interface to Zone Bindings
158
Table 19: Extended Bindings
158
Figure 31: DMZ Dual Untrust Port Mode
159
Table 20: Security Device Port Mode Summary (Part 1)
160
Table 21: Security Device Port Mode Summary (Part 2)
160
Changing the Port Mode
161
Table 22: Supported Add Device Workflows by Device Family
161
Importing Devices
162
Requirements
163
Adding and Importing Devices with Static IP Addresses
163
Screenos Devices
163
IDP Sensors
165
Junos Devices
166
SA and IC Devices
167
Adding Devices with Dynamic IP Addresses
168
IDP Sensors
170
Device
171
Adding and Importing a Junos Device with a Dynamic IP Address
174
Verifying Imported Device Configurations
177
Using Device Manager
178
Using Job Manager
178
Using Configuration Summaries
179
Modeling Devices
180
Modeling a Device
180
Requirements
180
Creating a Device Configuration
181
Activating a Device
182
Devices with Static IP Addresses
182
Devices with Dynamic IP Addresses
185
Using Rapid Deployment (Screenos Only)
188
Creating the Configlet
190
Installing the Configlet
193
Preparing the Device
193
Updating the Device Configuration
195
Delta Option
195
Summarize Delta Configuration
195
But Has no Admin Privileges
196
Fails
196
Option
196
Adding Vsys Devices
196
Figure 32: Connecting Vsys Devices Across Domains
197
Importing Vsys Devices
197
Placing the Root Device in a Global Domain or a Subdomain
197
Modeling Vsys Devices
198
Adding L2V Root Systems
200
Adding an Extranet Device
200
Adding Clusters
201
Adding a Cluster Device Object
201
Adding Members to the Cluster
202
Adding Screenos or IDP Clusters
202
Adding Secure Access or Infranet Controller Clusters
202
Through Reachable Workflow
204
Through Unreachable Workflow
204
Adding Clusters of Routers Running Junos os
205
Adding and Importing a Junos Cluster
206
Activating and Updating a Modeled Junos Cluster
207
Adding a Junos Cluster with Modeled Cluster Members
207
Figure 33: Adding a Secure Access Cluster
208
Example: Adding and Importing a Cluster
208
Adding the Cluster
208
Adding the Cluster Members
209
Adding the Cluster
210
Figure 34: Adding a J Series Cluster
210
Importing the Cluster Configuration
210
Figure 35: Adding the First Member to a J Series Cluster
211
Modeling the Cluster Members
211
Activating the Cluster Members
212
Figure 36: Adding the Second Member to a J Series Cluster
212
Figure 37: Cluster Member Icons
212
Updating the Cluster
214
Adding a Vsys Cluster and Vsys Cluster Members
214
Example: Adding a Vsys Cluster
214
Figure 38: Configuring Cluster Members for Paris Vsys Cluster
215
Figure 39: Paris Cluster Members and Paris Vsys Cluster Members
216
Adding a Device Discovery Rule
217
Running a Device Discovery Rule
218
Adding Many Devices Using CSV Files
218
Creating the CSV File
219
Devices with Static IP Addresses
219
Device with Dynamic IP Addresses
220
Table 23: CSV File Information for Devices with Static IP Addresses
220
Table 24: CSV File Information for Devices with Dynamic IP Addresses
221
Table 25: CSV File Information for Undeployed Devices
223
Validating the CSV File
225
Importing Many Devices
225
Adding and Importing Many Devices with Dynamic IP Addresses
226
Adding and Importing Many Devices with Static IP Addresses
226
Modeling Many Devices
227
Using Rapid Deployment
227
Modeling and Activating Many Devices with Configlets
228
Activating Many Devices with Configlets
229
Adding Device Groups
229
Example: Creating a Device Group
230
Setting up NSM to Work with Infranet Controller and Infranet Enforcer
231
Avoiding Naming Conflicts of the Authorization Server Object
231
Avoiding NACN Password Conflicts
233
Chapter 5 Configuring Devices
235
About Device Configuration
236
About Configuring Device Families
236
Objects
236
Configuring Devices
237
Configuration Features
237
About Device Templates
237
About the Device Editor
237
About Configuration Groups
238
Editing Devices Using the Device Editor
238
Figure 40: Device Info and Configuration Tabs
239
Figure 41: Screenos and IDP Device Configuration Information
240
Validation and Data Origination Icons
240
Configuring Device Features
241
Configuring Screenos/Idp Device Features
242
Figure 42: Screenos Device Object Configuration Data
242
Configuring Secure Access or Infranet Controller Device Features
244
Figure 43: Secure Access Device Object
244
Configuring Junos Device Features
245
Table 26: Validation Icons
241
Updating the Configuration on the Device
246
Using Device Templates
246
Modifying Values in Templates
247
Example: Creating and Applying a Device Template for DNS Settings
248
Applying the Template
249
Figure 44: Example of Setting Values in a Template
249
Figure 45: Applying a Template
250
Templates and Importing Devices
250
Promoting a Device Configuration to a Template
250
Figure 46: Template Override Icon
251
Figure 47: Revert to a Template or Default Value
251
Changing Values Inherited from Templates
251
Reverting a Configuration to Default Values of a Template
252
Templates and Validation
252
Applying Multiple Templates
252
Example: Using Multiple Device Templates
253
Figure 48: View Denial of Service Defense Values from Dos Template
254
Figure 49: Configure Dos Defense Settings for the Dos2 Template
255
Figure 50: View Template Priority (Dos Highest)
256
Figure 51: View Values from Dos and Dos2 Templates
256
Figure 52: View Dos2 Value for Source IP Based Session Limit
257
Figure 53: View Dos Value for SYN-ACK-ACK Proxy Protection Setting
257
Figure 54: View Default SYN-ACK-ACK Proxy Protection Setting
257
Template Limitations
257
Maximum of 63 Templates
257
Default Values
258
Device Groups
258
List Key Fields
258
Predefined Device Data
258
Figure 55: up and down Arrows for Changing the Sequence of a List
259
Specifying the Order of List Entries
259
Combining Template Data with Device Object Data
260
Operations that Change the Sequence of Ordered Lists
260
Order
260
Examples of Reordered Lists
261
Rules for Reordering Lists
261
Configuration Group Order
264
Figure 56: Identifying Ordered List Entries that Do Not Match the Template
265
Using the Template Operations Directive
265
Figure 57: Template Operations Directive
266
Select Devices Section
266
Select os Name Section
266
Select Template Section
266
Figure 58: Select Template Dialog Box
267
Options Section
267
Template Operation Section
267
Template Operations Box Recommended Workflow
268
Figure 59: Template Operations Job Information Dialog Box
269
Removing Templates with the Template Operations Directive
269
Exporting and Importing Device Templates
270
Exporting a Device Template
270
Importing a Device Template
270
Using Configuration Groups
271
Creating and Editing Configuration Groups
272
Creating a Configuration Group
272
Editing a Configuration Group
273
Figure 60: Adding a Configuration Group
273
Ordered Lists and Wildcard Matching
274
Validating a Configuration Group
274
Applying a Configuration Group
274
Figure 61: Applying a Configuration Group
275
Figure 62: Configuration Group Applied
275
Excluding a Configuration Group
275
Figure 63: Excluding a Configuration Group
276
Editing a Device Object that Uses Configuration Groups
276
Deleting a Configuration Group
277
Adding Ordered List Entries Using Configuration Groups
277
Reordering Lists
277
Using Configuration Groups with Templates
278
Sharing Configuration Group Definitions Across Multiple Devices
278
Configuring Clusters
282
Configuring Cluster Objects Directly by Editing the Configuration
282
Configuring Cluster Objects Using Templates
282
Configuring Member-Level Data in a Junos Cluster
283
Configuring Junos Devices with Redundant Routing Engines
284
Configuring a Routing Engine
284
Figure 64: Configuring Routing Engine Specific Parameters
285
Viewing a Routing Engine Configuration
285
Figure 65: Viewing the Routing Engine Configuration
286
Overview of VRRP Support in NSM
286
Platforms on Which NSM Supports VRRP
287
Activating VRRP on a Device Interface
287
Defining a VSI as a VRRP Interface
287
Managing Configuration Files
287
Viewing and Comparing Configuration File Versions
288
Updating the Device with a Configuration File Version
288
Importing or Viewing the Current Version of the Configuration File
288
Automatic Import of Configuration Files
288
Chapter 6 Updating Devices
289
About Updating
289
How the Update Process Works
290
Updating Devices
291
Devices
293
Knowing When to Update
294
Verifying Device Status in Device Monitor
295
Configuration Status
295
Connection Status
295
Verifying Device Status in Device Manager
297
Reviewing Logs
297
Identifying Administrative Changes
298
Reviewing Reports
298
Using Preview Tools
298
Running a Configuration Summary
299
Using a Delta Configuration Summary
299
Table 28: Delta Configuration Summary Information
300
Figure 66: Delta Configuration Summary Example
301
Performing an Update
302
Retrying a Failed Update
303
Configuring Update Options
303
Update Options for DMI-Compatible Devices
304
Tracking Device Updates
304
Figure 67: Job Manager Module
305
Figure 68: Job Information Dialog Box
306
Reviewing Job Information
306
Table 29: Device States During Update
307
Understanding Updating Errors
308
Figure 69: Failed Update Job Dialog Box
309
Chapter 7 Managing Devices
311
Managing Device Software Versions
312
Upgrading the Device Software Version
312
Managing Devices
313
Upgrading a Device Software Version from NSM
314
Upgrading a Device Software Version Outside NSM
314
Adjusting the Device os Version
315
Downgrading the Device os Version
315
Rolling Back the Device os Version
315
Deleting the Device os Version
316
Upgrading Device Support
316
Managing License Keys (Screenos Only)
316
Installing License Keys on a Device
317
Importing License Key Information into NSM
317
Installing Trial License Keys
317
Viewing and Reconciling Device Inventory
318
Viewing the Device Inventory
318
Figure 70: Viewing the Device Inventory
319
Comparing and Reconciling Device Inventory
319
Figure 71: Comparing the Device Inventory with the NSM Database
320
Uploading and Linking Large Binary Data Files
322
Figure 72: Adding a Shared Binary Data Object
323
Figure 73: Linking to a Shared Binary Data Object
324
Importing Custom Sign-In Pages
324
Creating a Custom Sign-In Page
325
Linking to a Custom Sign-In Page Shared Object
325
Importing Antivirus Live Update Settings
325
Linking to a Live Update File Shared Object
326
Importing Endpoint Security Assessment Plug-In (ESAP) Packages
326
Uploading ESAP Packages
326
Linking to an ESAP Package Shared Object
327
Importing Third-Party Host Checker Policies
327
Uploading a Third-Party Host Checker Policy
327
Linking to a Third-Party Host Checker Policy Shared Object
328
Uploading a Secure Virtual Workspace Wallpaper Image
328
Importing Hosted Java Applets (Secure Access Devices Only)
329
Linking to a Hosted Java Applet Shared Object
329
Uploading a Java Applet
329
Importing a Custom Citrix Client .Cab File (Secure Access Devices Only)
330
Linking to a Custom Citrix .Cab File Shared Object
330
Uploading a Custom Citrix Client .Cab File
330
Backing up and Restoring SA and IC Devices
330
Backing up an SA or IC Device
331
Restoring SA or IC Devices
331
Backing up Multiple SA or IC Devices
331
Configuring Preferences for Backing up and Restoring SA or IC Devices
331
Viewing Backed up Versions for an SA or IC Device
332
Setting the RMA State on an SA/IC Device
332
Activating an SA/IC Device Set to the RMA State
333
Performing a Full Restore of an SA or IC Device
334
Managing User Sessions for SA and IC Devices
334
Activating Subscription Services
335
Managing the Attack Object Database
335
Updating the Attack Object Database
336
Updating Attack Objects for IDP-Enabled Devices
336
Updating DI Attacks on Screenos 5.0 Devices
338
Using Updated Attack Objects
339
Verifying the Attack Object Database Version
339
Automatic Verification
339
Managing Different Attack Database Versions
340
Manual Verification
340
Versions
341
Updating the IDP Detector Engine
341
Figure 74: Attack Update Summary
342
Example: Confirm IDP Engine Version
342
Scheduling Security Updates
342
Table 30: Scheduled Security Update (SSU) Command Line Parameters
343
Example: Update Attack Objects and Push to Connected Devices
344
Scheduling the Update
344
Example: Using Crontab to Schedule Attack Updates
345
Viewing Scheduled Security Updates in the Audit Log Viewer
346
Viewing Scheduled Security Updates in the Job Manager
346
Updating AV Pattern Files
346
Updating the Web Category List
346
Miscellaneous Device Operations
347
Launching a Telnet CLI Window
348
Launching a Web UI for a Device
348
Rebooting Devices
348
Refreshing DNS Entries
349
Updating the Device Clock with an NTP Server
349
Setting the Root Administrator on a Device
350
Failing over or Reverting Interfaces
351
Setting the RMA State on a Device
351
Troubleshooting a BGP Peer Session on a Device
352
Upgrading the os Version During an RMA-Activate Device Workflow
352
Finding Usages
353
Reactivating Wireless Connections
353
Managing Screenos Device Capabilities
353
Abstract Data Model
354
Data Model Schema
354
Data Model Updating
355
Figure 76: Data Model Update
356
Data Model Importing
357
Figure 77: Data Model Importing
358
Figure 75: Import/Update Architecture
354
Archiving and Restoring
359
Archiving Logs and Configuration Data
359
Restoring Logs and Configuration Data
360
Managing Device Schemas through the Juniper Update Mechanism
360
Downloading Schemas
361
Downloading Schemas Using the GUI Server CLI
362
Downloading Schemas Using the NSM UI
362
Applying a Schema
363
Advertisement
Juniper NETWORK AND SECURITY MANAGER 2010.3 Manual (530 pages)
M-series and MX-series Devices Guide
Brand:
Juniper
| Category:
Software
| Size: 6 MB
Table of Contents
Table of Contents
7
About this Guide
27
Audience
27
Documentation Conventions
27
Objectives
27
Table 1: Notice Icons
28
Table 2: Text Conventions
28
About this Guide
29
Documentation
29
Table 3: Syntax Conventions
29
Table 4: Network and Security Manager Publications
29
Requesting Technical Support
30
Self-Help Online Tools and Resources
31
Opening a Case with JTAC
31
Getting Started
33
Before You Begin Adding M-Series and MX-Series Devices
33
Chapter 1 Getting Started with NSM
35
Introduction to Network and Security Manager
35
Installing NSM
35
Role-Based Administration
36
Chapter 2 Understanding the JUNOS CLI and NSM
37
NSM and Device Management Overview
37
Understanding the CLI and NSM
38
Comparing the CLI to the NSM UI
39
Understanding the JUNOS CLI and NSM
39
Figure 1: Overview of the User Interface
40
NSM Services Supported for M-Series and MX-Series Devices
42
How NSM Works with the CLI and Distributed Data Collection
43
Device Schemas
44
Figure 2: NSM Network Architecture
44
Communication between a Device and NSM
45
Tree
45
Chapter 3 Before You Begin Adding M-Series and MX-Series Devices
47
M-Series and MX-Series Devices Supported by NSM
47
Table 5: M-Series Internet Routers and MX-Series Internet Service Routers
47
Considering the Device Status
48
Configuring a Deployed M-Series or MX-Series Device for Importing to NSM
48
The Device
49
Check Network Connectivity
49
Check Connectivity to the NSM Server
49
Configure a Static Route to the NSM Server
50
Establish a Telnet or an Sshv2, and a NETCONF Protocol over SSH Connection to the NSM Server
51
Integrating M-Series and MX-Series Devices
53
Updating M-Series and MX-Series Devices Overview
53
Adding M-Series and MX-Series Devices Overview
55
Chapter 4 Adding M-Series and MX-Series Devices Overview
55
About Device Creation
55
Supported Add Device Workflows for M-Series and MX-Series Devices
56
Importing Devices Overview
57
Modeling Devices Overview
58
Adding Multiple Devices Using Automatic Discovery (JUNOS Software Devices
58
Only)
59
Adding Device Groups Overview
59
Adding Multiple Devices Using Automatic Discovery (JUNOS Software Devices Only)
59
Chapter 5 Updating M-Series and MX-Series Devices Overview
61
About Updating M-Series and MX-Series Devices
61
How the Update Process Works
62
Job Manager
63
Updating M-Series and MX-Series Devices Overview
63
Tracking Updated Devices Using Job Manager
64
Reviewing Job Information Displayed in Job Manager
65
Figure 3: Job Information Dialog Box
65
Device States Displayed in Job Manager During Update
66
Related Topics
66
Understanding Updating Errors Displayed in the Job Manager
67
Table 6: Device States During Update
67
Figure 4: Failed Update Job Information Dialog Box
68
Configuring M-Series and MX-Series Devices
71
Configuring M-Series and MX-Series Devices Overview
71
Configuring Access
71
Configuring Accounting Options
71
Configuring Applications
71
Configuring Bridge Domains
71
Configuring Chassis
71
Configuring Authentication
71
Configuring Class of Service Features
71
Configuring Event Options
71
Chapter 6 Configuring M-Series and MX-Series Devices Overview
73
About Device Configuration
73
M-Series and MX-Series Device Configuration Settings Supported in NSM
74
Table 7: the JUNOS Configuration Hierarchy and the NSM Configuration
74
Configuring M-Series and MX-Series Devices
75
Configuring Device Features
76
Example: Configuration of Interfaces for MPLS in the CLI and NSM
77
Figure 5: MPLS Configuration in the CLI
77
Configuring M-Series and MX-Series Devices
77
Figure 6: MPLS Configuration in NSM
78
Configuring Access
79
Chapter 7 Configuring Access
79
Configuring Address-Assignment Pools (NSM Procedure)
79
Table 8: Address Assignment Configuration Details
80
Configuring Access Address Pools (NSM Procedure)
82
Configuring Access Group Profile (NSM Procedure)
83
Table 9: Access Address Pool Configuration Details
83
Table 10: Access Group Profile Configuration Details
83
Configuring the LDAP Options (NSM Procedure)
84
Configuring the LDAP Server (NSM Procedure)
85
Table 11: LDAP Options Configuration Details
85
Configuring Access Profiles for L2TP or PPP Parameters (NSM Procedure)
86
Table 12: LDAP Server Configuration Details
86
Configuring Access Profile (NSM Procedure)
87
Configuring Accounting Parameters for Access Profiles
87
Procedure)
87
Table 13: Access Profile Properties Configuration Details
87
Configuring the Accounting Order (NSM Procedure)
88
Table 14: Accounting Parameter Configuration Details
88
Configuring the Authentication Order (NSM Procedure)
89
Configuring the Authorization Order (NSM Procedure)
89
Table 15: Accounting Order Configuration Details
89
Table 16: Authentication Order Configuration Details
89
Configuring the L2TP Client (NSM Procedure)
90
Table 17: Authorization Order Configuration Details
90
Table 18: Client Configuration Details
90
Configuring the Client Filter Name (NSM Procedure)
91
Configuring the LDAP Options (NSM Procedure)
92
Table 19: Client Filter Name Configuration Details
92
Table 20: Ldap Options Configuration Details
92
Configuring the LDAP Server (NSM Procedure)
93
Configuring the Provisioning Order (NSM Procedure)
94
Table 21: Ldap Server Configuration Details
94
Table 22: Provisioning Order Configuration Details
94
Configuring RADIUS Parameters for AAA Subscriber Management
95
Procedure)
95
Table 23: RADIUS Parameter Configuration Details
95
Configuring the RADIUS Parameters (NSM Procedure)
98
Table 24: RADIUS Parameters Configuration Details
98
Configuring Session Limit (NSM Procedure)
99
Configuring the RADIUS for Subscriber Access Management, L2TP, or PPP
99
(NSM Procedure)
99
Table 25: RADIUS Server Configuration Details
99
Configuring the RADIUS for Subscriber Access Management, L2TP, or PPP (NSM Procedure)
100
Table 26: Session Limit Configuration Details
100
Configuring the Securid Server (NSM Procedure)
101
Table 27: RADIUS Server Configuration Details
101
Configuring the Access Profile (NSM Procedure)
102
Table 28: Securid Server Configuration Details
102
Table 29: Access Profile Configuration Details
102
Chapter 8 Configuring Accounting Options
103
Configuring Accounting Options (NSM Procedure)
103
Configuring Class Usage Profiles (NSM Procedure)
103
Configuring a Log File (NSM Procedure)
104
Table 30: Class Usage Profile Configuration Details
104
Configuring the Filter Profile (NSM Procedure)
105
Table 31: Log File Configuration Details
105
Configuring the Interface Profile (NSM Procedure)
106
Table 32: Filter Profile Configuration Details
106
Configuring the Policy Decision Statistics Profile (NSM Procedure)
107
Table 33: Interface Profile Configuration Details
107
Configuring the MIB Profile (NSM Procedure)
108
Table 34: Policy Decision Statistics Profile Configuration Details
108
Configuring the Routing Engine Profile (NSM Procedure)
109
Table 35: MIB Profile Configuration Details
109
Table 36: Routing Engine Profile Configuration Details
110
Configuring Applications
111
Chapter 9 Configuring Applications
111
Configuring the Application and Application Set (NSM Procedure)
111
Table 37: Applications Configuration Details
112
Chapter 10 Configuring Bridge Domains
113
Configuring Bridge Domains Properties (NSM Procedure)
113
Configuring a Bridge Domain (NSM Procedure)
113
Configuring Layer 2 Learning and Forwarding Properties for a Bridge Domain (NSM Procedure)
114
Table 38: Bridge Domain Configuration Details
114
Table 39: Bridge Options Configuration Details
115
Configuring Forwarding Options (NSM Procedure)
116
Table 40: Forwarding Options Configuration Details
116
Configuring Logical Interfaces (NSM Procedure)
117
Configuring Multicast Snooping Options (NSM Procedure)
118
Table 41: Logical Interface Configuration Details
118
Table 42: Multicast Snooping Options Configuration Details
119
Configuring IGMP Snooping (NSM Procedure)
121
Table 43: Igmp Snooping Configuration Details
122
Configuring VLAN ID (NSM Procedure)
126
Table 44: VLAN ID Configuration Details
127
Configuring Chassis
129
Chapter 11 Configuring Chassis
129
Configuring Aggregated Devices (NSM Procedure)
129
Configuring Chassis Alarms (NSM Procedure)
130
Table 45: Aggregated Devices Configuration Details
130
Configuring Container Interfaces (NSM Procedure)
131
Table 46: Chassis Alarms Configuration Details
131
Table 47: Container Interfaces Configuration Details
131
Configuring Chassis FPC (NSM Procedure)
132
Table 48: FPC Configuration Details
132
Configuring a T640 Router on a Routing Matrix (NSM Procedure)
137
Table 49: Lcc Configuration Details
137
Configuring Routing Engine Redundancy (NSM Procedure)
142
Table 50: Chassis Redundancy Configuration Details
142
Configuring a Routing Engine to Reboot or Halt on Hard Disk Errors (NSM Procedure)
143
Table 51: Chassis Routing Engine Configuration Details
144
Configuring Authentication
145
Chapter 12 Configuring Authentication
145
Configuring RADIUS Authentication (NSM Procedure)
145
Table 52: RADIUS Authentication Configuration Details
145
Configuring TACACS+ Authentication (NSM Procedure)
146
Table 53: TACACS+ Authentication Configuration Details
146
Configuring Authentication Order (NSM Procedure)
147
Configuring User Access (NSM Procedure)
148
Configuring Login Classes
148
Table 54: Login Class Authentication Configuration Details
148
Configuring User Accounts
149
Configuring Template Accounts (NSM Procedure)
149
Table 55: User Authentication Configuration Details
149
Creating a Remote Template Account
150
Table 56: Remote Template Account Details
150
Creating a Local Template Account
151
Table 57: Local Template Account Details
151
Chapter 13 Configuring Class of Service Features
153
Configuring Cos Classifiers (NSM Procedure)
154
Table 58: Configuring and Applying Behavior Aggregate Classifiers
154
Configuring Cos Code Point Aliases (NSM Procedure)
156
Configuring Cos Drop Profile (NSM Procedure)
157
Table 59: Configuring Code Point Aliases
157
Table 60: Drop Profile Configuration Fields
158
Configuring Cos Forwarding Classes (NSM Procedure)
159
Table 61: Assigning Forwarding Classes to Output Queues
160
Configuring Cos Forwarding Policy (NSM Procedure)
161
Table 62: Forwarding Policy Configuration Details
161
Configuring Cos Fragmentation Maps (NSM Procedure)
162
Configuring Cos Host Outbound Traffic (NSM Procedure)
163
Table 63: Fragmentation Maps Configuration Details
163
Configuring Cos Interfaces (NSM Procedure)
164
Table 64: Host Outbound Traffic Configuration Details
164
Table 65: Interfaces Configuration Fields
165
Configuring Cos Routing Instances (NSM Procedure)
170
Table 66: Routing Instances Configuration Details
170
Configuring Cos Schedulers (NSM Procedure)
171
Table 67: Configuring Schedulers
172
Configuring Cos and Applying Scheduler Maps (NSM Procedure)
173
Table 68: Assigning Forwarding Classes to Output Queues
173
Configuring Cos Restricted Queues (NSM Procedure)
174
Configuring Tracing Operations (NSM Procedure)
175
Table 69: Restricted Queue Configuration Details
175
Table 70: Traceoptions Configuration Details
175
Configuring Cos Traffic Control Profiles (NSM Procedure)
176
Configuring Cos Translation Table (NSM Procedure)
177
Table 71: Traffic Control Profile Configuration Details
177
Table 72: Translation Table Configuration Details
178
Chapter 14 Configuring Event Options
183
Configuring Destinations for File Archiving (NSM Procedure)
183
Table 73: Destination Configuration Details
183
Configuring Event Script (NSM Procedure)
184
Table 74: Event Script Configuration Details
185
Generating Internal Events (NSM Procedure)
186
Configuring Event Policy (NSM Procedure)
186
Table 75: Generate Event Details
186
Table 76: Configure Event Policy Details
187
Configuring Event Policy Tracing Operations (NSM Procedure)
189
Table 77: Event Options Traceoptions Configuration Details
190
Configuring Firewall
191
Chapter 15 Configuring Firewall
191
Configuring the Firewall Filter for any Family Type (NSM Procedure)
191
Table 78: Firewall Filter Configuration Details
192
Configuring the Firewall Filter for Bridge Family Type (NSM Procedure)
193
Table 79: Bridge Filter Configuration Details
193
Configuring the Firewall Filter for CCC Family Type (NSM Procedure)
195
Table 80: CCC Filter Configuration Details
195
Configuring Filters for Inet Family Type (NSM Procedure)
197
Configuring Firewall Filter for Inet Family Type (NSM Procedure)
197
Table 81: Firewall Filter Configuration Details
197
Configuring Prefix-Specific Actions (NSM Procedure)
199
Configuring Service Filters (NSM Procedure)
200
Table 82: Prefix Actions Details
200
Table 83: Service Filter Configuration Details
200
Configuring Simple Filters (NSM Procedure)
201
Configuring Filters for Inet6 Family Type (NSM Procedure)
202
Table 84: Simple Filter Details
202
Configuring Firewall Filter for Inet6 Family Type (NSM Procedure)
203
Table 85: Inet6 Firewall Filter Configuration Details
203
Configuring Service Filters for Inet6 (NSM Procedure)
205
Table 86: Inet6 Service Filter Configuration Details
205
Configuring the Firewall Filter for MPLS Family Type (NSM Procedure)
206
Table 87: MPLS Firewall Filter Configuration Details
207
Configuring the Firewall Filter for VPLS Family Type (NSM Procedure)
209
Table 88: VPLS Firewall Filter Configuration Details
210
Configuring a Policer for a Firewall Filter
212
Table 89: Configuring a Policer for a Firewall Filter
212
Juniper NETWORK AND SECURITY MANAGER 2010.3 Manual (160 pages)
Configuring Intrusion Detection and Prevention Devices Guide
Brand:
Juniper
| Category:
Software
| Size: 1 MB
Table of Contents
Table of Contents
7
About this Guide
11
Objectives
11
Audience
11
Conventions
11
List of Technical Publications
13
Requesting Technical Support
14
Self-Help Online Tools and Resources
14
Opening a Case with JTAC
15
Chapter 1 Intrusiondetectionandpreventiondeviceandnsminstallation
17
Getting Started
17
Overview
17
Intrusion Detection and Prevention Device Installation Overview
19
NSM Installation Overview
19
Chapter 2 Understandingintrusiondetectionandpreventiondeviceconfiguration
21
And Integration Overview
21
NSM and Intrusion Detection and Prevention Device Management Overview
21
Intrusion Detection and Prevention Services and Device Configurations Supported
21
Intrusion Detection and Prevention Services and Device Configurations Supported
22
In NSM
22
Adding Intrusion Detection and Prevention Devices in NSM Overview
24
Adding Intrusion Detection and Prevention Clusters in NSM Overview
24
Using Templates and Configuration Groups in NSM Overview
24
Configuring Intrusion Detection and Prevention Devices
27
Chapter 3 Configuring Profiler Settings
29
Configuring Profiler Options (NSM Procedure)
29
Specifying General Options
30
Specifying Tracked Hosts
32
Specifying Context Targets
33
Specifying Alert Options
34
Viewing Profiler Logs (NSM Procedure)
36
Application Profiler
36
Protocol Profiler
38
Network Profiler
39
Violation Viewer
40
Modifying Profiler Settings (NSM Procedure)
41
Configuring Profiler Database Preferences (NSM Procedure)
42
Displaying Profiler Database Information (NSM Procedure)
43
Querying the Profiler Database (NSM Procedure)
44
Purging the Profiler Database (NSM Procedure)
44
Chapter 4 Configuring Security Policies
47
Intrusion Detection and Prevention Devices and Security Policies Overview
47
Configuring Predefined Security Policies (NSM Procedure)
49
Creating a New Security Policy (NSM Procedure)
50
Modifying IDP Rulebase Rules (NSM Procedure)
52
Specifying Rule Match Conditions
53
Specifying IDP Rulebase Attack Objects
54
Specifying Rule Session Action
55
Specifying Rule IP Action
57
Specifying Rule Notification Options
58
Specifying Rule VLAN Matches
58
Specifying Rule Targets
59
Specifying Rule Severity
59
Specifying Rule Optional Fields
60
Specifying Rule Comments
60
Configuring Exempt Rulebase Rules (NSM Procedure)
61
Configuring Backdoor Rulebase Rules (NSM Procedure)
63
Configuring SYN Protector Rulebase Rules (NSM Procedure)
65
Configuring Traffic Anomalies Rulebase Rules (NSM Procedure)
67
Configuring Network Honeypot Rulebase Rules (NSM Procedure)
70
Configuring Application Rulebase Rules (NSM Procedure)
73
Advertisement
Advertisement
Related Products
Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01
Juniper NETWORK AND SECURITY MANAGER 2010.4 - API GUIDE REV 1
Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1
Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING J SERIES SERVICES ROUTERS AND SRX SERIES SERVICES GATEWAYS GUIDE REV
Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1
Juniper NETWORK AND SECURITY MANAGER 2010.4 - NSMXPRESS SERIES II REV 1
Juniper NETWORK AND SECURITY MANAGER 2010.4 - REV1
Juniper Categories
Network Router
Switch
Gateway
Software
Network Hardware
More Juniper Manuals
Login
Sign In
OR
Sign in with Facebook
Sign in with Google
Upload manual
Upload from disk
Upload from URL