manualshive.com logo in svg

Juniper NETWORK AND SECURITY MANAGER 2010.4 - API GUIDE REV 1, Manual

The Juniper NETWORK AND SECURITY MANAGER 2010.4 - API GUIDE REV 1 manual is a comprehensive guide for users looking to enhance their network and security management capabilities. This manual is available for free download on manualshive.com, providing detailed instructions on how to utilize the API for optimal performance.

Share
Download
background image

Table 11: NSM Policy Data Elements

(continued)

Description

Data Element

Reference of the multicast rulebase. Multicast rule data elements are included in a security policy.
For more information, see “Multicast (rb_multicast_collection)” on page 43.

multicast

Reference of the IDP rulebase, Idp rule data elements are included in a security policy. For more
information, see “IDP (rb_idp_collection)” on page 39.

idp

Reference of the Exempt rulebase. Exempt rule data elements are included in a security policy. For
more information, see “Exempt (rb_exempt_collection)” on page 30.

exempt

Reference of the backdoor rulebase. Backdoor rule data elements are included in a security policy.
For more information, see “Backdoor (rb_backdoor_collection)” on page 25.

backdoor

Network Honeypot (portfaker) rulebase. These data elements are included in a security policy. For
more information, see “Traffic Anomalies (rb_tsig_collection)” on page 48.

portfaker

Reference of the SYN Protector rulebase, These data elements are included in a security policy. For
more information, see “SYN Protector (rb_syndef_collection)” on page 45.

syndef

Traffic Anomalies rulebase. These data elements are included in a security policy. For more
information, see “Traffic Anomalies (rb_tsig_collection)” on page 48.

tsig

Security Rulebases

NSM security policies are configured by applying rules that are grouped into rulebases.
Each rulebase can contain one or more rules, which are statements that define specific
types of network traffic. When traffic passes through a security device, the device attempts
to match that traffic against its list of rules. If a rule is matched, the device performs the
action defined in the rule against the matching traffic. Zone rules enable traffic to flow
between zones (interzone) or between two interfaces bound to the same zone (intrazone).
Global rules are valid across all zones available on the device. Security devices process
rules in the zone-specific rulebase first, and then rules in the global rulebase.

The NSM API data model supports the security policy rulebases summarized in the
following sections.

Backdoor (rb_backdoor_collection)

The backdoor rulebase collection (rb_backdoor_collection) contains rules that enable
NSM to detect attempted backdoor intrusions. A backdoor is a mechanism installed on
a host computer that enables unauthorized access to the system. Attackers who have
already compromised a system can install a backdoor to make future attacks easier.
When attackers type commands to control a backdoor, they generate interactive traffic.
Unlike antivirus software, which scans for known backdoor files or executables on the
host system, IDP detects the interactive traffic that is produced when backdoors are
used. If interactive traffic is detected, IDP can perform IP actions against the connection
to prevent the attacker from further compromising your network.

25

Copyright © 2010, Juniper Networks, Inc.

Chapter 5: Security Data Model

Summary of Contents for NETWORK AND SECURITY MANAGER 2010.4 - API GUIDE REV 1

Page 1: ...Juniper Networks Network and Security Manager API Guide Release 2010 4 Published 2010 11 17 Revision 1 Copyright 2010 Juniper Networks Inc...

Page 2: ...of the GateD software copyright 1988 Regents of the University of California All rights reserved Portions of the GateD software copyright 1991 D L S Associates This product includes software develope...

Page 3: ...re physically contained on a single chassis c Product purchase documents paper or electronic user documentation and or the particular licenses purchased by Customer may specify limits to Customer s us...

Page 4: ...ATE WITHOUT ERROR OR INTERRUPTION OR WILL BE FREE OF VULNERABILITY TO INTRUSION OR ATTACK In no event shall Juniper s or its suppliers or licensors liability to Customer whether in contract tort inclu...

Page 5: ...ree years from the date of distribution Such request can be made in writing to Juniper Networks Inc 1194 N Mathilda Ave Sunnyvale CA 94089 ATTN General Counsel You may obtain a copy of the GPL at http...

Page 6: ...Copyright 2010 Juniper Networks Inc vi...

Page 7: ...ric Service XML Subtree Filter 8 Data Centric Service Operations 9 Job Service API 11 Log Service API 13 Part 2 API Data Types Chapter 3 Data Objects 17 API Data Objects 17 Chapter 4 Common Message Da...

Page 8: ...NSM API 81 Login and Logout 81 Chapter 8 Using the API to Manage Shared Objects 83 Using the Perl Client Library with Address Objects 83 Add Address Objects 83 Replace an Address Object 85 Rename Add...

Page 9: ...Update a List of Devices 113 Get a Configuration Summary 113 Get a Running Configuration 114 Get the Delta Configuration 115 Cancel a Job Request 115 Chapter 13 Using APIs for Device Management 117 R...

Page 10: ...Copyright 2010 Juniper Networks Inc x Network and Security Manager 2010 4 API Guide...

Page 11: ...igure 8 Firewall Rulebase 33 Figure 9 Firewall policy_type 34 Figure 10 IDP Rulebase 40 Figure 11 Multicast Rulebase 44 Figure 12 SYN Protector Rulebase 46 Figure 13 Traffic Anomalies Rulebase 49 Figu...

Page 12: ...Copyright 2010 Juniper Networks Inc xii Network and Security Manager 2010 4 API Guide...

Page 13: ...Security Data Model 23 Table 11 NSM Policy Data Elements 24 Table 12 Backdoor Rulebase Data Elements 27 Table 13 Exempt Rulebase Data Elements 31 Table 14 Firewall Data Elements 35 Table 15 IDP Ruleb...

Page 14: ...Table 28 Global MIP Data Elements 69 Table 29 Global VIP Data Elements 70 Table 30 URL Filter Data Collection 71 Copyright 2010 Juniper Networks Inc xiv Network and Security Manager 2010 4 API Guide...

Page 15: ...elopers and network administrators who configure and monitor Juniper Networks DMI and non DMI compliant device routing platforms Customers with technical knowledge of networks and the Internet Network...

Page 16: ...cal Objects Indicates navigation paths through the UI by clicking menu options and links The angle bracket Table 2 on page xvi defines syntax conventions used in this guide Table 2 Syntax Conventions...

Page 17: ...ation and management It also explains how to configure basic and advanced NSM functionality including deploying new device configurations managing security policies and VPNs and general device adminis...

Page 18: ...net Download the latest versions of software and review release notes http www juniper net customers csc software Search technical bulletins for relevant hardware and software notifications https www...

Page 19: ...Security Manager NSM Application Programming Interface API with a brief overview summary of the required client environment list of the component APIs and examples Overview on page 3 NSM API Operatio...

Page 20: ...Copyright 2010 Juniper Networks Inc 2 Network and Security Manager 2010 4 API Guide...

Page 21: ...guage WSDL supported by a range of development tools You can use a third party SOAP development tool to generate programming language objects and stubs from the WSDL that specifies the message schema...

Page 22: ...from problems with application level data on the client side or on the server side The request is missing a required field In this case the request is not sent out from the client side The request is...

Page 23: ...This complexType data has the following sequence ErrorNumber Unique number that identifies the particular error condition type unsignedInt This data element is only used by the server ErrorMessage Bri...

Page 24: ...Copyright 2010 Juniper Networks Inc 6 Network and Security Manager 2010 4 API Guide...

Page 25: ...rvice API WSDL on page 129 Table 5 System Service API Operations Description Operation Log into NSM server Request domainName Domain supplied during login The user logs in to this domain NOTE Use glob...

Page 26: ...ccess requests retrieves the data from NSM conducts any necessary transformations and sends the transformed data back as responses This section introduces the XML subtree filter used with the service...

Page 27: ...be applied to the result type ObjectFilterType metadataOnly If true only the metadata is returned Otherwise the entire object is returned Response object GetObjectDependentRequest Gets objects in one...

Page 28: ...ectLockStatus UnlockObjectRequest Modifies the object All commands in the request are executed in one transaction ModifyObjectViewRequest supports the following operations Update Node Insert node befo...

Page 29: ...edInt objectFilter Filter to be applied to the result type ObjectFilterType Response object ResolveObjectReferenceRequest Job Service API The Job Service API processes command directives to configure...

Page 30: ...Name Name of the job scheduleTime Time when the job will run If not specified the job will run immediately jobArgs List of the devices to which the job applies Response JobResponseType status Job stat...

Page 31: ...nName Name of the domain associated with the job domainId ID of the domain jobName Name of the job Response JobResponseType status Job status jobName Name of the job response Response to the job GetJo...

Page 32: ...a that triggers the log Request dayId Identifier for the day recordNum Record number Response numPackets Number of packets returned triggerPacket Packet triggering the log event data Log data GetPacke...

Page 33: ...PART 2 API Data Types Data Objects on page 17 Common Message Data Types on page 21 Security Data Model on page 23 15 Copyright 2010 Juniper Networks Inc...

Page 34: ...Copyright 2010 Juniper Networks Inc 16 Network and Security Manager 2010 4 API Guide...

Page 35: ...identified by a tuple domain category object id The XML representation of the data objects conforms to the XML schemas illustrated later in this chapter Objects are referenced by name or ID Reference...

Page 36: ...exType data code base64Binary element has one value attribute name dataFormat type DataFormatType OpaqueDataType This complexType data code has the following sequence domainId ID of the domain type un...

Page 37: ...ata code has the following sequence subCategory Subcategory under category type string data Subobject data type OpaqueDataType SubObjectDataType This complexType data code has the following sequence o...

Page 38: ...s complexType data code has the following sequence ConversationId Identifier for the message conversation type string UserSessionContext Describes the context of the user session type anyType AuditLog...

Page 39: ...impleResponseType Data Types on page 21 SimpleRequestType and SimpleResponseType Data Types The frequently used data types SimpleRequestType and SimpleResponseType are illustrated in Figure 3 on page...

Page 40: ...ollowing sequence ConversationContext Context of the message conversation type ConversationContextType AuthToken Token returned for the simple request type AuthTokenType SimpleRequestType Base type de...

Page 41: ...age 25 Service service_collection on page 54 Address address_collection_type on page 56 Schedule Object scheduleobj_collection_type on page 57 Attack attack_collection on page 58 Antivirus avobj_colle...

Page 42: ...er pre policy mompost central manager post policy accesstype Optional Effective start date for the NSM security policy createFrom Collection of references of rulebases For more information see Securit...

Page 43: ...ch rulebase can contain one or more rules which are statements that define specific types of network traffic When traffic passes through a security device the device attempts to match that traffic aga...

Page 44: ...destination and any interactive services that can be installed and used by attackers For configuration procedures see the NSM Online Help and the NSM Administrator s Guide The data elements in the bac...

Page 45: ...or Rulebase Data Elements Description Data Element Name of the backdoor rule type string name_ Collection of all sets of rules rules_collection Collection of all rules rules 27 Copyright 2010 Juniper...

Page 46: ...u to determine which rules are on specific devices preferred id Comments about the backdoor rules comments Rule group name rb link Custom options customOptions_collection Collection enabled enabled Th...

Page 47: ...hoose an action to perform if backdoor traffic is detected op If this parameter is enabled the API logs an attack and creates log records with attack information You can display this information real...

Page 48: ...the IDP rulebase Before you create exempt rules you must create rules in the IDP rulebase If traffic matches a rule in the IDP rulebase IDP attempts to match the traffic against the rules in the exem...

Page 49: ...ement Name of the exempt type name_ Collection of all sets of rules rules_collection Collection of all rules rules Row count per rule in the collection rowcountperrule_collection Next preferred ID nex...

Page 50: ...Negates the specified destination address dst_addr_negate Exempt type service service The attacks that IDP will exempt for the specified source destination address You must include at least one attach...

Page 51: ...s A security policy can contain two firewall rulebases zone specific and global The data elements in the firewall rulebase are illustrated and described in Figure 8 on page 33 Figure 9 on page 34 and...

Page 52: ...Figure 9 Firewall policy_type Copyright 2010 Juniper Networks Inc 34 Network and Security Manager 2010 4 API Guide...

Page 53: ...of the traffic source src_addr_collection Negates the specified source negate_src All VIPs Boolean dst all vip Destination address for the traffic dst_addr_collection Negates the specified destination...

Page 54: ...ough the Web UI or CLI the rule appears as an individual policy The individual policy on the device has the same ID as the rule in the management system enabling you to determine which rules are on sp...

Page 55: ...esponds with a login prompt After the remote user provides a user name and password NSM attempts to authenticate the user credentials If authentication succeeds NSM permits the remote user to establis...

Page 56: ...MGCP_UA PPTP RSH SCCP AIM YMSG SMB MSN NBNAME NBDS NAS NONE No application specified default application Security devices running ScreenOS 5 3 or later support Deep Inspection A Deep Inspection DI Pro...

Page 57: ...P rb_idp_collection The IDP rb_idp_collection rulebase includes IDP rules that protect your network from attacks by using attack objects to identify malicious activity and take action When you create...

Page 58: ...Figure 10 IDP Rulebase Copyright 2010 Juniper Networks Inc 40 Network and Security Manager 2010 4 API Guide...

Page 59: ...y The individual policy on the device has the same ID as the rule in the management system enabling you to determine which rules are on specific devices preferred id Rule group name rb link The source...

Page 60: ...for detecting attacks attacks Enables and configures an IP action to prevent future malicious connections from the attacker s IP address ipaction Deep inspection alert log log This parameter configur...

Page 61: ...rity devices do not permit multicast control traffic such as IGMP and PIM SM messages to cross security devices However you can secure device multicast control traffic through access lists You can cre...

Page 62: ...tion Collection of row count per rules rowcountperrule_collection Marks the start point for the zone in which to use the device useDeviceZoneFrom Marks the end point for the zone in which to use the d...

Page 63: ...translates the original multicast group address to another address that you specified dst group The rule applies to this type of multicast control traffic message_type Bi directional policy bi directi...

Page 64: ...Protector rules rb_syndef Name of SYN Protector rule name_ Collection of all sets of rules rules_collection Row count per rule in the collection rowcountperrule_collection Collection of all rules rul...

Page 65: ...tablished mode Severity of the attack Within the IDP rulebase you can override the ordinary attack severity on a per rule basis Possible settings Default Info Warning Minor Major Critical severity You...

Page 66: ...multiple security devices on which to install the rule target_collection Traffic Anomalies rb_tsig_collection The traffic anomalies rb_tsig_collection rulebase protect your network from attacks by us...

Page 67: ...ts Description Data Element Traffic anomalies rules rb_tsig Name of the traffic rule collection name_ Collection of all sets of rules rules_collection Row count per rule in the collection rowcountperr...

Page 68: ...recording the count of unique IP addresses and a time interval during which the IDP Sensor records count of that number of number of distributed addresses or ports For example the IP Count is 4 and th...

Page 69: ...must create VLAN objects before applying them to the rules Rules with this value set cannot be sent to devices that do not support VLAN tagging vlan Severity of the attack Within the IDP rulebase you...

Page 70: ...t Network honeypot portfaker rules rb_portfaker Name of the portfaker type name_ Collection of all sets of rules rules_collection Row count per rule in the collection rowcountperrule_collection Collec...

Page 71: ...he log This can include configuring SNMP Syslog CSV XML script and e mail settings log actions This parameter configures a rule that only applies to messages in specified VLANs The possible settings a...

Page 72: ...multiple security devices on which to install the rule target_collection Service service_collection The service collection service_collection defines services These services represent the types of IP...

Page 73: ...See Address address_collection_type on page 56 Table 20 Service Collection Data Elements Description Data Element Service rule collection service Name of the service name_ Service type service Group g...

Page 74: ...ons Address address_collection_type The address collection address_collection_type enables you to work with addresses Addresses are the workstations routers switches subnetworks and other components t...

Page 75: ...host network or group type Comments about the address collection comment Schedule Object scheduleobj_collection_type The schedule object collection scheduleobj_collection_type enables you to work with...

Page 76: ...n once_enabled Enabled for recurrent use recurrent_enabled One time schedule type once Recurrent collection recurrent_collection Comments about the scheduler type comment Attack attack_collection The...

Page 77: ...the object type compound attack object protocol anomaly object and signature of the attack The signature can provide information about the protocol and context used to perpetrate the attack whether o...

Page 78: ...These data elements are described in Table 23 on page 61 Copyright 2010 Juniper Networks Inc 60 Network and Security Manager 2010 4 API Guide...

Page 79: ...lse positives false positives_collection Direction collection direction_collection User defined services See Service service_collection on page 54 service_collection Attack category category Keywords...

Page 80: ...modified Operating system operating system Version ID versions_collection Member list supercedes_collection Antivirus avobj_collection The Antivirus collection avobj_collection enables you to configu...

Page 81: ...e of the antivirus type name_ Antivirus type av Comments about the Antivirus type comment Anitvirus source source All antivirus types all All of the object sequence collection obj_seq_collection Scan...

Page 82: ...TP http GTP gtpobj_collection_type The GPRS Tunneling Protocol GTP collection gtp_collection enables you to configure your security policies to handle GTP traffic These data elements are illustrated a...

Page 83: ...Figure 19 GTP Collection Table 25 GTP Collection Data Elements Description Data Element GTP object gtpobj 65 Copyright 2010 Juniper Networks Inc Chapter 5 Security Data Model...

Page 84: ...e length GNS limit limit Inactivity period after which a session is removed from a security device Possible values never no timeout default default period of time user defined user defined inactivity...

Page 85: ...Data Elements Description Data Element DI Profile collection DIProfile Name of the DI Profile type name_ DI Severity di severity Sign category associated with the DIProfile type sigcategory Profile s...

Page 86: ...l DIP collection comment Global DIP source type source Type of Global DIP type Deep inspection profile collection dip_collection Global MIP globalmpi_collection The Global Mapping IP MIP collection gl...

Page 87: ...ent Global MIP source type source Type of Global MIP type MIP mip_collection Global VIP globalvip_collection The Global VIP collection globalvip_collection data elements represent various global virtu...

Page 88: ...IP source type source Type of Global VIP type VIP vip_collection URL Filter Object urlfilter_collection The URL Filter Object collection urlfilter_collection data elements represent various URL filter...

Page 89: ...type name_ Predefined web filter source source Predefined Web profile predefined Web profile urlfilter Name of the URL profile type name_ Type of URL filter object type Comments about the URL filter...

Page 90: ...Filter Data Collection continued Description Data Element Action for all other URLs other Members categories members_collection Copyright 2010 Juniper Networks Inc 72 Network and Security Manager 2010...

Page 91: ...Client environment use the client to access the NSM API and use the API to manage shared objects Installing the Perl Client Environment on page 75 Using the Perl Client to Access the NSM API on page 8...

Page 92: ...Copyright 2010 Juniper Networks Inc 74 Network and Security Manager 2010 4 API Guide...

Page 93: ...version 5 8 8 Perl is available free at http www activestate com Products activeperl index mhtml openssl installed under usr To install the client environment on a Linux Unix machine 1 Launch cpan as...

Page 94: ...cpan Do one of the following Execute the cpan program cpan Run the perl MCPAN e shell perl MCPAN e 2 Update cpan accepting all defaults cpan 1 install cpan 3 Install YAML install YAML 4 Install the C...

Page 95: ...bi_method https my nbi_uri axis2 services my jp_url http juniper net webproxy if defined main ACTIVE_SERVER if scalar main NSM_SERVERS 0 print Couldn t connect to any NSM Servers n exit 1 else main AC...

Page 96: ...quest apiLogin my loginStatus response valueof Body LoginResponse loginStatus status if loginStatus eq Success main LOGIN_TOKEN response valueof Body LoginResponse authToken Token elsif loginStatus eq...

Page 97: ...NOTE If you are using NSMXpress the API client must connect to the TCP Port 443 79 Copyright 2010 Juniper Networks Inc Chapter 6 Installing the Perl Client Environment...

Page 98: ...Copyright 2010 Juniper Networks Inc 80 Network and Security Manager 2010 4 API Guide...

Page 99: ...ary is located in the directory NSROOT GuiVar webproxy clienton NSM server Login and Logout on page 81 Login and Logout Enter the following commands to log into and log out of the Perl Client Library...

Page 100: ...Copyright 2010 Juniper Networks Inc 82 Network and Security Manager 2010 4 API Guide...

Page 101: ...ress Objects on page 83 Using the Perl Client Library with Service Objects on page 87 Using the Perl Client Library with Device Objects on page 91 Using the Perl Client Library with Address Objects Yo...

Page 102: ...ECT_NAME Network i IP 100 100 10 0 MASK 30 COLOR blue put_log WARN msg Error while adding Network objects unless result Add Multicast Enter result address addMulticastObjects OBJECT_NAME Multicast i I...

Page 103: ...1 Log into the Perl client 2 Replace the object Enter for my i 1 i 10 i result address replaceHostObjects OBJECT_NAME Foo i DOMAIN spglab juniper net COLOR green put_log WARN msg Error while replacing...

Page 104: ...ts unless result while my hash shift values put_log INFO msg Result hash OBJECT_ID hash OBJECT_NAME hash DOMAIN hash ZONE result values client getGroupObjects OBJECT_NAME New Group 1 New Group 2 put_l...

Page 105: ...t 6 put_log WARN msg Error while deleting Multicast objects unless result 3 Log out Delete All Address Objects This section shows how to delete all address objects To delete all address objects 1 Log...

Page 106: ...addServiceObjects OBJECT_NAME Service 1 APPLICATION FTP GROUP_MEMBERS members members NOT_ICMP PROTOCOL UDP PROTOCOL TCP SRC_TYPE specific DST_TYPE specific PROTOCOL IGMP SRC_TYPE specific string DST...

Page 107: ...e addGroupObjects OBJECT_NAME Group 2 GROUP_MEMBERS members members BGP EGP result service addGroupObjects OBJECT_NAME Group 3 GROUP_MEMBERS members result service addGlobalObjects OBJECT_NAME Poly 1...

Page 108: ...ile my key val each hashref put_log INFO msg key t val result values service getGroupObjects OBJECT_NAME Group 1 Group 2 Group 3 while my hash shift values put_log INFO msg Result hash OBJECT_ID hash...

Page 109: ...shows how to use the Perl Client Library to delete all Group Global service objects To delete all service objects 1 Log into the Perl client 2 Delete the object Enter my result service deleteAllObject...

Page 110: ...E init SOAP connect 3 Read the object Enter my result values device getDeviceObjects OBJECT_NAME sweepea droopy while my hash shift values print n n while my key val each hash put_log INFO msg KEY key...

Page 111: ...es generated by Axis2 This sample code is also located in the directory NSROOT GuiVar lib webproxy client on the NSM server Using APIs for Authentication on page 95 Using APIs for Policy Management on...

Page 112: ...Copyright 2010 Juniper Networks Inc 94 Network and Security Manager 2010 4 API Guide...

Page 113: ...perties null webDir System getProperty WEBDIR if webDir null webDir System getProperty user dir File separator System err println WEBDIR is not defined using the default one webDir File argsCandidate...

Page 114: ...serverUrl axis2 services SystemService LoginRequest loginRequest new LoginRequest loginRequest setUserName super loginRequest setDomainName global loginRequest setPassword netscreen LoginResponseType...

Page 115: ...ides Data Centric Service API sample code that creates a new policy testPolicyInsert xml xml version 1 0 encoding UTF 8 nsmpolicy name_ test100 name_ accesstype regular accesstype rulebases firewall 1...

Page 116: ...xml File rbFile new File webDir File separator pathOfInput Input testRuleBaseFirewallInsert xml System out println Running testInsertNsmPolicyObject creates an object of ModifyObjectViewRequest Modify...

Page 117: ...ert the policy request addCommand insertRulebaseCmd request addCommand modifyCmd invokes the service ModifyObjectViewResponse response stub ModifyObjectViewRequest request print response assertTrue re...

Page 118: ...quest addCommand modifyCmd invokes the service ModifyObjectViewResponse response DataCentricServiceTest stub ModifyObjectViewRequest request print response assertTrue response getStatus StatusCodeType...

Page 119: ...n e e printStackTrace Get a List of Policies This Data Centric Service API code sample gets a list of all policies in one domain Gets all the policy objects in one domain p public void testGetAllPolic...

Page 120: ...olicy to a Device This Data Centric Service API code sample assigns a policy Prerequisite there is a device with id 2 there is a policy with name test public void testAssignPolicy2Device try System ou...

Page 121: ...e response getStatus StatusCodeType Success catch Exception e e printStackTrace Remove a Policy Assignment This Data Centric Service API code sample removes a policy assignment from a device Prerequis...

Page 122: ...eleteNode nsmpolicy id updateObject setObjectModification new ObjectModificationType updateObject getObjectModification addModification nodeModificationType request addCommand modifyCmd invokes the se...

Page 123: ...shows how to insert a shared object The following XML documentation is the input for the Data Centric Service API sample code testAddressInsert xml xml version 1 0 encoding UTF 8 address name_ AddrA n...

Page 124: ...ssFile StAXOMBuilder builder new StAXOMBuilder parser OMElement ome builder getDocumentElement insertObject setObjecData new ObjectDataType insertObject getObjecData setData this createOpaqueDataType...

Page 125: ...bjectId setObjectIdOrName objIdOrName ReplaceObjectViewType replaceObject new ReplaceObjectViewType reads the new address in XML format from the file testAddressReplace xml XMLInputFactory xmlInputFac...

Page 126: ...bject request addCommand modifyCmd ModifyObjectViewResponse response DataCentricServiceTest stub ModifyObjectViewRequest request assertTrue response getStatus StatusCodeType Success catch Exception e...

Page 127: ...ect p Prerequisite An address object has been added in NSM public void testGetAddressObject try System out println Running testGetAddressObject GetObjectViewByIdRequest request new GetObjectViewByIdRe...

Page 128: ...Copyright 2010 Juniper Networks Inc 110 Network and Security Manager 2010 4 API Guide...

Page 129: ...est jobStatusRequest new GetJobStatusRequest jobStatusRequest setAuthToken authToken jobStatusRequest setDomainId jobArgs getDomainId jobStatusRequest setJobName jobName JobStatusType jobStatus null w...

Page 130: ...eviceRequest try File importDeviceInput new File webDir File separator pathOfInput Input testImportDevice txt BufferedReader reader new BufferedReader new InputStreamReader new FileInputStream importD...

Page 131: ...est updateDeviceRequest JobResponseType jobResponse updateResponse getJobResponse StatusCodeType opStatus updateResponse getStatus String jobID jobResponse getJobName String status jobResponse getStat...

Page 132: ...runningConfigInput new File webDir File separator pathOfInput Input testRunningConfig txt BufferedReader reader new BufferedReader new InputStreamReader new FileInputStream runningConfigInput GetRunn...

Page 133: ...gRequest setAuthToken authToken GetDeltaConfigResponse deltaConfigResponse stub GetDeltaConfigRequest getDeltaConfigRequest JobResponseType jobResponse deltaConfigResponse getJobResponse StatusCodeTyp...

Page 134: ...getStatus String jobID jobResponse getJobName String status jobResponse getStatus toString System out println JobName jobID opStatus opStatus status status assertTrue opStatus StatusCodeType Success C...

Page 135: ...e Device List in One Domain This Data Centric Service API code sample retrieves a list of devices in one domain Gets the IP addresses and the interfaces of all devices in one domain public void testGe...

Page 136: ...equest setObjectFilter filter invokes the service GetObjectViewByCategoryResponse response DataCentricServiceTest stub GetObjectViewByCategoryRequest request System out println Status response getStat...

Page 137: ...TE In these WSDL files the expression nbi refers to the API This part contains the following chapters Job Service API WSDL on page 121 System Service API WSDL on page 129 Data Centric API WSDL on page...

Page 138: ...Copyright 2010 Juniper Networks Inc 120 Network and Security Manager 2010 4 API Guide...

Page 139: ...Namespace http juniper net webproxy JobService wsdl types xs schema version 1 0 elementFormDefault qualified targetNamespace http juniper net webproxy JobService xmlns http juniper net webproxy JobSer...

Page 140: ...IMIT xs enumeration value UNKNOWN xs restriction xs simpleType xs complexType name JobResponseType xs sequence xs element name status type impl JobStatusType xs element name jobName type xs string xs...

Page 141: ...iguration summarization to be sent to the managed device during the next device update xs documentation xs annotation xs complexType xs complexContent xs extension base core SimpleRequestType xs seque...

Page 142: ...ignedInt xs element name jobName type xs string xs sequence xs extension xs complexContent xs complexType xs element xs element name CancelJobResponse xs complexType xs complexContent xs extension bas...

Page 143: ...s complexType xs element xs element name GetJobStatusResponse xs complexType xs complexContent xs extension base core SimpleResponseType xs sequence xs element name jobStatus type impl JobResponseType...

Page 144: ...t wsdl part name GetConfigSummaryRequest element impl GetConfigSummaryRequest wsdl message wsdl message name GetConfigSummaryResponse wsdl part name GetConfigSummaryResponse element impl GetConfigSumm...

Page 145: ...l operation name GetDeltaConfigRequest wsdl input message impl GetDeltaConfigRequest wsdl output message impl GetDeltaConfigResponse wsdl operation wsdl operation name GetJobResultRequest wsdl input m...

Page 146: ...ltaConfigRequest input soap body use literal input output soap body use literal output wsdl operation wsdl operation name GetJobResultRequest soap operation soapAction urn GetJobResultRequest input so...

Page 147: ...lementFormDefault qualified targetNamespace http juniper net webproxy systemservice xmlns http juniper net webproxy systemservice xmlns core http juniper net core xmlns impl http juniper net webproxy...

Page 148: ...oginStatus xs element name authToken type core AuthTokenType minOccurs 0 xs sequence xs extension xs complexContent xs complexType xs element name LoginResponse type impl LoginResponseType xs element...

Page 149: ...eType xs sequence xs element name serviceDesc type impl ServiceDescType minOccurs 0 maxOccurs unbounded xs element name domainName type xs string maxOccurs unbounded xs element name domainId type xs u...

Page 150: ...tType wsdl binding name SystemSoapBinding type impl SystemPortType soap binding style document transport http schemas xmlsoap org soap http wsdl operation name LoginRequest soap operation soapAction u...

Page 151: ...em binding impl SystemSoapBinding soap address location http localhost 8080 axis2 services SystemService wsdl port wsdl service wsdl definitions 133 Copyright 2010 Juniper Networks Inc Chapter 15 Syst...

Page 152: ...Copyright 2010 Juniper Networks Inc 134 Network and Security Manager 2010 4 API Guide...

Page 153: ...ns1 http schemas xmlsoap org soap encoding name DataCentricService targetNamespace http juniper net webproxy datacentricservice wsdl types schema xmlns http www w3 org 2001 XMLSchema targetNamespace...

Page 154: ...ce element name objectIdentifier type core ObjectIdentifierType maxOccurs unbounded element name objectModification type core ObjectModificationType sequence complexType complexType name ModifyViewCom...

Page 155: ...id objectIdentifier the id of the object to be retrieved dbVersionId the version of the data respository objectFilter the filter to be applied on the result view the transformation of the object the d...

Page 156: ...on complexContent complexType element element name ResolveObjectReferenceResponse complexType complexContent extension base core SimpleResponseType sequence element name object type core ObjectType ma...

Page 157: ...rmation is applied on the object property the parameters of the transformation documentation annotation complexType complexContent extension base core SimpleRequestType sequence element name simpleQue...

Page 158: ...element name modification type core ModificationResponseType minOccurs 0 maxOccurs unbounded sequence extension complexContent complexType element element name LockObjectViewRequest complexType comple...

Page 159: ...Request element impl ModifyObjectViewRequest wsdl message wsdl message name ModifyObjectViewResponse wsdl part name ModifyObjectViewResponse element impl ModifyObjectViewResponse wsdl message wsdl mes...

Page 160: ...n name ResolveObjectReferenceRequest wsdl input message ns ResolveObjectReferenceRequest wsdl output message ns ResolveObjectReferenceResponse wsdl operation wsdl operation name QueryObjectViewRequest...

Page 161: ...eration wsdl operation name QueryObjectViewRequest soap operation soapAction urn QueryObjectViewRequest input soap body use literal input output soap body use literal output wsdl operation wsdl operat...

Page 162: ...schemas of the data to be transformed are specified in the seperate documentation documentation wsdl port name DataCentric binding ns DataCentricSoapBinding soap address location csp nbiservice nsm s...

Page 163: ...LSchema xmlns core http juniper net core targetNamespace http juniper net webproxy logservice name LogService wsdl types xs schema xmlns http www w3 org 2001 XMLSchema elementFormDefault qualified tar...

Page 164: ...put message ns GetPacketDataRequest wsdl output message ns GetPacketDataResponse wsdl operation wsdl portType wsdl binding name LogSoapBinding type ns LogPortType soap binding style document transport...

Page 165: ...PART 6 Index Index on page 149 147 Copyright 2010 Juniper Networks Inc...

Page 166: ...Copyright 2010 Juniper Networks Inc 148 Network and Security Manager 2010 4 API Guide...

Page 167: ...30 vlan 29 C CommonDataTypes xsd 4 customer support xvii contacting JTAC xvii D Data Centric API 97 GetObjectDependentRequest 9 GetObjectViewByCategoryRequest 9 GetObjectViewByIdRequest 10 LockObjectR...

Page 168: ...n 41 enabled 41 ipaction 42 log 42 log actions 42 preferred id 41 rb link 41 ruleno 41 service 41 seslog 42 severity 42 src_addr_collection 41 src_addr_negate 41 src_zone_collection 41 target_collecti...

Page 169: ...41 service object 28 rulebases backdoor 25 exempt 30 firewall 33 IDP 39 multicast 43 rules 25 SYN protector 45 S security policy rulebases 25 SOAP HTTPS 3 subtree filter attribute matching expressions...

Page 170: ...X XML schema 3 subtree filter 8 See also subtree filter XSD 3 definition files 23 Copyright 2010 Juniper Networks Inc 152 Network and Security Manager 2010 4 API Guide...

Reviews:

No comments

Related manuals for NETWORK AND SECURITY MANAGER 2010.4 - API GUIDE REV 1

Yamaha M7CL StageMix V1.5 User Manual preview
M7CL StageMix V1.5
Brand: Yamaha Pages: 20
Yamaha LS9-16 Owner'S Manual preview
LS9-16
Brand: Yamaha Pages: 80
Cisco 2950C-24 - Catalyst Switch - Stackable Datasheet preview
2950C-24 - Catalyst Switch - Stackable
Brand: Cisco Pages: 18
Cisco CONFERENCING EXTENSIONS - ADMINISTRATOR GUIDE FOR MICROSOFT EXCHANGE Administrator'S Manual preview
CONFERENCING EXTENSIONS - ADMINISTRATOR GUIDE FOR MICROSOFT EXCHANGE
Brand: Cisco Pages: 61
Cisco Cisco mds 9124 - fabric switch Datasheet preview
Cisco mds 9124 - fabric switch
Brand: Cisco Pages: 9
Cisco CISCO1811 End User Instructions preview
CISCO1811
Brand: Cisco Pages: 16
Cisco Cisco MDS 9020 - Fabric Switch Configuration Manual preview
Cisco MDS 9020 - Fabric Switch
Brand: Cisco Pages: 22
Cisco Catalyst X6816 Datasheet preview
Catalyst X6816
Brand: Cisco Pages: 13
Cisco Cisco mds 9124 - fabric switch Specifications preview
Cisco mds 9124 - fabric switch
Brand: Cisco Pages: 3
Cisco DCNM Configuration preview
DCNM
Brand: Cisco Pages: 7
Cisco GEM318P User Manual preview
GEM318P
Brand: Cisco Pages: 74
Cisco Craft Works Interface Quick Start Manual preview
Craft Works Interface
Brand: Cisco Pages: 32
Cisco Catalyst Series Switch 2940 Hardware Installation Manual preview
Catalyst Series Switch 2940
Brand: Cisco Pages: 82
Cisco Catalyst Series Switch 2940 Regulatory Compliance And Safety Information Manual preview
Catalyst Series Switch 2940
Brand: Cisco Pages: 28
Cisco 11.0 BT Release Notes preview
11.0 BT
Brand: Cisco Pages: 58
Cisco CCNA NETWORK SIMULATOR Manual preview
CCNA NETWORK SIMULATOR
Brand: Cisco Pages: 88
Cisco CSACSE-1111-K9 - Secure Access Control Server Solution Engine Installation Manual preview
CSACSE-1111-K9 - Secure Access Control Server Solution Engine
Brand: Cisco Pages: 130
Cisco IP Communicator Administration Manual preview
IP Communicator
Brand: Cisco Pages: 162

Brands by name

Popular brands

Load more brands