manualshive.com logo in svg

Juniper NETWORK AND SECURITY MANAGER NSM3000 - REV 1, Manual

The Juniper NETWORK AND SECURITY MANAGER NSM3000 - REV 1 offers comprehensive network and security management solutions. Easily configure and monitor your network infrastructure with this user-friendly device. Download the manual for free from manualshive.com and access all the necessary information to optimize your network security settings.

Share
Download
background image

High Availability—Enter

1

to turn HA on or off.

Primary Status—Enter

2

to set the NSM appliance as either the primary or secondary

server. At the next prompt, enter

y

for a primary server; enter

n

for a secondary server.

HA Remote IP—Enter

3

to set the IP address for the HA peer in the HA cluster.

HA Link Failure Detection IP—Enter

4

to set the IP address of a computer outside the

HA cluster that you can ping to verify connection status.

HA Inter-server password—Enter

5

to set the heartbeat password used between the

primary and secondary servers.

Menu: Shared Disk—Enter

6

to open the Shared Disk menu.

The options in this menu help you configure a shared disk. NSM supports shared disk
via NFS only. Due to the data-intensive nature of NSM, we recommend gigabit speed
links (1000 Mbps) for shared disk use. For more information on custom settings, refer
to the

Network and Security Manager Installation Guide

.

1> Shared Disk: Gui Server [n]
 If 'y', data directory for GUI Server
 is a shared disk partition

2> Shared Disk Source (NFS) []
 Source of shared disk, e.g. /dev/sdc1
 or server:/share

3> Shared Disk NFS Mount Options []
 Options when mounting shared disk
 e.g. rw,intr,tcp,soft,timeo=2

4> Return to High Availability menu

Menu: HA Links—Enter

7

to open the HA Links menu.

The options in this menu help you configure the second HA link in the HA cluster. If you
are going to use a second link, you need to set the IP address for eth1 before configuring
this setting (see “Setting Interface Options” on page 26 for details). Setting a redundant
link is optional. For more information on options available to you for custom settings,
refer to the

Network and Security Manager Installation Guide

.

If the HA link count is set to 1, the only options available are to set the HA link count
and to return to the High Availability menu. If the HA link count is set to 2, all options
are available.

1> HA Link count [2]
Number of heartbeat links between the Primary and Secondary
Server.

2> HA Link 2 Local IP []
IP address for this machine's secondary heartbeat link

3> HA Link 2 Remote IP []
IP address for the peer's secondary heartbeat link

4> HA Remote Replication IP []
IP address used for remote HA replications

5> Return to High Availability menu

23

Copyright © 2010, Juniper Networks, Inc.

Chapter 2: Installing and Configuring NSM from the CLI

Summary of Contents for NETWORK AND SECURITY MANAGER NSM3000 - REV 1

Page 1: ...Juniper Networks Network and Security Manager NSMXpress and NSM3000 User Guide Release 2010 4 Published 2010 11 17 Revision 1 Copyright 2010 Juniper Networks Inc...

Page 2: ...ons of the GateD software copyright 1988 Regents of the University of California All rights reserved Portions of the GateD software copyright 1991 D L S Associates This product includes software devel...

Page 3: ...re physically contained on a single chassis c Product purchase documents paper or electronic user documentation and or the particular licenses purchased by Customer may specify limits to Customer s us...

Page 4: ...ATE WITHOUT ERROR OR INTERRUPTION OR WILL BE FREE OF VULNERABILITY TO INTRUSION OR ATTACK In no event shall Juniper s or its suppliers or licensors liability to Customer whether in contract tort inclu...

Page 5: ...ree years from the date of distribution Such request can be made in writing to Juniper Networks Inc 1194 N Mathilda Ave Sunnyvale CA 94089 ATTN General Counsel You may obtain a copy of the GPL at http...

Page 6: ...Copyright 2010 Juniper Networks Inc vi...

Page 7: ...000 Hardware 7 Initial Setup Configuration 8 Boot the NSM Appliance 8 Set Up Your Appliance 9 CLI Configuration 10 Web Interface Configuration 11 Chapter 2 Installing and Configuring NSM from the CLI...

Page 8: ...nging the Superuser Password 39 Downloading NSM MIBS Regional Server Only 40 Exporting Audit Logs 40 Exporting Device Logs Regional Server Only 40 Generating Reports Regional Server Only 41 Modifying...

Page 9: ...ring the Web Interface 60 Maintaining NSM Appliances 61 Viewing System Statistics 61 CPU 61 Log Rate 61 CPU Load 61 Memory Data 62 Network Data 62 Process Count 62 Disk Data 62 Tile All Graphs 62 Upgr...

Page 10: ...Copyright 2010 Juniper Networks Inc x NSMXpress and NSM3000 User Guide...

Page 11: ...e Options 37 Figure 14 SRS Menu 38 Figure 15 Change Superuser Password 39 Figure 16 Download NSM MIBs 40 Figure 17 Export Audit Logs 40 Figure 18 Export Device Logs 40 Figure 19 Generate Reports 41 Fi...

Page 12: ...ure 43 NSMXpress Actions Dialog Box 64 Figure 44 Search Results Dialog Box 65 Figure 45 Review Error Logs 65 Figure 46 Error Log Detail 65 Figure 47 Network Utilities Options 66 Figure 48 Ping Utility...

Page 13: ...ng the NSM Appliance Chapter 1 Getting Started 3 Table 5 Required Ports on an NSM Appliance 5 Table 6 Ethernet Port LEDs 6 Chapter 3 Configuring NSM from the Web Interface 31 Table 7 Viewing Syslog Re...

Page 14: ...Copyright 2010 Juniper Networks Inc xiv NSMXpress and NSM3000 User Guide...

Page 15: ...tegrated management interfaces that control device parameters Each appliance is preconfigured as either a regional server or central manager This guide describes how you can install NSM onto your NSM...

Page 16: ...nd Specify the keyword exp msg Click User Objects Represents commands and keywords in text Represents keywords Represents UI elements Bold typeface like this user input Represents text that the user m...

Page 17: ...ll and run the NSM user interface This guide is intended for IT administrators responsible for the installation or upgrade of NSM Network and Security Manager Installation Guide Describes how to use a...

Page 18: ...ggestions so that we can improve the documentation You can send your comments to techpubs comments juniper net or fill out the documentation feedback form at https www juniper net cgi bin docbugreport...

Page 19: ...fications https www juniper net alerts Join and participate in the Juniper Networks Community Forum http www juniper net company communities Open a case online in the CSC Case Management tool http www...

Page 20: ...Copyright 2010 Juniper Networks Inc xx NSMXpress and NSM3000 User Guide...

Page 21: ...M Appliance Part 1 contains the following chapters Getting Started on page 3 Installing and Configuring NSM from the CLI on page 13 Configuring NSM from the Web Interface on page 31 1 Copyright 2010 J...

Page 22: ...Copyright 2010 Juniper Networks Inc 2 NSMXpress and NSM3000 User Guide...

Page 23: ...t significantly from NSM appliances because it eliminates the need to have dedicated resources for maintaining a network and security management solution NSM appliances make it easy for administrators...

Page 24: ...d that you install the NSM appliance on your LAN to ensure that it can communicate with your applicable resources such as authentication servers DNS servers internal Web servers through HTTP HTTPS ext...

Page 25: ...Yes Yes Connections from devices running Junos Secure Access devices or Infranet Controller devices 7804 No Yes Yes SSH connection to new managed device 22 Out Yes No Yes Telnet connection to new man...

Page 26: ...panel See Figure 3 on page 8 Figure 1 Front Panel of NSMXpress 7 Plug the null modem serial cable into the console port See Figure 3 on page 8 This cable was shipped with your NSMXpress If you do not...

Page 27: ...ce in your server rack using the attached mounting brackets 4 Plug the power cord into the AC receptacle on the rear panel Figure 2 Rear Panel of NSM3000 g040042 Power supply AC Power supply receptacl...

Page 28: ...ration When you first turn on an unconfigured NSM appliance you need to enter basic network and machine information through the serial console to make your appliance accessible to the network After en...

Page 29: ...cessary to make your appliance active on the network To set up your appliance either as a regional server or a central manager follow these steps 1 Enter the IP address for interface eth0 and press En...

Page 30: ...g NSM from the CLI on page 13 for information about how to install and configure NSM on your NSM appliance from the CLI NSM Appliance Users An NSM appliance has three user levels All users log in as t...

Page 31: ...m via a web browser connect to https 10 150 43 205 administration 2 Open a Web browser and paste the URL into the address text box 3 Press Enter to open the NSM appliance login page 4 Enter the admin...

Page 32: ...Copyright 2010 Juniper Networks Inc 12 NSMXpress and NSM3000 User Guide...

Page 33: ...SM appliance the following standard navigational menu options are available to you This section provides information on general options you can use during setup and configuration These options include...

Page 34: ...last on most menus Quit Enter Q to exit from the setup program You will be prompted to save or cancel any changes you made since you last saved Q Quit R Redraw menu Choice 1 9 Q R Q Using nsm_setup A...

Page 35: ...installation This section describes that setup process The steps in this procedure assume you Have completed all appropriate steps in Getting Started on page 3 Have a console terminal or terminal emul...

Page 36: ...egional server NSM Configuration Main Menu 1 Management IP 10 150 43 205 The IP address on this server that will be used for management 2 NSM super password Password for super user 3 GUI server one ti...

Page 37: ...u have the following options High Availability Enter 5 to open a menu to configure HA Advanced Options Enter 6 to open a menu of additional configurable options including the port number for receiving...

Page 38: ...cond HA link in the HA cluster Use the items in this menu to set up a redundant link for the HA cluster If you are going to use a second link you need to set the IP address for eth1 before configuring...

Page 39: ...for NBI Default is 8443 2 Menu Remote Replication of Database Off 3 Menu SRS Off M Main Menu R Redraw menu Choice 1 3 M R You have the following options https port for NBI service Enter 1 to change th...

Page 40: ...te Hour of day to Replicate Database Enter 2 to start the backup at the specified time The valid range is 00 23 Remote Backup IP Enter 3 to specify the IP address of the remote backup machine Backup i...

Page 41: ...r password for the SRS database At least eight characters are required The password is case sensitive Click Submit to save the options and return to the NSM Configuration Main Menu Configuring the Cen...

Page 42: ...f additional options including the port number for receiving messages through the NSM API and remote database replication details The following sections provide procedures for configuring HA and advan...

Page 43: ...dev sdc1 or server share 3 Shared Disk NFS Mount Options Options when mounting shared disk e g rw intr tcp soft timeo 2 4 Return to High Availability menu Menu HA Links Enter 7 to open the HA Links m...

Page 44: ...enu R Redraw menu Choice 1 2 M R You have the following options https port for NBI service Enter 1 to change the port number for listening for messages for the NSM API In response to the prompt enter...

Page 45: ...nter 4 to change the timeout period for the remote backup The valid range is 1 through 65535 seconds Configuring Standard Configuration Options After the initial setup continue configuring typical opt...

Page 46: ...e of the following options 1 to modify eth0 2 to set or modify eth1 3 Make the following selection for interface options by selecting one of the following options 1 to change the IP address and return...

Page 47: ...lso with 4 or more labels the previous hostname alias might remain in the etc hosts file This condition can be corrected by manually editing the etc hosts file Adding DNS Servers You can add up to thr...

Page 48: ...warding Local Status E mails You can use this option to forward all local root e mail messages to an e mail address You can add an unlimited number of e mail addresses in addition to mailing lists to...

Page 49: ...s for saving changes At the prompt enter one of the following menu options A to apply all the new changes M to make more changes before configuring the regional server or the central manager C to canc...

Page 50: ...have not updated the recovery partition through the Web UI only the Re install option option to install the previous version is displayed 4 Read the paragraph and then press Enter Booting Re Install...

Page 51: ...setup process Your NSM appliance comes preconfigured as a regional server or a central manager Most installation and configuration steps in this section are identical for both types of server All exce...

Page 52: ...the Install NSM Central Manager link to view the Install NSM Central Manager page see Figure 5 on page 33 as the case may be NOTE The admin user default username is admin and the password is the one...

Page 53: ...and then reenter it in the text box below it This password is used to authenticate this NSM server with other NSM servers with which it communicates Regional servers use this password to authenticate...

Page 54: ...server in the HA cluster If you select y it is the primary server the default If you select n it is the secondary server 4 Use the HA Remote IP option to enter the IP address for the HA peer in the H...

Page 55: ...Options Use the options in this menu to set up a redundant link for the HA cluster If you are going to use a second link you need to set the IP address for eth1 before configuring this setting see Con...

Page 56: ...fer to the Network and Security Manager Installation Guide Figure 11 HA Advanced Settings 11 Click Submit to save the HA options and return to the NSM Configuration Main Menu Advanced Options To displ...

Page 57: ...bling and Configuring SRS Regional Server Only on page 38 Enabling and Configuring Remote Replication of the Database To configure remote replication of database settings 1 On the Advanced Options men...

Page 58: ...default is off If you turn on this feature the server is used with the GUI Server 3 Use the SRS DB IP option to enter the IP address for the server on which you have installed the SRS database server...

Page 59: ...on tree to access the options described in this section These options are available only after installing NSM The following sections explain how to use each of the NSM Administration options Changing...

Page 60: ...rt Audit Logs To export an audit log to a csv file select csv in the drop down list box and then enter the csv file name in the text box To export an audit log to a system log server select syslog in...

Page 61: ...NSM administrator and not an NSM appliance user Enter a user name as domain user such as global super Modifying NSM Configuration Files To manually edit the GuiSrv cfg DevSvr dfg and HaSvr cfg files s...

Page 62: ...m setup utility all manual changes to the configuration files are lost Backing Up the NSM Database To configure backups of the NSM database select NSM Administration NSM Database Backup link under NSM...

Page 63: ...ation NSM Management IP link under NSM Administration See Figure 22 on page 43 Figure 22 Change Management IP Scheduling Security Updates To schedule security updates select NSM Administration Schedul...

Page 64: ...page 47 Monitoring with SNMP on page 50 Forwarding Syslog Messages on page 53 Changing the System Time on page 56 Installing Updates on page 56 Managing Users on page 57 Configuring the Web Interface...

Page 65: ...onfiguration The Network Configuration window appears as shown in Figure 26 on page 45 Figure 26 Network Interfaces Options The following sections describe each of the options available in the Network...

Page 66: ...re and manage routes and gateways See Figure 28 on page 46 Figure 28 Routes and Gateways Hostname and DNS Clients Use this option to configure and manage hostnames and DNS clients See Figure 29 on pag...

Page 67: ...vileges that are associated with the user profile If none of the servers authenticates the user the user login fails NOTE The NSM appliance must be configured as a RADIUS client on a RADIUS server so...

Page 68: ...ADIUS Servers Dialog Box 2 Click Add to add a RADIUS Server to the WebUI The Add RADIUS Server dialog box appears See Figure 32 on page 48 Figure 32 Add RADIUS Server Dialog Box 3 Configure the follow...

Page 69: ...t to the name of the server whose priority you want to increase and click Move Up To decrease the priority of a RADIUS server select the check box next to the name of the server whose priority you wan...

Page 70: ...configuring NSMappliances for SNMP monitoring You must provide access credentials for the SNMP server a list of IP addresses from which logon requests will be accepted and the trap conditions to be r...

Page 71: ...used on the NSM appliance 5 To limit SNMP Get requests to specific servers select Only and then enter the IP addresses of the permitted servers 6 Click Save SNMP System Information To configure SNMP s...

Page 72: ...P address of the SNMP management server 4 Select from the following trap conditions Disk space low Enter the percentage of free disk space below which SNMP issues a trap Memory low Enter the percentag...

Page 73: ...he NSMappliance creates a secure tunnel to the syslog receiver UDP messaging is available for basic syslog implementations The following sections provide procedures for managing syslog message forward...

Page 74: ...e sent to this receiver Device Server The GUI Server logs configured to be sent to this receiver GUI Server The HA Server logs configured to be sent to this receiver HA Server Adding and Configuring S...

Page 75: ...er will be known by within NSM 6 In the IP field Enter the IP address of the syslog receiver 7 In the Transport field select the type of syslog receiver Select UDP for basic syslog implementations Sel...

Page 76: ...ecevier 3 Make the desired changes to the configuration 4 Click Save to save and apply your edits to the configuration of this syslog receiver Deleting Syslog Receivers To delete a syslog receiver con...

Page 77: ...ou need System Administration permission to create users This topic contains the following sections Creating New NSM Appliance Users on page 57 Deleting a User on page 58 Editing User Attributes on pa...

Page 78: ...ress user dialog box appears 3 Enter a user name in the Username text box 4 Select Set to from the password drop down list and enter the password you want to set in the password text box 5 Reenter the...

Page 79: ...rator NSM Administrators have access to NSM Administration RADIUS Management Maintenance and Troubleshooting modules Network Operator Network Operators have access to Network Utilities and Report Gene...

Page 80: ...Configuration Files No No Yes Yes NSM Database Backup No No Yes Yes NSM Management IP No No Yes Yes Schedule Security Updates Maintenance Yes Yes Yes Yes System Statistics Troubleshooting No No Yes Ye...

Page 81: ...ce System Statistics The system Statistics window appears as shown in Figure 42 on page 61 Figure 42 System Statistics CPU Select CPU to view graphs that monitor the CPU activity hourly daily weekly m...

Page 82: ...the NSM appliance available for recovery displacing the existing files in the recovery partition The factory default recovery files are retained as an alternative recovery choice Other versions are de...

Page 83: ...een shows the progress of the operation Errors are reported if the required files are unavailable disk space is not sufficient or the previous version files are invalid When preparation is completed t...

Page 84: ...e By authentication check box and choose an authentication mechanism from the drop down list to specify actions by a specific authentication mechanism Select Byanyauthentication except and choose a pr...

Page 85: ...n page 65 shows an example Figure 45 Review Error Logs To view details of an individual error log select the file you want to view and click View Figure 46 on page 65 shows sample error log details Fi...

Page 86: ...Packets Enter the number of packets this ping command will send The default is 5 The values range from 1 99 Packet Size Enter the packet size in bytes this ping command will send The default is 56 Th...

Page 87: ...tool to print the route a packet takes to a network host See Figure 49 on page 67 Figure 49 Traceroute Utility NOTE The only required field is Hostname The value can be either a hostname or an IP add...

Page 88: ...mallest network available Figure 51 IP Subnet Calculator Tech Support To get contact information for Juniper Networks technical support select Troubleshooting Tech Support To help analyze problems sel...

Page 89: ...formation menu item to display information about the server including CPU load and memory use as shown in Figure 53 on page 69 Figure 53 System Information 69 Copyright 2010 Juniper Networks Inc Chapt...

Page 90: ...Copyright 2010 Juniper Networks Inc 70 NSMXpress and NSM3000 User Guide...

Page 91: ...PART 2 Appendixes NSMXpress LEDs on page 73 71 Copyright 2010 Juniper Networks Inc...

Page 92: ...Copyright 2010 Juniper Networks Inc 72 NSMXpress and NSM3000 User Guide...

Page 93: ...ge 73 describes their states Table 9 NSMXpress LEDs Condition Color LED The appliance is not receiving power Unlit Power The appliance is receiving power Green No hard disk activity Unlit Hard Disk Ha...

Page 94: ...ilure On steadily Red Hard Disk Failure LED NOTE This is applicable for NSM 3000 RAID configurations and not for non RAID configurations NSMXpress NSMCM Hard disk recovery or rebuild Blinking red NOTE...

Page 95: ...PART 3 Index Index on page 77 75 Copyright 2010 Juniper Networks Inc...

Page 96: ...Copyright 2010 Juniper Networks Inc 76 NSMXpress and NSM3000 User Guide...

Page 97: ...Svr cfg file 41 disk usage 62 DMZ 4 DNS client 46 DNS server 27 documentation comments on xviii E e mail forwarding 28 enterprise customers 3 error logs 65 eth0 activity 62 configuring 26 IP address 9...

Page 98: ...er one time 17 22 33 heartbeat 18 23 34 NSM central manager 22 super user central manager 33 39 super user regional server 16 33 39 user 45 ping utility 66 ports required by NSMXpress 4 power cord 6 p...

Page 99: ...em information 69 system logs 65 system statistics 61 system time 27 56 T technical support 68 contacting JTAC xviii tiling 62 time zone 28 56 time setting 27 56 traceroute utility 67 trap conditions...

Page 100: ...Copyright 2010 Juniper Networks Inc 80 NSMXpress and NSM3000 User Guide...

Reviews:

No comments

Related manuals for NETWORK AND SECURITY MANAGER NSM3000 - REV 1

Red Hat NETWORK BASIC - USER REFERENCE GUIDE 4.0 User Reference Manual preview
NETWORK BASIC - USER REFERENCE GUIDE 4.0
Brand: Red Hat Pages: 92
Fortinet FortiClient Datasheet preview
FortiClient
Brand: Fortinet Pages: 4
Extreme Networks Ridgeline 3.0 Manual preview
Ridgeline 3.0
Brand: Extreme Networks Pages: 376
ACTi Network Video Recorder User Manual preview
Network Video Recorder
Brand: ACTi Pages: 132
Red Hat CLUSTER MANAGER - INSTALLATION AND Administration Manual preview
CLUSTER MANAGER - INSTALLATION AND
Brand: Red Hat Pages: 190
Vonamic 703100 Configuration Manual preview
703100
Brand: Vonamic Pages: 31
Intel Application Accelerator User Manual preview
Application Accelerator
Brand: Intel Pages: 90
THOMSON LCP 400 User Manual preview
LCP 400
Brand: THOMSON Pages: 22
GRASS VALLEY K2-AVID TRANSFER MANAGER Datasheet preview
K2-AVID TRANSFER MANAGER
Brand: GRASS VALLEY Pages: 2
GRASS VALLEY GV Browse User Manual preview
GV Browse
Brand: GRASS VALLEY Pages: 24
3Com SUPERSTACK 3 WEBCACHE 3000 User Manual preview
SUPERSTACK 3 WEBCACHE 3000
Brand: 3Com Pages: 362
3M MicroTouch MT7 User Manual preview
MicroTouch MT7
Brand: 3M Pages: 57
Bay Networks Baystream 7 Notice preview
Baystream 7
Brand: Bay Networks Pages: 140
Native Instruments Reaktor Prism Manual preview
Reaktor Prism
Brand: Native Instruments Pages: 58
IBM VIAVOICE 10-ADVANCED EDITION User Manual preview
VIAVOICE 10-ADVANCED EDITION
Brand: IBM Pages: 126
Quantum PX500 Series Quick Start Manual preview
PX500 Series
Brand: Quantum Pages: 6
UMAX Technologies PowerColor User Manual preview
PowerColor
Brand: UMAX Technologies Pages: 127
Key Curriculum Press Geometer's Sketchpad User Manual And Reference Manual preview
Geometer's Sketchpad
Brand: Key Curriculum Press Pages: 92

Brands by name

Popular brands

Load more brands