Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01 Скачать руководство пользователя

Страница: 1 / 104

Juniper Networks Network
and Security Manager

NSMXpress Series II User Guide

Release

2010.4

Published: 2010-11-17

Revision 1

Содержание NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01

Страница 2: ...ions of the GateD software copyright 1988 Regents of the University of California All rights reserved Portions of the GateD software copyright 1991 D L S Associates This product includes software deve...

Страница 3: ...re physically contained on a single chassis c Product purchase documents paper or electronic user documentation and or the particular licenses purchased by Customer may specify limits to Customer s us...

Страница 4: ...ATE WITHOUT ERROR OR INTERRUPTION OR WILL BE FREE OF VULNERABILITY TO INTRUSION OR ATTACK In no event shall Juniper s or its suppliers or licensors liability to Customer whether in contract tort inclu...

Страница 5: ...ree years from the date of distribution Such request can be made in writing to Juniper Networks Inc 1194 N Mathilda Ave Sunnyvale CA 94089 ATTN General Counsel You may obtain a copy of the GPL at http...

Страница 7: ...Series II 8 Set Up Your Appliance 9 CLI Configuration 9 Web Interface Configuration 10 Chapter 2 Installing and Configuring NSM from the CLI 11 Navigating the Menus 11 General Options 11 Using nsm_se...

Страница 8: ...Server Only 38 Generating Reports Regional Server Only 39 Modifying NSM Configuration Files 39 Backing Up the NSM Database 40 Changing the NSM Management IP 41 Scheduling Security Updates 41 Managing...

Страница 9: ...60 Troubleshooting 61 Auditing User Operations 61 Error Logs 63 Network Utilities 64 Ping 64 Traceroute 65 Lookup 65 IP Subnet Calculator 66 Tech Support 66 Viewing System Information 67 Part 2 Append...

Страница 11: ...Menu 36 Figure 14 Change Superuser Password 37 Figure 15 Download NSM MIBs 38 Figure 16 Export Audit Logs 38 Figure 17 Export Device Logs 38 Figure 18 Generate Reports 39 Figure 19 NSM Configuration F...

Страница 12: ...Figure 47 Ping Utility 64 Figure 48 Traceroute Utility 65 Figure 49 Lookup Utility 66 Figure 50 IP Subnet Calculator 66 Figure 51 Juniper Tech Support 66 Figure 52 System Information 67 Part 2 Append...

Страница 13: ...pter 1 Getting Started 3 Table 5 Required Ports on NSMXpress Series II 5 Table 6 Ethernet Port LEDs 7 Table 7 RJ 45 Console Connector Pinout 7 Chapter 3 Configuring NSM from the Web Interface 29 Table...

Страница 15: ...figured as either a regional server or central manager This guide describes how you can install NSM onto your NSMXpress Series II appliance In addition this guide describes how to manage the appliance...

Страница 16: ...resents keywords Represents UI elements Bold typeface like this user input Represents text that the user must type Bold typeface like this host1 show ip ospf Routing Process OSPF 2 with Router ID 5 5...

Страница 17: ...s guide is intended for IT administrators responsible for the installation or upgrade of NSM Network and Security Manager Installation Guide Describes how to use and configure key management features...

Страница 18: ...out configuring the device features for all supported Infranet Controllers Network and Security Manager Configuring Infranet Controllers Guide Provides details about configuring the device features fo...

Страница 19: ...and easy problem resolution Juniper Networks has designed an online self service portal called the Customer Support Center CSC that provides you with the following features Find CSC offerings http www...

Страница 20: ...314 JTAC 1 888 314 5822 toll free in the USA Canada and Mexico For international or direct dial options in countries without toll free numbers visit us at http www juniper net support requesting supp...

Страница 21: ...ss Series II Part 1 contains the following chapters Getting Started on page 3 Installing and Configuring NSM from the CLI on page 11 Configuring NSM from the Web Interface on page 29 1 Copyright 2010...

Страница 23: ...ntly from NSMXpress Series II because it eliminates the need to have dedicated resources for maintaining a network and security management solution NSMXpress Series II make it easy for administrators...

Страница 24: ...mend that you install the NSMXpress Series II appliance on your LAN to ensure that it can communicate with your applicable resources such as authentication servers DNS servers internal Web servers thr...

Страница 25: ...Yes Yes Connections from managed IDP devices to NSM 7803 Yes Yes Yes Connections from devices running Junos Secure Access devices or Infranet Controller devices 7804 No Yes Yes SSH connection to new...

Страница 26: ...Blank power supply tray switch Fan 0 Fan 1 If your NSMXpress contains two power supplies plug a power cord into each AC receptacle 5 Plug the other end of the power cord into a wall socket If your NS...

Страница 27: ...llation is now complete The next step is to set up the software as described in Initial Setup Configuration on page 8 Table 6 on page 7 provides LED information for the Ethernet ports Table 6 Ethernet...

Страница 28: ...e you must attach your NSMXpress Series II appliance to a console terminal running an emulation utility such as HyperTerminal 1 Configure a console terminal or terminal emulation utility to use the fo...

Страница 29: ...ure your system via command line type nsm_setup For operation of NSM server switch to user nsm Please consult NSM product documentation for details admin NSMXpress To complete the setup process using...

Страница 30: ...Xpress Series II appliance To return to the admin user enter exit at the prompt root user Administers advanced system settings To change to root user from the admin user go to the prompt enter sudo su...

Страница 31: ...NSMXpress Series II appliance the following standard navigational menu options are available to you This section provides information on general options you can use during setup and configuration Thes...

Страница 32: ...most menus Quit Enter Q to exit from the setup program You will be prompted to save or cancel any changes you made since you last saved Q Quit R Redraw menu Choice 1 9 Q R Q Using nsm_setup After ini...

Страница 33: ...tion This section describes that setup process The steps in this procedure assume you Have completed all appropriate steps in Getting Started on page 3 Have a console terminal or terminal emulation ut...

Страница 34: ...regional server NSM Configuration Main Menu 1 Management IP 10 150 43 205 The IP address on this server that will be used for management 2 NSM super password Password for super user 3 GUI server one t...

Страница 35: ...y Off 6 Menu Advanced Options You have the following options High Availability Enter 5 to open a menu to configure HA Advanced Options Enter 6 to open a menu of additional configurable options includi...

Страница 36: ...to open a menu to help you configure the second HA link in the HA cluster Use the items in this menu to set up a redundant link for the HA cluster If you are going to use a second link you need to se...

Страница 37: ...for NBI Default is 8443 2 Menu Remote Replication of Database Off 3 Menu SRS Off M Main Menu R Redraw menu Choice 1 3 M R You have the following options https port for NBI service Enter 1 to change th...

Страница 38: ...ate Hour of day to Replicate Database Enter 2 to start the backup at the specified time The valid range is 00 23 Remote Backup IP Enter 3 to specify the IP address of the remote backup machine Backup...

Страница 39: ...r password for the SRS database At least eight characters are required The password is case sensitive Click Submit to save the options and return to the NSM Configuration Main Menu Configuring the Cen...

Страница 40: ...ional options including the port number for receiving messages through the NSM API and remote database replication details The following sections provide procedures for configuring HA and advanced opt...

Страница 41: ...g dev sdc1 or server share 3 Shared Disk NFS Mount Options Options when mounting shared disk e g rw intr tcp soft timeo 2 4 Return to High Availability menu Menu HA Links Enter 7 to open the HA Links...

Страница 42: ...Menu R Redraw menu Choice 1 2 M R You have the following options https port for NBI service Enter 1 to change the port number for listening for messages for the NSM API In response to the prompt ente...

Страница 43: ...change the timeout period for the remote backup The valid range is 1 through 65535 seconds Configuring Standard Configuration Options After the initial setup continue configuring typical options incl...

Страница 44: ...one of the following options 1 to modify eth0 2 to set or modify eth1 3 Make the following selection for interface options by selecting one of the following options 1 to change the IP address and retu...

Страница 45: ...t hostname also with 4 or more labels the previous hostname alias might remain in the etc hosts file This condition can be corrected by manually editing the etc hosts file Adding DNS Servers You can a...

Страница 46: ...warding Local Status E mails You can use this option to forward all local root e mail messages to an e mail address You can add an unlimited number of e mail addresses in addition to mailing lists to...

Страница 47: ...or saving changes At the prompt enter one of the following menu options A to apply all the new changes M to make more changes before configuring the regional server or the central manager C to cancel...

Страница 48: ...ou have not updated the recovery partition through the Web UI only the Re install option option to install the previous version is displayed 4 Read the paragraph and then press Enter Booting Re Instal...

Страница 49: ...etup process Your NSMXpress Series II comes preconfigured as a regional server or a central manager Most installation and configuration steps in this section are identical for both types of server All...

Страница 50: ...the Install NSM Central Manager link to view the Install NSM Central Manager page see Figure 4 on page 31 as the case may be NOTE The admin user default username is admin and the password is the one...

Страница 51: ...and then reenter it in the text box below it This password is used to authenticate this NSM server with other NSM servers with which it communicates Regional servers use this password to authenticate...

Страница 52: ...dary server in the HA cluster If you select y it is the primary server the default If you select n it is the secondary server 4 Use the HA Remote IP option to enter the IP address for the HA peer in t...

Страница 53: ...Options Use the options in this menu to set up a redundant link for the HA cluster If you are going to use a second link you need to set the IP address for eth1 before configuring this setting see Co...

Страница 54: ...fer to the Network and Security Manager Installation Guide Figure 10 HA Advanced Settings 11 Click Submit to save the HA options and return to the NSM Configuration Main Menu Advanced Options To displ...

Страница 55: ...bling and Configuring SRS Regional Server Only on page 36 Enabling and Configuring Remote Replication of the Database To configure remote replication of database settings 1 On the Advanced Options men...

Страница 56: ...default is off If you turn on this feature the server is used with the GUI Server 3 Use the SRS DB IP option to enter the IP address for the server on which you have installed the SRS database server...

Страница 57: ...navigation tree to access the options described in this section These options are available only after installing NSM The following sections explain how to use each of the NSM Administration options C...

Страница 58: ...ort Audit Logs To export an audit log to a csv file select csv in the drop down list box and then enter the csv file name in the text box To export an audit log to a system log server select syslog in...

Страница 59: ...NSM administrator and not an NSM appliance user Enter a user name as domain user such as global super Modifying NSM Configuration Files To manually edit the GuiSrv cfg DevSvr dfg and HaSvr cfg files s...

Страница 60: ...e nsm setup utility all manual changes to the configuration files are lost Backing Up the NSM Database To configure backups of the NSM database select NSM Administration NSM Database Backup link under...

Страница 61: ...ation NSM Management IP link under NSM Administration See Figure 21 on page 41 Figure 21 Change Management IP Scheduling Security Updates To schedule security updates select NSM Administration Schedul...

Страница 62: ...age 45 Monitoring with SNMP on page 48 Forwarding Syslog Messages on page 51 Changing the System Time on page 54 Installing Updates on page 54 Managing Users on page 55 Configuring the Web Interface o...

Страница 63: ...onfiguration The Network Configuration window appears as shown in Figure 25 on page 43 Figure 25 Network Interfaces Options The following sections describe each of the options available in the Network...

Страница 64: ...ure and manage routes and gateways See Figure 27 on page 44 Figure 27 Routes and Gateways Hostname and DNS Clients Use this option to configure and manage hostnames and DNS clients See Figure 28 on pa...

Страница 65: ...eges that are associated with the user profile If none of the servers authenticates the user the user login fails NOTE NSMXpress Series II must be configured as a RADIUS client on a RADIUS server so t...

Страница 66: ...ADIUS Servers Dialog Box 2 Click Add to add a RADIUS Server to the WebUI The Add RADIUS Server dialog box appears See Figure 31 on page 46 Figure 31 Add RADIUS Server Dialog Box 3 Configure the follow...

Страница 67: ...t to the name of the server whose priority you want to increase and click Move Up To decrease the priority of a RADIUS server select the check box next to the name of the server whose priority you wan...

Страница 68: ...ructions for configuring NSMXpress Series II for SNMP monitoring You must provide access credentials for the SNMP server a list of IP addresses from which logon requests will be accepted and the trap...

Страница 69: ...the NSMXpress Series II appliance 5 To limit SNMP Get requests to specific servers select Only and then enter the IP addresses of the permitted servers 6 Click Save SNMP System Information To configu...

Страница 70: ...IP address of the SNMP management server 4 Select from the following trap conditions Disk space low Enter the percentage of free disk space below which SNMP issues a trap Memory low Enter the percenta...

Страница 71: ...Series II creates a secure tunnel to the syslog receiver UDP messaging is available for basic syslog implementations The following sections provide procedures for managing syslog message forwarding V...

Страница 72: ...be sent to this receiver Device Server The GUI Server logs configured to be sent to this receiver GUI Server The HA Server logs configured to be sent to this receiver HA Server Adding and Configuring...

Страница 73: ...er will be known by within NSM 6 In the IP field Enter the IP address of the syslog receiver 7 In the Transport field select the type of syslog receiver Select UDP for basic syslog implementations Sel...

Страница 74: ...d recevier 3 Make the desired changes to the configuration 4 Click Save to save and apply your edits to the configuration of this syslog receiver Deleting Syslog Receivers To delete a syslog receiver...

Страница 75: ...E You need System Administration permission to create users This topic contains the following sections Creating New NSMXpress Series II Users on page 55 Deleting a User on page 56 Editing User Attribu...

Страница 76: ...press user dialog box appears 3 Enter a user name in the Username text box 4 Select Set to from the password drop down list and enter the password you want to set in the password text box 5 Reenter th...

Страница 77: ...ministrator NSM Administrators have access to NSM Administration RADIUS Management Maintenance and Troubleshooting modules Network Operator Network Operators have access to Network Utilities and Repor...

Страница 78: ...SM Configuration Files No No Yes Yes NSM Database Backup No No Yes Yes NSM Management IP No No Yes Yes Schedule Security Updates Maintenance Yes Yes Yes Yes System Statistics Troubleshooting No No Yes...

Страница 79: ...tenance System Statistics The system Statistics window appears as shown in Figure 41 on page 59 Figure 41 System Statistics CPU Select CPU to view graphs that monitor the CPU activity hourly daily wee...

Страница 80: ...MXpress Series II available for recovery displacing the existing files in the recovery partition The factory default recovery files are retained as an alternative recovery choice Other versions are de...

Страница 81: ...screen shows the progress of the operation Errors are reported if the required files are unavailable disk space is not sufficient or the previous version files are invalid When preparation is complete...

Страница 82: ...he By authentication check box and choose an authentication mechanism from the drop down list to specify actions by a specific authentication mechanism Select Byanyauthentication except and choose a p...

Страница 83: ...n page 63 shows an example Figure 44 Review Error Logs To view details of an individual error log select the file you want to view and click View Figure 45 on page 63 shows sample error log details Fi...

Страница 84: ...y Packets Enter the number of packets this ping command will send The default is 5 The values range from 1 99 Packet Size Enter the packet size in bytes this ping command will send The default is 56 T...

Страница 85: ...tool to print the route a packet takes to a network host See Figure 48 on page 65 Figure 48 Traceroute Utility NOTE The only required field is Hostname The value can be either a hostname or an IP addr...

Страница 86: ...smallest network available Figure 50 IP Subnet Calculator Tech Support To get contact information for Juniper Networks technical support select Troubleshooting Tech Support To help analyze problems se...

Страница 87: ...formation menu item to display information about the server including CPU load and memory use as shown in Figure 52 on page 67 Figure 52 System Information 67 Copyright 2010 Juniper Networks Inc Chapt...

Страница 91: ...system is flexible and offers several options for rack mounting the hardware The different options include NOTE If you are installing multiple NSMXpress Series II appliances in one rack you should ins...

Страница 92: ...ll screws towards the front of the chassis 2 Loosen the side rail screws of the chassis and slide the front rails of the system forward as far as they will move See Figure 54 on page 72 3 Tighten the...

Страница 93: ...s on the sides of the rear mount brackets to secure the front and rear mounting brackets in place See Figure 55 on page 73 4 Verify that the mounting screws on one side of the rack are aligned with th...

Страница 94: ...e recessed front rails on either side of the unit This enables easy cable routing on the racks with limited cable management Mid Mount in Two Post Equipment Rack This option is suitable for a two post...

Страница 97: ...ge 77 describes their states Table 10 NSMXpress LEDs Condition Color LED The appliance is not receiving power Unlit Power The appliance is receiving power Green No hard disk activity Unlit Hard Disk H...

Страница 98: ...ailure On steadily Red Hard Disk Failure LED NOTE This is applicable for NSM 3000 RAID configurations and not for non RAID configurations NSMXpress NSMCM Hard disk recovery or rebuild Blinking red NOT...

Страница 101: ...device logs exporting 38 DevSvr cfg file 39 disk usage 60 DMZ 4 DNS client 44 DNS server 25 documentation comments on xviii E e mail forwarding 26 enterprise customers 3 error logs 63 eth0 activity 6...

Страница 102: ...er 26 54 null modem serial cable 7 P password admin user 23 GUI server one time 15 20 31 heartbeat 16 21 32 NSM central manager 20 super user central manager 31 37 super user regional server 14 31 37...

Страница 103: ...ng 54 receivers editing 54 receivers viewing 51 system information 67 system logs 63 system statistics 59 system time 25 54 T technical support 66 contacting JTAC xix tiling 60 time zone 26 54 time se...

Результаты поиска

Содержание NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01

Отзывы:

Похожие инструкции для NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01

Бренды по названию

Популярные бренды

Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01, Руководство пользователя

Результаты поиска

Содержание NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01

Отзывы:

Похожие инструкции для NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01

Бренды по названию

Популярные бренды