Juniper NETWORK AND SECURITY MANAGER NSM3000 - REV 1 Скачать руководство пользователя | Manualshive

Страница: 23 / 100

background image

CHAPTER 1

Getting Started

This version of the NSM appliance comes preconfigured as a regional server or central
manager.

This chapter contains the following sections:

•

About the NSM Appliances on page 3

•

Hardware Installation on page 4

•

Initial Setup Configuration on page 8

About the NSM Appliances

NSMXpress and NSM3000 are appliance versions of Network and Security Manager
(NSM) and run NSM 2010.4. NSM appliances simplify the complexity of network
administration by providing single, integrated management interfaces that control device
parameters.

These robust hardware management systems install in minutes with full high availability
(HA) support, making it easy to scale and deploy. Enterprise customers with limited
resources can benefit significantly from NSM appliances because it eliminates the need
to have dedicated resources for maintaining a network and security management solution.

NSM appliances make it easy for administrators to control device configuration, network
settings, and security policy settings for multiple families of Juniper Networks devices
including:

•

IDP Series Intrusion Detection and Prevention Appliances and Firewall and VPN devices
running ScreenOS.

•

Devices running Junos OS, such as J Series Services Routers, SRX Series Services
Gateways, EX Series Ethernet Switches, M Series Multiservice Edge Routers, and MX
Series Ethernet Services routers.

•

SA Series SSL VPN Appliances

•

IC Series Unified Access Control Appliances

For a complete list of supported device families and platforms, see the

Network and

Security Manager Administration Guide

.

Up to 10 administrators can log into an NSM appliance concurrently.

3

Copyright © 2010, Juniper Networks, Inc.

«
...
21
22
23
24
25
...
»

Содержание NETWORK AND SECURITY MANAGER NSM3000 - REV 1

Страница 1: ...Juniper Networks Network and Security Manager NSMXpress and NSM3000 User Guide Release 2010 4 Published 2010 11 17 Revision 1 Copyright 2010 Juniper Networks Inc...

Страница 2: ...ons of the GateD software copyright 1988 Regents of the University of California All rights reserved Portions of the GateD software copyright 1991 D L S Associates This product includes software devel...

Страница 3: ...re physically contained on a single chassis c Product purchase documents paper or electronic user documentation and or the particular licenses purchased by Customer may specify limits to Customer s us...

Страница 4: ...ATE WITHOUT ERROR OR INTERRUPTION OR WILL BE FREE OF VULNERABILITY TO INTRUSION OR ATTACK In no event shall Juniper s or its suppliers or licensors liability to Customer whether in contract tort inclu...

Страница 5: ...ree years from the date of distribution Such request can be made in writing to Juniper Networks Inc 1194 N Mathilda Ave Sunnyvale CA 94089 ATTN General Counsel You may obtain a copy of the GPL at http...

Страница 6: ...Copyright 2010 Juniper Networks Inc vi...

Страница 7: ...000 Hardware 7 Initial Setup Configuration 8 Boot the NSM Appliance 8 Set Up Your Appliance 9 CLI Configuration 10 Web Interface Configuration 11 Chapter 2 Installing and Configuring NSM from the CLI...

Страница 8: ...nging the Superuser Password 39 Downloading NSM MIBS Regional Server Only 40 Exporting Audit Logs 40 Exporting Device Logs Regional Server Only 40 Generating Reports Regional Server Only 41 Modifying...

Страница 9: ...ring the Web Interface 60 Maintaining NSM Appliances 61 Viewing System Statistics 61 CPU 61 Log Rate 61 CPU Load 61 Memory Data 62 Network Data 62 Process Count 62 Disk Data 62 Tile All Graphs 62 Upgr...

Страница 10: ...Copyright 2010 Juniper Networks Inc x NSMXpress and NSM3000 User Guide...

Страница 11: ...e Options 37 Figure 14 SRS Menu 38 Figure 15 Change Superuser Password 39 Figure 16 Download NSM MIBs 40 Figure 17 Export Audit Logs 40 Figure 18 Export Device Logs 40 Figure 19 Generate Reports 41 Fi...

Страница 12: ...ure 43 NSMXpress Actions Dialog Box 64 Figure 44 Search Results Dialog Box 65 Figure 45 Review Error Logs 65 Figure 46 Error Log Detail 65 Figure 47 Network Utilities Options 66 Figure 48 Ping Utility...

Страница 13: ...ng the NSM Appliance Chapter 1 Getting Started 3 Table 5 Required Ports on an NSM Appliance 5 Table 6 Ethernet Port LEDs 6 Chapter 3 Configuring NSM from the Web Interface 31 Table 7 Viewing Syslog Re...

Страница 14: ...Copyright 2010 Juniper Networks Inc xiv NSMXpress and NSM3000 User Guide...

Страница 15: ...tegrated management interfaces that control device parameters Each appliance is preconfigured as either a regional server or central manager This guide describes how you can install NSM onto your NSM...

Страница 16: ...nd Specify the keyword exp msg Click User Objects Represents commands and keywords in text Represents keywords Represents UI elements Bold typeface like this user input Represents text that the user m...

Страница 17: ...ll and run the NSM user interface This guide is intended for IT administrators responsible for the installation or upgrade of NSM Network and Security Manager Installation Guide Describes how to use a...

Страница 18: ...ggestions so that we can improve the documentation You can send your comments to techpubs comments juniper net or fill out the documentation feedback form at https www juniper net cgi bin docbugreport...

Страница 19: ...fications https www juniper net alerts Join and participate in the Juniper Networks Community Forum http www juniper net company communities Open a case online in the CSC Case Management tool http www...

Страница 20: ...Copyright 2010 Juniper Networks Inc xx NSMXpress and NSM3000 User Guide...

Страница 21: ...M Appliance Part 1 contains the following chapters Getting Started on page 3 Installing and Configuring NSM from the CLI on page 13 Configuring NSM from the Web Interface on page 31 1 Copyright 2010 J...

Страница 22: ...Copyright 2010 Juniper Networks Inc 2 NSMXpress and NSM3000 User Guide...

Страница 23: ...t significantly from NSM appliances because it eliminates the need to have dedicated resources for maintaining a network and security management solution NSM appliances make it easy for administrators...

Страница 24: ...d that you install the NSM appliance on your LAN to ensure that it can communicate with your applicable resources such as authentication servers DNS servers internal Web servers through HTTP HTTPS ext...

Страница 25: ...Yes Yes Connections from devices running Junos Secure Access devices or Infranet Controller devices 7804 No Yes Yes SSH connection to new managed device 22 Out Yes No Yes Telnet connection to new man...

Страница 26: ...panel See Figure 3 on page 8 Figure 1 Front Panel of NSMXpress 7 Plug the null modem serial cable into the console port See Figure 3 on page 8 This cable was shipped with your NSMXpress If you do not...

Страница 27: ...ce in your server rack using the attached mounting brackets 4 Plug the power cord into the AC receptacle on the rear panel Figure 2 Rear Panel of NSM3000 g040042 Power supply AC Power supply receptacl...

Страница 28: ...ration When you first turn on an unconfigured NSM appliance you need to enter basic network and machine information through the serial console to make your appliance accessible to the network After en...

Страница 29: ...cessary to make your appliance active on the network To set up your appliance either as a regional server or a central manager follow these steps 1 Enter the IP address for interface eth0 and press En...

Страница 30: ...g NSM from the CLI on page 13 for information about how to install and configure NSM on your NSM appliance from the CLI NSM Appliance Users An NSM appliance has three user levels All users log in as t...

Страница 31: ...m via a web browser connect to https 10 150 43 205 administration 2 Open a Web browser and paste the URL into the address text box 3 Press Enter to open the NSM appliance login page 4 Enter the admin...

Страница 32: ...Copyright 2010 Juniper Networks Inc 12 NSMXpress and NSM3000 User Guide...

Страница 33: ...SM appliance the following standard navigational menu options are available to you This section provides information on general options you can use during setup and configuration These options include...

Страница 34: ...last on most menus Quit Enter Q to exit from the setup program You will be prompted to save or cancel any changes you made since you last saved Q Quit R Redraw menu Choice 1 9 Q R Q Using nsm_setup A...

Страница 35: ...installation This section describes that setup process The steps in this procedure assume you Have completed all appropriate steps in Getting Started on page 3 Have a console terminal or terminal emul...

Страница 36: ...egional server NSM Configuration Main Menu 1 Management IP 10 150 43 205 The IP address on this server that will be used for management 2 NSM super password Password for super user 3 GUI server one ti...

Страница 37: ...u have the following options High Availability Enter 5 to open a menu to configure HA Advanced Options Enter 6 to open a menu of additional configurable options including the port number for receiving...

Страница 38: ...cond HA link in the HA cluster Use the items in this menu to set up a redundant link for the HA cluster If you are going to use a second link you need to set the IP address for eth1 before configuring...

Страница 39: ...for NBI Default is 8443 2 Menu Remote Replication of Database Off 3 Menu SRS Off M Main Menu R Redraw menu Choice 1 3 M R You have the following options https port for NBI service Enter 1 to change th...

Страница 40: ...te Hour of day to Replicate Database Enter 2 to start the backup at the specified time The valid range is 00 23 Remote Backup IP Enter 3 to specify the IP address of the remote backup machine Backup i...

Страница 41: ...r password for the SRS database At least eight characters are required The password is case sensitive Click Submit to save the options and return to the NSM Configuration Main Menu Configuring the Cen...

Страница 42: ...f additional options including the port number for receiving messages through the NSM API and remote database replication details The following sections provide procedures for configuring HA and advan...

Страница 43: ...dev sdc1 or server share 3 Shared Disk NFS Mount Options Options when mounting shared disk e g rw intr tcp soft timeo 2 4 Return to High Availability menu Menu HA Links Enter 7 to open the HA Links m...

Страница 44: ...enu R Redraw menu Choice 1 2 M R You have the following options https port for NBI service Enter 1 to change the port number for listening for messages for the NSM API In response to the prompt enter...

Страница 45: ...nter 4 to change the timeout period for the remote backup The valid range is 1 through 65535 seconds Configuring Standard Configuration Options After the initial setup continue configuring typical opt...

Страница 46: ...e of the following options 1 to modify eth0 2 to set or modify eth1 3 Make the following selection for interface options by selecting one of the following options 1 to change the IP address and return...

Страница 47: ...lso with 4 or more labels the previous hostname alias might remain in the etc hosts file This condition can be corrected by manually editing the etc hosts file Adding DNS Servers You can add up to thr...

Страница 48: ...warding Local Status E mails You can use this option to forward all local root e mail messages to an e mail address You can add an unlimited number of e mail addresses in addition to mailing lists to...

Страница 49: ...s for saving changes At the prompt enter one of the following menu options A to apply all the new changes M to make more changes before configuring the regional server or the central manager C to canc...

Страница 50: ...have not updated the recovery partition through the Web UI only the Re install option option to install the previous version is displayed 4 Read the paragraph and then press Enter Booting Re Install...

Страница 51: ...setup process Your NSM appliance comes preconfigured as a regional server or a central manager Most installation and configuration steps in this section are identical for both types of server All exce...

Страница 52: ...the Install NSM Central Manager link to view the Install NSM Central Manager page see Figure 5 on page 33 as the case may be NOTE The admin user default username is admin and the password is the one...

Страница 53: ...and then reenter it in the text box below it This password is used to authenticate this NSM server with other NSM servers with which it communicates Regional servers use this password to authenticate...

Страница 54: ...server in the HA cluster If you select y it is the primary server the default If you select n it is the secondary server 4 Use the HA Remote IP option to enter the IP address for the HA peer in the H...

Страница 55: ...Options Use the options in this menu to set up a redundant link for the HA cluster If you are going to use a second link you need to set the IP address for eth1 before configuring this setting see Con...

Страница 56: ...fer to the Network and Security Manager Installation Guide Figure 11 HA Advanced Settings 11 Click Submit to save the HA options and return to the NSM Configuration Main Menu Advanced Options To displ...

Страница 57: ...bling and Configuring SRS Regional Server Only on page 38 Enabling and Configuring Remote Replication of the Database To configure remote replication of database settings 1 On the Advanced Options men...

Страница 58: ...default is off If you turn on this feature the server is used with the GUI Server 3 Use the SRS DB IP option to enter the IP address for the server on which you have installed the SRS database server...

Страница 59: ...on tree to access the options described in this section These options are available only after installing NSM The following sections explain how to use each of the NSM Administration options Changing...

Страница 60: ...rt Audit Logs To export an audit log to a csv file select csv in the drop down list box and then enter the csv file name in the text box To export an audit log to a system log server select syslog in...

Страница 61: ...NSM administrator and not an NSM appliance user Enter a user name as domain user such as global super Modifying NSM Configuration Files To manually edit the GuiSrv cfg DevSvr dfg and HaSvr cfg files s...

Страница 62: ...m setup utility all manual changes to the configuration files are lost Backing Up the NSM Database To configure backups of the NSM database select NSM Administration NSM Database Backup link under NSM...

Страница 63: ...ation NSM Management IP link under NSM Administration See Figure 22 on page 43 Figure 22 Change Management IP Scheduling Security Updates To schedule security updates select NSM Administration Schedul...

Страница 64: ...page 47 Monitoring with SNMP on page 50 Forwarding Syslog Messages on page 53 Changing the System Time on page 56 Installing Updates on page 56 Managing Users on page 57 Configuring the Web Interface...

Страница 65: ...onfiguration The Network Configuration window appears as shown in Figure 26 on page 45 Figure 26 Network Interfaces Options The following sections describe each of the options available in the Network...

Страница 66: ...re and manage routes and gateways See Figure 28 on page 46 Figure 28 Routes and Gateways Hostname and DNS Clients Use this option to configure and manage hostnames and DNS clients See Figure 29 on pag...

Страница 67: ...vileges that are associated with the user profile If none of the servers authenticates the user the user login fails NOTE The NSM appliance must be configured as a RADIUS client on a RADIUS server so...

Страница 68: ...ADIUS Servers Dialog Box 2 Click Add to add a RADIUS Server to the WebUI The Add RADIUS Server dialog box appears See Figure 32 on page 48 Figure 32 Add RADIUS Server Dialog Box 3 Configure the follow...

Страница 69: ...t to the name of the server whose priority you want to increase and click Move Up To decrease the priority of a RADIUS server select the check box next to the name of the server whose priority you wan...

Страница 70: ...configuring NSMappliances for SNMP monitoring You must provide access credentials for the SNMP server a list of IP addresses from which logon requests will be accepted and the trap conditions to be r...

Страница 71: ...used on the NSM appliance 5 To limit SNMP Get requests to specific servers select Only and then enter the IP addresses of the permitted servers 6 Click Save SNMP System Information To configure SNMP s...

Страница 72: ...P address of the SNMP management server 4 Select from the following trap conditions Disk space low Enter the percentage of free disk space below which SNMP issues a trap Memory low Enter the percentag...

Страница 73: ...he NSMappliance creates a secure tunnel to the syslog receiver UDP messaging is available for basic syslog implementations The following sections provide procedures for managing syslog message forward...

Страница 74: ...e sent to this receiver Device Server The GUI Server logs configured to be sent to this receiver GUI Server The HA Server logs configured to be sent to this receiver HA Server Adding and Configuring S...

Страница 75: ...er will be known by within NSM 6 In the IP field Enter the IP address of the syslog receiver 7 In the Transport field select the type of syslog receiver Select UDP for basic syslog implementations Sel...

Страница 76: ...ecevier 3 Make the desired changes to the configuration 4 Click Save to save and apply your edits to the configuration of this syslog receiver Deleting Syslog Receivers To delete a syslog receiver con...

Страница 77: ...ou need System Administration permission to create users This topic contains the following sections Creating New NSM Appliance Users on page 57 Deleting a User on page 58 Editing User Attributes on pa...

Страница 78: ...ress user dialog box appears 3 Enter a user name in the Username text box 4 Select Set to from the password drop down list and enter the password you want to set in the password text box 5 Reenter the...

Страница 79: ...rator NSM Administrators have access to NSM Administration RADIUS Management Maintenance and Troubleshooting modules Network Operator Network Operators have access to Network Utilities and Report Gene...

Страница 80: ...Configuration Files No No Yes Yes NSM Database Backup No No Yes Yes NSM Management IP No No Yes Yes Schedule Security Updates Maintenance Yes Yes Yes Yes System Statistics Troubleshooting No No Yes Ye...

Страница 81: ...ce System Statistics The system Statistics window appears as shown in Figure 42 on page 61 Figure 42 System Statistics CPU Select CPU to view graphs that monitor the CPU activity hourly daily weekly m...

Страница 82: ...the NSM appliance available for recovery displacing the existing files in the recovery partition The factory default recovery files are retained as an alternative recovery choice Other versions are de...

Страница 83: ...een shows the progress of the operation Errors are reported if the required files are unavailable disk space is not sufficient or the previous version files are invalid When preparation is completed t...

Страница 84: ...e By authentication check box and choose an authentication mechanism from the drop down list to specify actions by a specific authentication mechanism Select Byanyauthentication except and choose a pr...

Страница 85: ...n page 65 shows an example Figure 45 Review Error Logs To view details of an individual error log select the file you want to view and click View Figure 46 on page 65 shows sample error log details Fi...

Страница 86: ...Packets Enter the number of packets this ping command will send The default is 5 The values range from 1 99 Packet Size Enter the packet size in bytes this ping command will send The default is 56 Th...

Страница 87: ...tool to print the route a packet takes to a network host See Figure 49 on page 67 Figure 49 Traceroute Utility NOTE The only required field is Hostname The value can be either a hostname or an IP add...

Страница 88: ...mallest network available Figure 51 IP Subnet Calculator Tech Support To get contact information for Juniper Networks technical support select Troubleshooting Tech Support To help analyze problems sel...

Страница 89: ...formation menu item to display information about the server including CPU load and memory use as shown in Figure 53 on page 69 Figure 53 System Information 69 Copyright 2010 Juniper Networks Inc Chapt...

Страница 90: ...Copyright 2010 Juniper Networks Inc 70 NSMXpress and NSM3000 User Guide...

Страница 91: ...PART 2 Appendixes NSMXpress LEDs on page 73 71 Copyright 2010 Juniper Networks Inc...

Страница 92: ...Copyright 2010 Juniper Networks Inc 72 NSMXpress and NSM3000 User Guide...

Страница 93: ...ge 73 describes their states Table 9 NSMXpress LEDs Condition Color LED The appliance is not receiving power Unlit Power The appliance is receiving power Green No hard disk activity Unlit Hard Disk Ha...

Страница 94: ...ilure On steadily Red Hard Disk Failure LED NOTE This is applicable for NSM 3000 RAID configurations and not for non RAID configurations NSMXpress NSMCM Hard disk recovery or rebuild Blinking red NOTE...

Страница 95: ...PART 3 Index Index on page 77 75 Copyright 2010 Juniper Networks Inc...

Страница 96: ...Copyright 2010 Juniper Networks Inc 76 NSMXpress and NSM3000 User Guide...

Страница 97: ...Svr cfg file 41 disk usage 62 DMZ 4 DNS client 46 DNS server 27 documentation comments on xviii E e mail forwarding 28 enterprise customers 3 error logs 65 eth0 activity 62 configuring 26 IP address 9...

Страница 98: ...er one time 17 22 33 heartbeat 18 23 34 NSM central manager 22 super user central manager 33 39 super user regional server 16 33 39 user 45 ping utility 66 ports required by NSMXpress 4 power cord 6 p...

Страница 99: ...em information 69 system logs 65 system statistics 61 system time 27 56 T technical support 68 contacting JTAC xviii tiling 62 time zone 28 56 time setting 27 56 traceroute utility 67 trap conditions...

Страница 100: ...Copyright 2010 Juniper Networks Inc 80 NSMXpress and NSM3000 User Guide...

Отзывы:

Нет отзывов

Похожие инструкции для NETWORK AND SECURITY MANAGER NSM3000 - REV 1

Бренд: COMPRO Страницы: 36

Бренд: Bosch Страницы: 40

Divar Archive Player

Бренд: Bosch Страницы: 10

Бренд: Bosch Страницы: 86

DINION IP 5000 MP

Бренд: Bosch Страницы: 112

Бренд: Nokia Страницы: 29

Бренд: Nokia Страницы: 29

Бренд: Nokia Страницы: 35

NPS6113000 - Secure Access System

Бренд: Nokia Страницы: 48

N73 - Smartphone 42 MB

Бренд: Nokia Страницы: 354

N73 - Smartphone 42 MB

Бренд: Nokia Страницы: 265

Network Voyager

Бренд: Nokia Страницы: 700

Strata CTX ACD Application

Бренд: Toshiba Страницы: 1

Strata CIX WinCIX

Бренд: Toshiba Страницы: 5

Strata CIX SoftIPT 2.1.2

Бренд: Toshiba Страницы: 5

Strata CS Release 7.0

Бренд: Toshiba Страницы: 8

Strata CIX SoftIPT 2.2

Бренд: Toshiba Страницы: 10

Strata CTX SoftIPT

Бренд: Toshiba Страницы: 12

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды