Juniper NETWORK AND SECURITY MANAGER NSMXPRESS Скачать руководство пользователя страница 1 | Manualshive

Страница: 1 / 51

background image

Network and Security Manager

NSMXpress Quick Start

November 17, 2010
Revision 1

NSMXpress is an appliance version of Network and Security Manager (NSM). NSMXpress
simplifies the complexity of network administration by providing a single, integrated
management interface that controls device parameters.

This robust hardware management system installs in minutes with full high availability
(HA) support, making it easy to scale and deploy. Enterprise customers with limited
resources can benefit significantly from NSMXpress because it eliminates the need to
have dedicated resources for maintaining a network and security management solution.

NSMXpress makes it easy for administrators to control device configuration, network
settings, and security policy settings for multiple families of Juniper devices including:

•

IDP Series Intrusion Detection and Prevention Appliances and Firewall and VPN devices
running ScreenOS

•

Devices running Junos OS, such as J Series Services Routers, SRX Series Services
Gateways, EX Series Ethernet Switches, M Series Multiservice Edge Routers, and MX
Series Ethernet Services routers

•

SA Series SSL VPN Appliances

•

IC Series Unified Access Control Appliances

For a complete list of supported device families and platforms, see the

Network and

Security Manager Administration Guide

.

Up to 10 administrators can log into NSMXpress concurrently.

This quick start explains the following steps for installing and configuring NSMXpress
and for configuring NSM.

1.

Install the NSMXpress appliance hardware.

2.

Set up the NSMXpress appliance using the serial port.

1

Copyright © 2010, Juniper Networks, Inc.

1
2
3
...
»

Содержание NETWORK AND SECURITY MANAGER NSMXPRESS

Страница 1: ...uration network settings and security policy settings for multiple families of Juniper devices including IDP Series Intrusion Detection and Prevention Appliances and Firewall and VPN devices running S...

Страница 2: ...ruser Password 17 Downloading NSM MIBS Regional Server Only 18 Exporting Audit Logs 18 Exporting Device Logs Regional Server Only 18 Generating Reports Regional Server Only 19 Modifying NSM Configurat...

Страница 3: ...39 Maintaining NSMXpress 39 Viewing System Statistics 39 CPU 40 Log Rate 40 CPU Load 40 Memory Data 40 Network Data 40 Process Count 40 Disk Data 40 Tile All Graphs 40 Upgrading the Recovery Partition...

Страница 4: ...e 4 provides required port information on the NSMXpress Table 1 Required Ports on NSMXpress Depends on Configuration Internet LAN Description Port Direction No No Yes SSH command line management 22 In...

Страница 5: ...r network To install NSMXpress 1 Place the shipping container on a flat surface and remove the hardware components with care 2 Remove the NSMXpress device from the shipping container and place it on a...

Страница 6: ...p is to set up the software as described in Initial Setup Configuration on page 6 Table 2 on page 6 provides LED information for the ETH0 and ETH1 ports Table 2 Ethernet Port LEDs LED2 LED 1 LAN Statu...

Страница 7: ...ore proceeding to the boot countdown When complete the serial console displays the login prompt terminal emulator NSMXpress juniper net login 4 Enter admin as your default login name 5 Enter abc123 as...

Страница 8: ...w active on the network To configure your system via a web browser connect to https 10 150 43 205 administration 2 Open a Web browser and paste the URL into the address text box 3 Press Enter to open...

Страница 9: ...iance as described in Initial Setup Configuration on page 6 3 Enter the https ip administration URL for your appliance in a Web browser See Web Interface Configuration on page 8 for details 4 Log into...

Страница 10: ...Figure 2 Regional Server Configuration Main Menu Figure 3 Central Manager Configuration Main Menu Copyright 2010 Juniper Networks Inc 10 NSMXpress Quick Start...

Страница 11: ...nicates Regional servers use this password to authenticate peer servers in an HA configuration and to authenticate the central manager The central manager uses this password to authenticate its peer s...

Страница 12: ...Use the HA Remote IP option to enter the IP address for the HA peer in the HA cluster 5 Use the HA Link Failure Detection IP option to enter the IP address of a computer outside the HA cluster that y...

Страница 13: ...e 7 HA Links Options Use the options in this menu to set up a redundant link for the HA cluster If you are going to use a second link you need to set the IP address for eth1 before configuring this se...

Страница 14: ...s refer to the Network and Security Manager Installation Guide Figure 9 HA Advanced Settings 11 Click Submit to save the HA options and return to the NSM Configuration Main Menu Advanced Options To di...

Страница 15: ...Enabling and Configuring SRS Regional Server Only on page 16 Enabling and Configuring Remote Replication of the Database To configure remote replication of database settings 1 On the Advanced Options...

Страница 16: ...The default is off If you turn on this feature the server is used with the GUI server 3 Use the SRS DB IP option to enter the IP address for the server on which you have installed the SRS database se...

Страница 17: ...eft navigation tree to access the options described in this section These options are available only after installing NSM The following sections explain how to use each of the NSM Administration optio...

Страница 18: ...Export Audit Logs To export an audit log to a csv file select csv in the drop down list box and then enter the csv file name in the text box To export an audit log to a system log server select syslo...

Страница 19: ...e user is an NSM administrator and not an NSMXpress user Enter a user name as domain user such as global super Modifying NSM Configuration Files To manually edit the GuiSrv cfg DevSvr dfg and HaSvr cf...

Страница 20: ...e nsm setup utility all manual changes to the configuration files are lost Backing Up the NSM Database To configure backups of the NSM database select NSM Administration NSM Database Backup link under...

Страница 21: ...Administration NSM Management IP link under NSM Administration See Figure 20 on page 21 Figure 20 Change Management IP Scheduling Security Updates To schedule security updates select NSM Administrati...

Страница 22: ...Servers on page 25 Monitoring with SNMP on page 28 Forwarding Syslog Messages on page 31 Changing the System Time on page 34 Installing Updates on page 34 Managing Users on page 35 Configuring the We...

Страница 23: ...Network Configuration The Network Configuration window appears as shown in Figure 24 on page 23 Figure 24 Network Interfaces Options The following sections describe each of the options available in th...

Страница 24: ...nfigure and manage routes and gateways See Figure 26 on page 24 Figure 26 Routes and Gateways Hostname and DNS Clients Use this option to configure and manage hostnames and DNS clients See Figure 27 o...

Страница 25: ...rvers authenticates the user the user is logged in with the privileges that are associated with the user profile If none of the servers authenticates the user the user login fails NOTE The NSMXpress a...

Страница 26: ...the RADIUS Servers that have been added See Figure 29 on page 26 Figure 29 RADIUS Servers Dialog Box 2 Click Add to add a RADIUS Server to the WebUI The Add Radius Server dialog box appears See Figur...

Страница 27: ...riority of a RADIUS server select the check box next to the name of the server whose priority you want to increase and click Move Up To decrease the priority of a RADIUS server select the check box ne...

Страница 28: ...uctions for configuring NSMXpress for SNMP monitoring You must provide access credentials for the SNMP server a list of IP addresses from which logon requests will be accepted and the trap conditions...

Страница 29: ...used on the NSMXpress appliance 5 To limit SNMP Get requests to specific servers select Only and then enter the IP addresses of the permitted servers 6 Click Save SNMP System Information To configure...

Страница 30: ...the IP address of the SNMP management server 4 Select from the following trap conditions Disk space low Enter the percentage of free disk space below which SNMP issues a trap Memory low Enter the perc...

Страница 31: ...ct SSL NSMXpress creates a secure tunnel to the syslog receiver UDP messaging is available for basic syslog implementations The following sections provide procedures for managing syslog message forwar...

Страница 32: ...to be sent to this receiver Device Server The GUI Server logs configured to be sent to this receiver GUI Server The HA Server logs configured to be sent to this receiver HA Server Adding and Configur...

Страница 33: ...og receiver will be known by within NSM 6 In the IP field Enter the IP address of the syslog receiver 7 In the Transport field select the type of syslog receiver Select UDP for basic syslog implementa...

Страница 34: ...lected receiver 3 Make the desired changes to the configuration 4 Click Save to save and apply your edits to the configuration of this syslog receiver Deleting Syslog Receivers To delete a syslog rece...

Страница 35: ...NOTE You need System Administration permission to create users This topic contains the following sections Creating New NSMXpress Users on page 35 Deleting a User on page 37 Editing User Attributes on...

Страница 36: ...NSMXpress Users dialog box appears with the new NSMXpress user listed To create a WebUI user 1 Select System Administration User Management The NSMXpress Users dialog box appears listing all NSMXpress...

Страница 37: ...change and click Submit You can change the password and the user profile Understanding User Profiles NSMXpress provides four predefined user profiles that allow you to implement role based access con...

Страница 38: ...o No No Yes System Update No No No Yes User Management No No No Yes WebUI Configuration NSM Administration No No Yes Yes Change NSM Super User Password No No Yes Yes Download NSM MIBs No Yes Yes Yes E...

Страница 39: ...nistration WebUIConfiguration The Allowed IP Addresses window appears as shown in Figure 39 on page 39 Figure 39 Web Interface Access Maintaining NSMXpress The Maintaining section of the NSMXpress nav...

Страница 40: ...Memory to view graphs that monitor the memory activity hourly daily weekly and monthly Network Data Select either eth0 or eth1 to view graphs that monitor network activity hourly daily weekly and mont...

Страница 41: ...rary workspace into the recovery partition By splitting the process into two phases NSMXpress minimizes the period of vulnerability while the upgrade itself takes place To upgrade the recovery partiti...

Страница 42: ...rk Utilities on page 44 Tech Support on page 47 Auditing User Operations You can audit all user operations performed in NSMXpress Users with System Administrator and NSM administrator permissions can...

Страница 43: ...ons by a specific authentication mechanism Select Byanyauthentication except and choose a profile from the drop down list to exclude actions by an authentication mechanism Actionsinmodule Select the I...

Страница 44: ...etwork utilities ping traceroute and nslookup for TCP IP Networking select Troubleshooting Network Utilities These tools also provide an IP subnet calculator SeeFigure 45 on page 44 Figure 45 Network...

Страница 45: ...g will fill it with random data This option is useful if you do not have problems with connectivity itself but with data loss Verbosity Output NSMXpress lists the ICMP packets other than ECHO_Response...

Страница 46: ...DNS database Enter a nameserver or select the default If you choose the default nslookup will use the server on which NSMXpress is installed Figure 48 Lookup Utility IP Subnet Calculator Use the IP su...

Страница 47: ...nd then click Run Tech Support Script NSMXpress creates a file you can download and send to Juniper Networks technical support See Figure 50 on page 47 Figure 50 Juniper Tech Support Viewing System In...

Страница 48: ...n the NSM user interface UI This guide is intended for application administrators or those individuals responsible for owning the server and security infrastructure and configuring the product for mul...

Страница 49: ...rt you can access our tools and resources online or open a case with JTAC JTAC policies For a complete understanding of our JTAC procedures and policies review the JTAC User Guide located at http www...

Страница 50: ...https tools juniper net SerialNumberEntitlementSearch Opening a Case with JTAC You can open a case with JTAC on the Web or by telephone Use the Case Management tool in the CSC at http www juniper net...

Страница 51: ...perty of their respective owners Juniper Networks assumes no responsibility for any inaccuracies in this document Juniper Networks reserves the right to change modify transfer or otherwise revise this...

Отзывы:

Нет отзывов

Похожие инструкции для NETWORK AND SECURITY MANAGER NSMXPRESS

Lazett Combo SCX-4116

Бренд: Samsung Страницы: 165

ML 1630 - B/W Laser Printer

Бренд: Samsung Страницы: 18

DocuPrint N4025

Бренд: Xerox Страницы: 129

Бренд: MACROMEDIA Страницы: 156

ZENworks Network Access Control 5.0

Бренд: Novell Страницы: 534

ST905003BPA1E1-RK - Maxtor BlackArmor 500 GB External Hard Drive

Бренд: Seagate Страницы: 2

Бренд: Franklin Страницы: 32

FS-8700-31 Siemens TIWAY I Driver

Бренд: FieldServer Страницы: 26

NAVIGATOR 380 -

Бренд: Genius Страницы: 26

COLDFUSION 4.5- TO CFML

Бренд: MACROMEDIA Страницы: 33

Бренд: palmOne Страницы: 114

Бренд: FARONICS Страницы: 99

Tap Factory Multi-Tap Delay

Бренд: TC Electronic Страницы: 12

ANTI-EXECUTABLE

Бренд: FARONICS Страницы: 2

Бренд: Unitech Страницы: 2

LabelWriter 450 Duo Label Printer

Бренд: Sanford Страницы: 122

Бренд: QMS Страницы: 86

Developer Suite

Бренд: ARM Страницы: 360

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды