Juniper NETWORK AND SECURITY MANAGER NSMXPRESS Скачать руководство пользователя страница 4 | Manualshive

Страница: 4 / 51

background image

Hardware Installation

We recommend that you install NSMXpress on your LAN to ensure that it can
communicate with your applicable resources, such as authentication servers, DNS servers,
internal Web servers through HTTP/HTTPS, external Web sites through HTTP/HTTPS
(optional), the Juniper update server via HTTP, Network File System (NFS) file servers
(optional), and client/server applications (optional).

NOTE:

If you decide to install NSMXpress in your DMZ, ensure that it can

connect to your internal resources.

NSMXpress Ports

Table 1 on page 4 provides required port information on the NSMXpress.

Table 1: Required Ports on NSMXpress

Depends on
Configuration

Internet

LAN

Description

Port

Direction

No

No

Yes

SSH command-line management

22

In

No

No

Yes

Web interface for administrator
login

443

Yes

Yes

LAN

Web interface for listening for NSM
API messages.

8443

No

Yes

Yes

Connections from managed
devices to NSMXpress

7800

No

No

Yes

Connections from the NSM GUI
Client to NSM

7801

Yes

No

Yes

Heartbeat between peers in an HA
cluster

7802

Yes

Yes

Yes

Connections from managed IDP
devices to NSM

7803

Yes

Yes

Yes

Connections from devices running
Junos , Secure Access devices, or
Infranet Controller devices

7804

Copyright © 2010, Juniper Networks, Inc.

4

NSMXpress Quick Start

«
...
2
3
4
5
6
...
»

Содержание NETWORK AND SECURITY MANAGER NSMXPRESS

Страница 1: ...uration network settings and security policy settings for multiple families of Juniper devices including IDP Series Intrusion Detection and Prevention Appliances and Firewall and VPN devices running S...

Страница 2: ...ruser Password 17 Downloading NSM MIBS Regional Server Only 18 Exporting Audit Logs 18 Exporting Device Logs Regional Server Only 18 Generating Reports Regional Server Only 19 Modifying NSM Configurat...

Страница 3: ...39 Maintaining NSMXpress 39 Viewing System Statistics 39 CPU 40 Log Rate 40 CPU Load 40 Memory Data 40 Network Data 40 Process Count 40 Disk Data 40 Tile All Graphs 40 Upgrading the Recovery Partition...

Страница 4: ...e 4 provides required port information on the NSMXpress Table 1 Required Ports on NSMXpress Depends on Configuration Internet LAN Description Port Direction No No Yes SSH command line management 22 In...

Страница 5: ...r network To install NSMXpress 1 Place the shipping container on a flat surface and remove the hardware components with care 2 Remove the NSMXpress device from the shipping container and place it on a...

Страница 6: ...p is to set up the software as described in Initial Setup Configuration on page 6 Table 2 on page 6 provides LED information for the ETH0 and ETH1 ports Table 2 Ethernet Port LEDs LED2 LED 1 LAN Statu...

Страница 7: ...ore proceeding to the boot countdown When complete the serial console displays the login prompt terminal emulator NSMXpress juniper net login 4 Enter admin as your default login name 5 Enter abc123 as...

Страница 8: ...w active on the network To configure your system via a web browser connect to https 10 150 43 205 administration 2 Open a Web browser and paste the URL into the address text box 3 Press Enter to open...

Страница 9: ...iance as described in Initial Setup Configuration on page 6 3 Enter the https ip administration URL for your appliance in a Web browser See Web Interface Configuration on page 8 for details 4 Log into...

Страница 10: ...Figure 2 Regional Server Configuration Main Menu Figure 3 Central Manager Configuration Main Menu Copyright 2010 Juniper Networks Inc 10 NSMXpress Quick Start...

Страница 11: ...nicates Regional servers use this password to authenticate peer servers in an HA configuration and to authenticate the central manager The central manager uses this password to authenticate its peer s...

Страница 12: ...Use the HA Remote IP option to enter the IP address for the HA peer in the HA cluster 5 Use the HA Link Failure Detection IP option to enter the IP address of a computer outside the HA cluster that y...

Страница 13: ...e 7 HA Links Options Use the options in this menu to set up a redundant link for the HA cluster If you are going to use a second link you need to set the IP address for eth1 before configuring this se...

Страница 14: ...s refer to the Network and Security Manager Installation Guide Figure 9 HA Advanced Settings 11 Click Submit to save the HA options and return to the NSM Configuration Main Menu Advanced Options To di...

Страница 15: ...Enabling and Configuring SRS Regional Server Only on page 16 Enabling and Configuring Remote Replication of the Database To configure remote replication of database settings 1 On the Advanced Options...

Страница 16: ...The default is off If you turn on this feature the server is used with the GUI server 3 Use the SRS DB IP option to enter the IP address for the server on which you have installed the SRS database se...

Страница 17: ...eft navigation tree to access the options described in this section These options are available only after installing NSM The following sections explain how to use each of the NSM Administration optio...

Страница 18: ...Export Audit Logs To export an audit log to a csv file select csv in the drop down list box and then enter the csv file name in the text box To export an audit log to a system log server select syslo...

Страница 19: ...e user is an NSM administrator and not an NSMXpress user Enter a user name as domain user such as global super Modifying NSM Configuration Files To manually edit the GuiSrv cfg DevSvr dfg and HaSvr cf...

Страница 20: ...e nsm setup utility all manual changes to the configuration files are lost Backing Up the NSM Database To configure backups of the NSM database select NSM Administration NSM Database Backup link under...

Страница 21: ...Administration NSM Management IP link under NSM Administration See Figure 20 on page 21 Figure 20 Change Management IP Scheduling Security Updates To schedule security updates select NSM Administrati...

Страница 22: ...Servers on page 25 Monitoring with SNMP on page 28 Forwarding Syslog Messages on page 31 Changing the System Time on page 34 Installing Updates on page 34 Managing Users on page 35 Configuring the We...

Страница 23: ...Network Configuration The Network Configuration window appears as shown in Figure 24 on page 23 Figure 24 Network Interfaces Options The following sections describe each of the options available in th...

Страница 24: ...nfigure and manage routes and gateways See Figure 26 on page 24 Figure 26 Routes and Gateways Hostname and DNS Clients Use this option to configure and manage hostnames and DNS clients See Figure 27 o...

Страница 25: ...rvers authenticates the user the user is logged in with the privileges that are associated with the user profile If none of the servers authenticates the user the user login fails NOTE The NSMXpress a...

Страница 26: ...the RADIUS Servers that have been added See Figure 29 on page 26 Figure 29 RADIUS Servers Dialog Box 2 Click Add to add a RADIUS Server to the WebUI The Add Radius Server dialog box appears See Figur...

Страница 27: ...riority of a RADIUS server select the check box next to the name of the server whose priority you want to increase and click Move Up To decrease the priority of a RADIUS server select the check box ne...

Страница 28: ...uctions for configuring NSMXpress for SNMP monitoring You must provide access credentials for the SNMP server a list of IP addresses from which logon requests will be accepted and the trap conditions...

Страница 29: ...used on the NSMXpress appliance 5 To limit SNMP Get requests to specific servers select Only and then enter the IP addresses of the permitted servers 6 Click Save SNMP System Information To configure...

Страница 30: ...the IP address of the SNMP management server 4 Select from the following trap conditions Disk space low Enter the percentage of free disk space below which SNMP issues a trap Memory low Enter the perc...

Страница 31: ...ct SSL NSMXpress creates a secure tunnel to the syslog receiver UDP messaging is available for basic syslog implementations The following sections provide procedures for managing syslog message forwar...

Страница 32: ...to be sent to this receiver Device Server The GUI Server logs configured to be sent to this receiver GUI Server The HA Server logs configured to be sent to this receiver HA Server Adding and Configur...

Страница 33: ...og receiver will be known by within NSM 6 In the IP field Enter the IP address of the syslog receiver 7 In the Transport field select the type of syslog receiver Select UDP for basic syslog implementa...

Страница 34: ...lected receiver 3 Make the desired changes to the configuration 4 Click Save to save and apply your edits to the configuration of this syslog receiver Deleting Syslog Receivers To delete a syslog rece...

Страница 35: ...NOTE You need System Administration permission to create users This topic contains the following sections Creating New NSMXpress Users on page 35 Deleting a User on page 37 Editing User Attributes on...

Страница 36: ...NSMXpress Users dialog box appears with the new NSMXpress user listed To create a WebUI user 1 Select System Administration User Management The NSMXpress Users dialog box appears listing all NSMXpress...

Страница 37: ...change and click Submit You can change the password and the user profile Understanding User Profiles NSMXpress provides four predefined user profiles that allow you to implement role based access con...

Страница 38: ...o No No Yes System Update No No No Yes User Management No No No Yes WebUI Configuration NSM Administration No No Yes Yes Change NSM Super User Password No No Yes Yes Download NSM MIBs No Yes Yes Yes E...

Страница 39: ...nistration WebUIConfiguration The Allowed IP Addresses window appears as shown in Figure 39 on page 39 Figure 39 Web Interface Access Maintaining NSMXpress The Maintaining section of the NSMXpress nav...

Страница 40: ...Memory to view graphs that monitor the memory activity hourly daily weekly and monthly Network Data Select either eth0 or eth1 to view graphs that monitor network activity hourly daily weekly and mont...

Страница 41: ...rary workspace into the recovery partition By splitting the process into two phases NSMXpress minimizes the period of vulnerability while the upgrade itself takes place To upgrade the recovery partiti...

Страница 42: ...rk Utilities on page 44 Tech Support on page 47 Auditing User Operations You can audit all user operations performed in NSMXpress Users with System Administrator and NSM administrator permissions can...

Страница 43: ...ons by a specific authentication mechanism Select Byanyauthentication except and choose a profile from the drop down list to exclude actions by an authentication mechanism Actionsinmodule Select the I...

Страница 44: ...etwork utilities ping traceroute and nslookup for TCP IP Networking select Troubleshooting Network Utilities These tools also provide an IP subnet calculator SeeFigure 45 on page 44 Figure 45 Network...

Страница 45: ...g will fill it with random data This option is useful if you do not have problems with connectivity itself but with data loss Verbosity Output NSMXpress lists the ICMP packets other than ECHO_Response...

Страница 46: ...DNS database Enter a nameserver or select the default If you choose the default nslookup will use the server on which NSMXpress is installed Figure 48 Lookup Utility IP Subnet Calculator Use the IP su...

Страница 47: ...nd then click Run Tech Support Script NSMXpress creates a file you can download and send to Juniper Networks technical support See Figure 50 on page 47 Figure 50 Juniper Tech Support Viewing System In...

Страница 48: ...n the NSM user interface UI This guide is intended for application administrators or those individuals responsible for owning the server and security infrastructure and configuring the product for mul...

Страница 49: ...rt you can access our tools and resources online or open a case with JTAC JTAC policies For a complete understanding of our JTAC procedures and policies review the JTAC User Guide located at http www...

Страница 50: ...https tools juniper net SerialNumberEntitlementSearch Opening a Case with JTAC You can open a case with JTAC on the Web or by telephone Use the Case Management tool in the CSC at http www juniper net...

Страница 51: ...perty of their respective owners Juniper Networks assumes no responsibility for any inaccuracies in this document Juniper Networks reserves the right to change modify transfer or otherwise revise this...

Отзывы:

Нет отзывов

Похожие инструкции для NETWORK AND SECURITY MANAGER NSMXPRESS

MAIL - BROWSING SMARTPHONE

Бренд: Blackberry Страницы: 25

DEEP FREEZE - INTEGRATING WITH NOVELL ZENWORKS...

Бренд: FARONICS Страницы: 23

Modero ViewPoint MVP-5100

Бренд: AMX Страницы: 190

GS110TP - ProSafe Gigabit Smart Switch

Бренд: NETGEAR Страницы: 2

Бренд: Model Technology Страницы: 37

SyncMaster S23A950D

Бренд: Samsung Страницы: 90

SyncMaster T23A750

Бренд: Samsung Страницы: 292

Бренд: JETWAY Страницы: 43

RESCUE CD - FOR WINDOWS V 85.2

Бренд: AVG Страницы: 83

ANTI-VIRUS BUSINESS EDITION 2011 - REV 2011.01

Бренд: AVG Страницы: 128

Бренд: Fiery Страницы: 214

Бренд: Nikon Страницы: 12

Baby Lock Embroidery Professional PLUS

Бренд: Baby Lock Страницы: 5

141670 - DS 330 Digital Voice Recorder

Бренд: Olympus Страницы: 76

BREEZE 5-MANAGER

Бренд: MACROMEDIA Страницы: 306

Бренд: Native Instruments Страницы: 16

Бренд: Icom Страницы: 16

Бренд: Oki Страницы: 106

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды