Management
Reply
Trusted Contributor
Jickfoo
Posts: 382
Registered: ‎11-06-2007
0

Re: 11.4 Junos and NSM support .. when ?

Tried these instructions , It appears Junos does know about NSM. Still doesnt work though.

 

- Set the Device Admin User Name and Password which are used for SSH connection.  

- Set One-Time Password which is used for first connection from device to NSM server.  

- Follow these steps to finish adding the new device:

 

1. Log into the command line interface on the device   

2. Go to the edit mode in the command line interface   

3. Configure the device to connect to NSM. Execute the following CLI commands.   

4. set system services outbound-ssh client nsm device-id 257712   

5. set system services outbound-ssh client nsm secret <one-time-password>   

6. set system services outbound-ssh client nsm 10.x.xxx.xxx port 7804   

7. set system services outbound-ssh client nsm services netconf   

8. commit   

9. The device will immediately attempt to connect to NSM.

 

 

Super Contributor
cryptochrome
Posts: 496
Registered: ‎03-29-2008
0

Re: 11.4 Junos and NSM support .. when ?

Usually, what I do: I add the device from NSM. It will automatically do all the one-time-password and other config for you. So instead of adding all that stuff through the CLI and then try to connect to NSM, all I do is add a NSM user to the SRX, enable SSH access and then go to NSM and use the "Add Device" function there. Usually that does everything.

Twitter: @cryptochrome
--------------------------------
plus.google.com/11635909860
Trusted Contributor
Jickfoo
Posts: 382
Registered: ‎11-06-2007
0

Re: 11.4 Junos and NSM support .. when ?

I'm working with support now. There is some weird problem. NSM shows ' device-id mismatch '

 

Logs show. No record found in database for this incoming connection, Could be wrong device-id or it is removed by user.inside. blah blah blah Device ID is 0 .

 

Even though its not. Smells like a bug to me. SRX 650 on 11.4 were just added to support.

Trusted Contributor
Jickfoo
Posts: 382
Registered: ‎11-06-2007
0

Re: 11.4 Junos and NSM support .. when ?

Ok, so its been over 3 months. I'm assuming Juniper has fixed this so I am giving it another shot. Rebuilt NSM from scratch and am applying 228 the latest schema as we speak. Any guesses as to whether I'll be able to manage my SRX650s or not ?

Trusted Contributor
Jickfoo
Posts: 382
Registered: ‎11-06-2007
0

Re: 11.4 Junos and NSM support .. when ?

Found this article:

http://forums.juniper.net/t5/SRX-Services-Gateway/SRX-Cluster-NSM-Example/td-p/53388 

 

Added my 650 cluster as a Virtual Chassis. It worked. Policies are imported. Havent really done anything with it yet but at least I see the device and the config in NSM.

Super Contributor
cryptochrome
Posts: 496
Registered: ‎03-29-2008
0

Re: 11.4 Junos and NSM support .. when ?

If I were you, I would wait a couple of more weeks. NSM 12.1 will be here soon. It will have enhanced support for managing SRX devices. For example, NSM will finally be able to recognize when a SRX has changed (e.g. through local comman-line config changes). The real advise though is to delete NSM alltogether - since you are building from scratch it shouldn't be so painful - and wait for the release of Junos SPACE 12.1. It will be released in May. It eats NSM for breakfast and will be the first release that will be able to more or less completely replace NSM (except for logging). I've seen it and I was impressed.
Twitter: @cryptochrome
--------------------------------
plus.google.com/11635909860
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.