Management
Blogs
Discussion Forums
Programs & Events
turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Reply
Topic Options
IDPironman
Contributor
IDPironman
Posts: 16
Registered: ‎05-13-2008
0
Accepted Solution

Blocked IP on NSM console

Options

‎06-09-2008 09:22 AM

My IP has been locked from the NSM 2007.2 console and now I am unable to unblock it. I see that it has been blocked when looking in /usr/netscreen/GuiSvr/car/xdb/data/BlockedIPList, but I do not see how to change it to unblock. Any help with unblocking the IP will be helpful?

Message 1 of 8 (20,416 Views)
 
Reply
Recognized Expert Recognized Expert
Recognized Expert
CB
Posts: 159
Registered: ‎05-09-2008
0

Re: Blocked IP on NSM console

Options

‎06-09-2008 10:20 AM

Hi Ironman,

 

if you are able to access the NSM server using the Gui from anoher system , then you can remove the ip block by using

Tools --> managed blocked hosts.

 

There you can remove the ip block.

 

Kind regards

 

Colin

 

If this worked for you please flag my post as an "Accepted Solution" so others can benefit.
Message 2 of 8 (20,412 Views)
 
Reply
IDPironman
Contributor
IDPironman
Posts: 16
Registered: ‎05-13-2008
0

Re: Blocked IP on NSM console

Options

‎06-09-2008 10:28 AM

Unfortuately that option is not available to me. This happens when trying to log into my Central Manager running NSM 2007.2r2. On the regional servers I can use the tools->block Host option, but this option does not appear in Central manager.
Message 3 of 8 (20,408 Views)
 
Reply
Recognized Expert Recognized Expert
Recognized Expert
CB
Posts: 159
Registered: ‎05-09-2008

Re: Blocked IP on NSM console

Options

‎06-09-2008 10:45 AM

Hi Ironman,

 

o.k.

 

you'll need to go to /usr/netscreen/GuiSvr/utils

run .xdbViewEdit.sh

 

you'll be prompted to open in read only mode

you need to edit, so select no.

 

Then from the menu

 

1. Display all domains with domain-id
    2. Display all category names
    3. Display tuples in a category across all domains
    4. Display tuples in a category for a single domain
    5. View/Edit record by category.doc-id
    6. View/Edit record by domain-id.category.tuple-name
    7. View/Edit record by domain-id.category.tuple-id
    8. View Reference DB
    9. Change DB version (Disabled in RW mode)
    10. Insert a record by domain-id.category
    11. Delete a record by domain-id.category.tuple-id
    12. Quit

    Enter choice number: 4

Enter domain and category name in domain-id.category format: 0.blockedIPList

 

You should get something like

 


Tuples for category blockedIPList
domain-id       object-id
_________       _________
        0               0
("192.168.20.1")

(END)

 

so my blocked ip is listed above, to remove it

 

<esc> : q to get back to the menu

 

then from the menu

 

    11. Delete a record by domain-id.category.tuple-id
    12. Quit

    Enter choice number: 11

Enter tuple-name in format domain-id.category.tuple-id: 0.blockedIPList.0

Deleted tuple 0.blockedIPList.0
Hit ENTER or return to continue...




(my entry was 0 0 for domain and object id)

 

now 12 to exit

 

and it should now be unlocked for your ip again.

 

If there are muliple IP's then take the object id next to the ip you need to unblock.

 

Kind regards

 

Colin

 

 

 

 

 

 

If this worked for you please flag my post as an "Accepted Solution" so others can benefit.
Message 4 of 8 (20,405 Views)
 
Reply
IDPironman
Contributor
IDPironman
Posts: 16
Registered: ‎05-13-2008
0

Re: Blocked IP on NSM console

Options

‎06-09-2008 11:01 AM

Thanks Collin, I had a feeling I would have to go into the database to make this work. However, I have a few questions:

1) This is setup as HA, so will this cause a fail over? If so, what is the best way to go about making this change?

2) Is there a script that I can create or a command that I can run instead of doing the procedure each time an IP is blocked? If so, can you kindly provide the info to do so.

 

Thank you for your help with this

 

Message 5 of 8 (20,399 Views)
 
Reply
Recognized Expert Recognized Expert
Recognized Expert
CB
Posts: 159
Registered: ‎05-09-2008
0

Re: Blocked IP on NSM console

Options

‎06-09-2008 11:06 AM

Hi Ironman,

 

1) if you are in HA, you would be best to stop HA on the backup, then stop  HA on the primary before running through this procedure.

 Your DBwill sync accross to the backup device. Unfortunately i think you'll need to run through this, I haven't tried manipulating files individually, but even if you did, you'd need to get the data loaded back into xdb, which would require a restart. I would use .xdbViewEdit.sh. Alternatively, if you can temporarily change your source ip for the guiClient, you can do this as described in my first response.

 

2) Again, would be best to use an secondary workstation with a different source ip to do this. The reason for this is , you cannot be sure what the object id will be everytime, it depends on if there are multiple ips blocked.

 

Hope it helps

 

Kind regards

 

Colin

If this worked for you please flag my post as an "Accepted Solution" so others can benefit.
Message 6 of 8 (20,394 Views)
 
Reply
IDPironman
Contributor
IDPironman
Posts: 16
Registered: ‎05-13-2008
0

Re: Blocked IP on NSM console

Options

‎06-09-2008 11:52 AM

Worked perfectly, thank you for your help
Message 7 of 8 (20,375 Views)
 
Reply
groshong
Regular Visitor
groshong
Posts: 2
Registered: ‎05-23-2008
0

Re: Blocked IP on NSM console

Options

‎12-01-2008 10:54 AM

If you want to see those options from the GUI make sure that your user ID in NSM is in the predefined 'System Administrator' group and then you will see additional options under tools to unblock the IP
Message 8 of 8 (17,415 Views)
 
Reply
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.