Security

last person joined: yesterday 

Ask questions and share experiences with Juniper Connected Security. Discuss Advanced Threat Protection, SecIntel, Secure Analytics, Secure Connect, Security Director, and all things related to Juniper security technologies.

  • 1.  Device-initiated DMI connections and Space-initiated DMI connections on the same Space platform

    Posted 02-08-2017 04:29

    Hi,

     

    I know I can choose to use space-initiated DMI connections (default) or device-initiated DMI connections - by setting it on the system level ("Junos Space initiates connection to device" checbox in Network Management Platform application settings).

     

    The question is - can I use BOTH types in the same system in the same time - just for different devices?

    Maybe i can set space-initiated as a default and manually configure some devices to do device-initiated connections (or the other way around)... Is this feasible?

     

    Regards,

    Pawel Mazurkiewicz

     

     

     



  • 2.  RE: Device-initiated DMI connections and Space-initiated DMI connections on the same Space platform
    Best Answer

     
    Posted 02-08-2017 04:54

    Hi Pawel,

     

    I have quickly checked in my lab and it works.

    Previously I was having space initiated connection and multiple managed devices.

    Now I changed to Device Initiated connection.

    Dicovered the device.

    Changed back to Space initiated and it is still working.

     

    In order device to communicate to space we just need below configuration at device:

     

    set system services outbound-ssh client 00111D0CEFAC device-id 7CE5FE
    set system services outbound-ssh client 00111D0CEFAC secret "$9$XAqxVw24aJUjqm5z36AtWLXNwY"
    set system services outbound-ssh client 00111D0CEFAC services netconf
    set system services outbound-ssh client 00111D0CEFAC <Space_IP> port 7804

     

    And order to  do Auto-resync, we need below config at device end:

     

    set system syslog file default-log-messages match "(requested 'commit' operation)|(
         copying configuration to juniper.save)|ifAdminStatus|(FRU power)|(FRU removal)|
         (FRU insertion)|(link UP)|(vc add)|(vc delete)|transitioned|Transferred|
         transfer-file|QFABRIC_NETWORK_NODE_GROUP| QFABRIC_SERVER_NODE_GROUP|QFABRIC_NODE|
         (license add)|(license delete)|GRES"
    set system syslog file default-log-messages structured-data

     

    So, it should work fine without an issue.

     

    --PL

     

    If this worked for you please flag my post as an "Accepted Solution" so others can benefit.



  • 3.  RE: Device-initiated DMI connections and Space-initiated DMI connections on the same Space platform

    Posted 02-09-2017 03:25

    You are great! Thank you!

     

    I am wondering - would it be possible to add the device in the device-initiated mode without changing the global settings? Maybe I can discover it in space-initiated mode, and then ("maually") change the device configuration? But how to learn proper device-id and secret to use? What do you think?

     

    Regards,

    Pawel



  • 4.  RE: Device-initiated DMI connections and Space-initiated DMI connections on the same Space platform

     
    Posted 02-09-2017 03:32

    Hi Pawel,

     

    You need to change manually from space initiated to device initiated and then discover the device, once the device is discovered you can change it back to default i.e. space initiated.

     

    PL