Security

last person joined: yesterday 

Ask questions and share experiences with Juniper Connected Security. Discuss Advanced Threat Protection, SecIntel, Secure Analytics, Secure Connect, Security Director, and all things related to Juniper security technologies.

  • 1.  JunOS Space Security Director doesnt sync changes

    Posted 03-07-2016 03:56

    Hi,

     

    I'm trying hard to move over from NSM to Space. Running the latest versions of both Space and SD.

    Some things has been very nice, such as export and import of policys with comments from NSM.

    Other things such as some devices is imported incorrectly isnt one of the good things.

     

    One of the major issue right here and now is that devices is shown as "in sync" in both Space and SD.

    But after I made CLI changes, SD insists on commitin the old changes as well. The changes on this device is related with VPN profiles.

    Under Security Director Devices, "Update configuration in platform" shows nothing to update.

    But under Devices->Device Management. Choosing Device Configuraiton->Review Deploy, it shows the big difference that exists and states:

    Generated configuration change form Security Director Configuration (3 items)

    <config, set and delete...>

     

     

    When making any changes to a policy or VPN a big splash shows

     

    "Warning - Some of the selected devices have theur status as Device changed" and some may have consolidated configuration in 'created' or 'approved' states. Device update may cause conflict with consolidated configuration changes. Do you want to coninute with Publish and update?"

     

    Under SD and Security Director Devices, the option "import device changes" is grayed out. And the device is "in sync".

     

    One way is to delete the device, but that shouldnt be the right way to do this.

     

    I have similar issues with a branch device that has secure features enabled that requires reboot when adding or deleting. So not to fun to do it because of Space/SD is causing some kind of hickup. And I wont be able to go to 15.2 when it arrives since Juniper has removed support for some of their security products (hard to believe but it's true).

     

    Anyone with similar experience?

     

    //Rob



  • 2.  RE: JunOS Space Security Director doesnt sync changes
    Best Answer

    Posted 04-04-2016 01:52

    I reinstalled Space and it solved a lot of the issues.

    JTAC recommended to export and import the database to solve the issues...

     

    But there is still a lot of issues after updating the device it seems that space and SD comes out of sync. SD wants to commit it again and it fails etc.

    Workaround requires: manual sync of the device under device management (sync with network). Then Update under Security Director Devices. Then it seems to be in sync again.

     

    There is also drawbacks found with Spotlight security concept. The assoc. procedure requires reboot of both nodes at the same time when using branch. Well not impressive but anyway... if you need to reinstall space or anything similar, space will then need to assocc again = new total downtime.

     

    Why doesnt juniper make a check in space, "if the settings is there, proceed"... and do not require reboot when removing the device from space.

     

    Juniper needs some assistance? 😃