Security

last person joined: 6 days ago 

Ask questions and share experiences with Juniper Connected Security. Discuss Advanced Threat Protection, SecIntel, Secure Analytics, Secure Connect, Security Director, and all things related to Juniper security technologies.

  • 1.  Need help in adding SSG550 to NSM.

    Posted 09-18-2011 22:27

    Hello Everyone,

     

    We have recently deployed NSM in our existing Juniper security network and would like to add our already configured SSG550 firewalls to NSM.

    I came across some documents here on how to add SSG150 but would still need to double check. Appreciate if someone can point me to the correct link for meeting my requirements.

     

    Regards

     



  • 2.  RE: Need help in adding SSG550 to NSM.

    Posted 09-19-2011 15:12

    That's just a basic import procedure.

     

    The NSM documentation (click on the link for the appropriate version of NSM you're running) has a section specifically for ScreenOS devices, and will cover importing the SSG into NSM.



  • 3.  RE: Need help in adding SSG550 to NSM.

    Posted 09-26-2011 07:07

    Thanks Keith for the reply, I had a query related to adding devices in a cluster. We have a cluster for redundancy, however the client does not remember the IP details for the secondary firewalls. Is it ok to add the primary device now as a cluster member within a cluster object and then add the backup firewall once we get the details? I hope this would not create any sync issues?

     

    Regards



  • 4.  RE: Need help in adding SSG550 to NSM.

    Posted 09-26-2011 12:24

    You can create the cluster object, and then add the primary via "New -> Cluster Member".  Add the secondary the same way, just select "Model Device" for the secondary object.

     

    When you get the IP of the secondary, you can then go in an activate the secondary object.

     

    Take a good backup of your SSG configs on both devices before doing this.  NSM, to this day, loves to wreak random havoc on devices, especially clusters.  Better safe than sorry.



  • 5.  RE: Need help in adding SSG550 to NSM.

    Posted 09-26-2011 22:38

    After going through this forum, I am really skeptical as to whether I should be even using it. Coming back to my question, why do I need to add the secondary device as a "model" This option is required if we are deploying a new device with no configuration. Just for your information the secondary device is already configured and existing on the network, only that for now we dont know the IP. The IP and access to the secondary device can be obtained at a later date.

     

    Regards



  • 6.  RE: Need help in adding SSG550 to NSM.
    Best Answer

    Posted 09-27-2011 10:00

    As your cluster already exists, it would be fine to just add the primary to the cluster and add the secondary as a cluster member later. You will still be able to use NSM to manage the cluster and specfic member settings on the primary.

     

    When you are ready to add the secondary as a cluster member, make sure first that your cluster is in sync at the command line and also in NSM (clean delta). Sometimes when you add a secondary it will incorrectly update some of the NSM cluster settings for you. To resolve, just correct any NSM settings by running a new delta and making changes in NSM only. This shouldn't take very long but don't do your first update until the cluster is in sync and the deltas are clean.



  • 7.  RE: Need help in adding SSG550 to NSM.

    Posted 11-30-2011 01:32

    Hi Mark,

     

    Sorry for replying in so late,  I have added the Primary firewall as a cluster member and will be importing the backup firewall soon. I recall that you had mentioned to run the clean delta option after adding the backup firewall. What does the clean delta option do? and why is it required?

    I tried to search this feature on the NSM guide but couldnt quite comprehend.

     

    Regards