Management
Showing results for 
Search instead for 
Do you mean 
Reply
Trusted Contributor
Posts: 428
Registered: ‎11-06-2007
0 Kudos

Re: Want some examples why NSM is a piece of junk?

Storm is just Q1's SIEM with a Juniper sticker on it.

 

So I'm assuming you're still running NSM ? I noticed there is a lot I cant do with it when it comes to the managing the hardware.

Super Contributor
Posts: 498
Registered: ‎03-29-2008
0 Kudos

Re: Want some examples why NSM is a piece of junk?

Yes, I am forced to use NSM for the time being and I hate it. Most customers I work with are smaller shops and they need a fully integrated solutions (e.g. containing logging and allowing management of legacy devices).

Twitter: @cryptochrome
--------------------------------
plus.google.com/11635909860
Trusted Contributor
Posts: 428
Registered: ‎11-06-2007
0 Kudos

Re: Want some examples why NSM is a piece of junk?

Still running it ?

Contributor
Posts: 142
Registered: ‎01-14-2009
0 Kudos

Re: Want some examples why NSM is a piece of junk?

I am. It is definitely not the most stable product. We use to be an all Juniper shop. Now we are moving to Cisco switching and Palo Alto firewalls and Splunk for the SIEM. I still like Juniper's SSL VPN/Junos Pulse though, even though you really can't manage it effectively through NSM.

Recognized Expert
Posts: 183
Registered: ‎10-26-2010
0 Kudos

Re: Want some examples why NSM is a piece of junk?

[ Edited ]

This might be old news to someone but for me it was new info. Anyways I've heard that there will never be ScreenOS support on Space after all so this means some of us need to run NSM a little longer if we need a central management.. :-)

Regards,
Tero S
Super Contributor
Posts: 498
Registered: ‎03-29-2008
0 Kudos

Re: Want some examples why NSM is a piece of junk?

ScreenOS support as well as a simple logging module will be coming to
Space. That was confirmed to me by Juniper. ETA end of 2013 or beginning of
2014.
Twitter: @cryptochrome
--------------------------------
plus.google.com/11635909860
Recognized Expert
Posts: 183
Registered: ‎10-26-2010
0 Kudos

Re: Want some examples why NSM is a piece of junk?

Well, I've got my information from Juniper representive aswell and this was very recent. I guess we'll see then who from Juniper knows best..

Regards,
Tero S
Juniper Employee
Posts: 3
Registered: ‎02-02-2012
0 Kudos

Re: Want some examples why NSM is a piece of junk?

I know this thread is quite old, but we did invest significant Engineering effort to stabilize and improve NSM since the last comments on this thread.  

 

In fact, we've had quite positive feedback to the improvements in NSM2012.*

 

I don't want to exagerate- NSM is an old software platform with an out of date heavy client architecture.

 

2012 is better than previous versions, but I would still strongly recommend migrating to Space & Security Director.

 

Alan

Super Contributor
Posts: 498
Registered: ‎03-29-2008
0 Kudos

Re: Want some examples why NSM is a piece of junk?

Migrate to Space? Yeah, nice option if you are Junos based. What Juniper
tends to forget these days is the enormously large install base of "legacy"
ScreenOS devices (that are still being sold with recently updated EOL dates
2018). There is no support in Space for ScreenOS. Even though there was
once through a plugin. Also, Space has no built in logging. Again, Juniper
forgetting about it's smaller to medium sized customers who can not or
don't want to invest in a separate logging solution (conviniently sold by
Juniper). Juniper should just get rid of their firewall business
altogether. They failed. Anyone looking for a good firewall? Check out Palo
Alto Networks.
Twitter: @cryptochrome
--------------------------------
plus.google.com/11635909860
Trusted Contributor
Posts: 428
Registered: ‎11-06-2007
0 Kudos

Re: Want some examples why NSM is a piece of junk?

This is still my favorite thread.

 

I have both Juniper and Palo Alto. Now, I am still managing My SRXs with NSM because of the very reason you stated, no logging. That being said, if your gripe is bad management tools, Palo Alto is worse, much worse. Their Panorama Central Console product is a joke and their GUI is a disaster. Every feature on the PA besides dynamic threat detection and basic firewalling is junk. (URL Filtering, Reporting, DLP, etc, etc)

 

Next time around Im going back to Checkpoint for my 2nd layer firewall. I still prefer Juniper as my primary. They are fast, cheap and reliable, even if there is no good management option with logging. And I mean, I am totally with you on the lack of logging. It should be there.

 

Jickfoo

 

Super Contributor
Posts: 498
Registered: ‎03-29-2008
0 Kudos

Re: Want some examples why NSM is a piece of junk?

Whatever other Firewalls are better or worse, one fact remains and does so
even today, years (!) after opening this thread: NSM is a piece of junk and
a shame for Juniper.
Twitter: @cryptochrome
--------------------------------
plus.google.com/11635909860
Trusted Contributor
Posts: 428
Registered: ‎11-06-2007
0 Kudos

Re: Want some examples why NSM is a piece of junk?

Just a heads up and many of you already know this but..

 

Junos Space Platform 13.3r1.8 in concert with Security Directory 13.3rx.x (yet to be named and to be released in lat May early June), will have limited logging added back in (again).

 

So, this could be the death of NSM ??? Or at least the death of the need for NSM ?  I am preparing and am optimistic.

 

There will be funeral services for NSM followed by an after party at McSorelys in NYC.

 

Justin

Super Contributor
Posts: 498
Registered: ‎03-29-2008
0 Kudos

Re: Want some examples why NSM is a piece of junk?

not unless they add support for ScreenOS devices.
Twitter: @cryptochrome
--------------------------------
plus.google.com/11635909860
Trusted Contributor
Posts: 428
Registered: ‎11-06-2007
0 Kudos

Re: Want some examples why NSM is a piece of junk?

Bah ! You are right. I'm lucky enough to now be at a company that has no Screen OS.

 

 

Regular Visitor
Posts: 4
Registered: ‎02-14-2011
0 Kudos

Re: Want some examples why NSM is a piece of junk?

I totally concur. NSM is just an absolute pain in the proverbial to work on and troubleshoot. I won't mourn its passing.

Super Contributor
Posts: 498
Registered: ‎03-29-2008
0 Kudos

Re: Want some examples why NSM is a piece of junk?

it should have been killed years ago and everyone at Juniper involved with
it fired.
Twitter: @cryptochrome
--------------------------------
plus.google.com/11635909860
Trusted Contributor
Posts: 123
Registered: ‎11-27-2010
0 Kudos

Re: Want some examples why NSM is a piece of junk?

Hi Jickfoo,

 

are you sure about the release of Security Directore 13.3 (late May early June)?

The latest statement i did receive from our SE (2 weeks ago) was that it should arrive at the end of april / may.

 

Thank you in advance

Best Regards

NULL

Trusted Contributor
Posts: 428
Registered: ‎11-06-2007
0 Kudos

Re: Want some examples why NSM is a piece of junk?

It's out now. I loaded the newest Network Director, Security Director, Log Director, and the Log VM. I think I did it all right. I cant figure out how to get the devices to start logging though. Do I just set them to syslog to the IP of the Log VM ? The doc isnt really clear on that point. Or maybe Im just dense.

 

 

Trusted Contributor
Posts: 123
Registered: ‎11-27-2010
0 Kudos

Re: Want some examples why NSM is a piece of junk?

Hi Jickfoo,

 

indeed you'll have to set syslog destination to the indicated Log VM.

With the now latest release 13.3 of security director you can do this from:

Device-Management->Device -> Edit Device condiguration (now you can set it in a way more easier way then in previous version routing/interface/zone/syslog configuration)

 

Hope this helps you.

 

Best Regards

NULL

Trusted Contributor
Posts: 428
Registered: ‎11-06-2007
0 Kudos

Re: Want some examples why NSM is a piece of junk?

I'm officially done with NSM. I cannot do another firewall import losing all my groupings and policy descriptions without losing my mind. Also I believe its causing my firewalls to run at 100% CPU.

 

[ runs screaming with flaming sword in hand into the land of Junos Space and log director ]