Note: A product listed in this article has either reached hardware End of Life (EOL) OR software End of Engineering (EOE). Refer to
End of Life Products & Milestones for the EOL, EOE, and End of Support (EOS) dates.
Can't import device in NSM; stuck in Pending state.
On the Device server, go to
/usr/netscreen/DevSvr/var/errorLog
directory and view the
deviceDaemon.0 log
. Check to see if any errors are reported in the log.
If the log is reporting that the remote firewall does not have the correct SPI number, reset the firewall's SSH parameters. On NSM, delete and re-add the device. Once the device has been added, import the configuration again.
If issue is not resolved by above instructions, follow the instructions below :

Open the NSM GUI to add the device to NSM again, but instead of selecting "Device Is Reachable", select "
Device Is Not Reachable" and click
Next.

Select
Device type.

If unknown, log into the Firewall via SSH or console and type "get sys" to display device information.

Select
Managed OS version, then click
Next.

If unknown, log into the firewall via SSH or console and type "get sys" to display device information.

Where it says "First Connection One-Time-Password," click "
Set Password." This is a temporary password used for initial connection, not the device password. It must be at least 9 characters long, but not exceed 40 characters.

Click on "
Show Device Commands" and copy all the commands into the command line (either SSH or Console) of the Firewall Device.

To verify that a connection is made, click on the "Security Device List" and check under "Conn. Status." Once it is connected, it will say "Import Needed" and you can import the device and start managing it through NSM.

If you still can't import the device check the iptables on the NSM server and SELINUX.
- Stop iptables by running the following command:
service iptables stop
- Go to
/etc/selinux
and vi the config file
- Then, set
SELINUX=disabled
- Save the file
:wq
- Try re-importing the device again.

Continued trouble indicates a communication issue between the Juniper Firewall and NSM Server. Verify a "PING" works between the NSM Server and Juniper Firewall; checking that no devices are blocking communication between the devices.
2020-10-18: Tagged article for EOL/EOE.