Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[EOL/EOE] Can't import device in NSM; stuck in Pending state.

0

0
Article ID: KB12367 KB Last Updated: 18 Oct 2020Version: 4.0 Summary:
Note: A product listed in this article has either reached hardware End of Life (EOL) OR software End of Engineering (EOE).  Refer to End of Life Products & Milestones for the EOL, EOE, and End of Support (EOS) dates.
Can't import device in NSM; stuck in Pending state.
Symptoms:
  • When importing the config of the device, the window reported 'Pending' and doesn't complete
  • Able to add a device located out on the Internet
  • Can't import
Solution:
On the Device server, go to /usr/netscreen/DevSvr/var/errorLog  directory and view the deviceDaemon.0 log.  Check to see if any errors are reported in the log.

If the log is reporting that the remote firewall does not have the correct SPI number, reset the firewall's SSH parameters.  On NSM, delete and re-add the device.  Once the device has been added, import the configuration again.


If issue is not resolved by above instructions, follow the instructions below :

Open the NSM GUI to add the device to NSM again, but instead of selecting "Device Is Reachable", select "Device Is Not Reachable" and click Next.

Select Device type

If unknown, log into the Firewall via SSH or console and type "get sys" to display device information.

Select Managed OS version, then click Next.

If unknown, log into the firewall via SSH or console and type "get sys" to display device information.

Where it says "First Connection One-Time-Password," click "Set Password."  This is a temporary password used for initial connection, not the device password.  It must be at least 9 characters long, but not exceed 40 characters.

Click on "Show Device Commands"  and copy all the commands into the command line (either SSH or Console) of the Firewall Device.

To verify that a connection is made, click on the "Security Device List" and check under "Conn. Status."  Once it is connected, it will say "Import Needed" and you can import the device and start managing it through NSM.

If you still can't import the device check the iptables on the NSM server and SELINUX.
  1. Stop iptables by running the following command:
         service iptables stop
  2. Go to /etc/selinux and vi the config file
  3. Then, set SELINUX=disabled
  4. Save the file :wq
  5. Try re-importing the device again.


Continued trouble indicates a communication issue between the Juniper Firewall and NSM Server.  Verify a "PING" works between the NSM Server and Juniper Firewall; checking that no devices are blocking communication between the devices.
Modification History:
2020-10-18: Tagged article for EOL/EOE.
 
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search