Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

How to add ScreenOS devices to NSM via NSM auto-discovery

0

0

Article ID: KB22677 KB Last Updated: 27 Jun 2012Version: 1.0
Summary:
This article provides information on how to add a ScreenOS device to NSM via NSM auto-discovery.
Symptoms:
  • NSM can auto-discover devices on the network and add them to the managed device database.

  • Some device preparation is necessary to accomplish this./li>
Note: The Auto-discovery feature requires SSH v2 and SNMP access.

Cause:

Solution:

Setup required on the firewall

SSH:

Enable SSH on the management or source interface, which is used for communication between NSM and firewall and the interface that is used for receiving SNMP requests.

fwjuniper1-> set int <interface-name> manage ssh

<interface-name> is the management interface or the interface being used for communication between NSM and the firewall.

SNMP:

On the firewall, you can enable SNMP V1, SNMP V2c, or SNMP V3. To enable SNMP V1 or SNMPV2c on the firewall, refer the following articles:


When configuring the SNMP community, for the host address, use the IP address of the NSM device.

SNMPV3 is supported from screen OS 6.3 or later:

To enable SNMPV3 on the firewall, refer to KB22675 - Configuration and working of SNMPV3 polling on ScreenOS.

Required setup required NSM:

  1. Ensure that the ScreenOS firewall is reachable from NSM:

    1. Logon to the NSM GUI as a super user.

    2. Go to Configure > Device Manager > Device Discovery Rules:


    3. Configure the Device Discovery Rule:

      For SNMP V1 and V2c:

      The below image is for SNMPV1 communication via a community string. For using SNMPV2C, select SNMP V2C as the SNMP version. The community string configured on the firewall should be the same as the community string setup on the NSM. The SSH username and password is the firewall's root username and password:



      For SNMP V3, the USM username and the encryption/authentication parameters should match those set up on the firewall:


    4. Run Device Discovery:


    5. Import the SSH key:


    6. Discovering the device, connecting to the device, adding the device, and importing the device configuration:



Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search