Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[EOL/EOE] [NSM] How to set or unset hardware and software rule searches on high-end ScreenOS devices

0

0

Article ID: KB24156 KB Last Updated: 18 Oct 2020Version: 2.0
Summary:

Note: A product listed in this article has either reached hardware End of Life (EOL) OR software End of Engineering (EOE).  Refer to End of Life Products & Milestones for the EOL, EOE, and End of Support (EOS) dates.


This article provides information on how to set or unset hardware and software rule searches on high-end ScreenOS devices.

Symptoms:
  • Unable to find unset policy swrs in NSM.

  • High end ScreenOS devices, such as ISG 1000, IG 2000, and NS 5000 Series, have the ability to perform policy rule searches via hardware (RMS) or software (SWRS).
Cause:
  • This is not a managed setting in NSM.

  • So, the user will not be able to find a place in NSM to make the configuration change; if required.
Solution:
The only way to manage this setting via NSM is to use the Supplemental CLI. It is recommended that this be accomplished by the use of templates in NSM. This way, the template is the only place, in which the command needs to be managed.
 
  1. Create the template:

    To create the template, perform the following procedure:
     
    1. In the NSM GUI, go to Device Manager> Device Templates, click the + button to create a new template, and select ScreenOS/IDP Template.

    2. The Template window is displayed; type a name for the new template.

    3. Expand Advanced and select Supplemental CLI.

    4. Click the + button to create a new command and set the priority as 0 or 1.

    5. Ensure that the Enable check box is selected.

    6. Set the CLI Content field to unset policy swrs or set policy swrs. Unsetting SWRS, which is the default setting for the devices, enables RMS or hardware rule search.

    7. Click OK.

    8. Apply the template to the required devices.

  2. Update the devices.

  3. After updating the devices, you can edit the template and clear the Enable check box or remove the template from the device. This is done to prevent the command being unnecessarily sent during subsequent updates.

  4. Check if the command is properly set via the device's CLI. As this is an unmanaged command, NSM will not check the status of this configuration option on the devices nor attempt to set or unset it, without the use of the Supplemental CLI.
Modification History:
2020-10-18: Tagged article for EOL/EOE.
 
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search