Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[Junos Space] Disabling communication when Junos Space platform initiates a session with subnet range 128.0.0.0/8

0

0

Article ID: KB33971 KB Last Updated: 25 Mar 2019Version: 1.0
Summary:

After discovering a device in Junos Space, if network monitoring is enabled, Junos Space sends an ICMP packet and TCP packets to multiple destinations in the subnet 128.0.0.0/8.

This article covers the procedure to disable communication from â€‹subnet range 128.0.0.0/8, which can be used in Junos OS version 18.2 and later.

 

Solution:

To disable communication from subnet range 128.0.0.0/8, perform the following steps:

  1. Take a backup of the /opt/opennms/etc/foreign-sources/space.xml file by using the following command: scp /opt/opennms/etc/foreign-sources/space.xml /opt/opennms/etc/foreign-sources/space.xml_original.
  2. Edit the /opt/opennms/etc/foreign-sources/space.xml file and include all the IP addresses that must be blocked in the parameter key section, as indicated below:

/opt/opennms/etc/foreign-sources/space.xml
<foreign-source xmlns="http://xmlns.opennms.org/xsd/config/foreign-source" name="space" date-stamp="2019-01-02T16:28:08.980Z">
   <scan-interval>1d</scan-interval>
   <detectors>
      <detector name="DNS" class="org.opennms.netmgt.provision.detector.datagram.DnsDetector"/>
      <detector name="FTP" class="org.opennms.netmgt.provision.detector.simple.FtpDetector"/>
      <detector name="HTTP" class="org.opennms.netmgt.provision.detector.simple.HttpDetector"/>
      <detector name="HTTPS" class="org.opennms.netmgt.provision.detector.simple.HttpsDetector"/>
      <detector name="ICMP" class="org.opennms.netmgt.provision.detector.icmp.IcmpDetector"/>
      <detector name="IMAP" class="org.opennms.netmgt.provision.detector.simple.ImapDetector"/>
      <detector name="LDAP" class="org.opennms.netmgt.provision.detector.simple.LdapDetector"/>
      <detector name="NRPE" class="org.opennms.netmgt.provision.detector.simple.NrpeDetector"/>
      <detector name="POP3" class="org.opennms.netmgt.provision.detector.simple.Pop3Detector"/>
      <detector name="SMTP" class="org.opennms.netmgt.provision.detector.simple.SmtpDetector"/>
      <detector name="SNMP" class="org.opennms.netmgt.provision.detector.snmp.SnmpDetector"/>
      <detector name="SSH" class="org.opennms.netmgt.provision.detector.ssh.SshDetector"/>
   </detectors>
   <policies>
      <policy name="reject1" class="org.opennms.netmgt.provision.persist.policies.MatchingIpInterfacePolicy">
         <parameter key="action" value="DO_NOT_PERSIST"/>
         <parameter key="matchBehavior" value="ALL_PARAMETERS"/>
         <parameter key="ipAddress" value="128.0.0.1"/>
         <parameter key="ipAddress" value="128.0.0.4"/>
         <parameter key="ipAddress" value="128.0.0.6"/>
         <parameter key="ipAddress" value="128.0.1.16"/>
      </policy>
   </policies>
</foreign-source>
space.xml (END) 
  1. Save the file.

  2. On the Junos Space UI, navigate to: Network Monitoring > Administration > Manage Interfaces and Services. Uncheck all 128.0.0.x IP addresses.

If you have several devices, use your web browser to search for 128.0 and make sure that all occurrences are unchecked.

Click Apply. (You may want to navigate away and return to this page to confirm that the changes saved successfully.)

  1. Perform the following procedure:
    1. Execute the following: vi /var/www/cgi-bin/secure/opennmsUpdateDeviceList.

    2. Set the line number in the vi editor and check line number 134 before the update (line number is correct for Junos OS releases 17.2, 18.2, and 18.4 although it may vary for other versions):

      133  if ($action eq "InitDeviceList" || $action eq "ChangeDevice" ) {
      134         $err = NmaUtil::execAndLog1("$sync_all", '1', ">/dev/null");
      135     }
    3. Modify line number 134 from "$sync_all" to "$sync_new. The modified version is as follows:

      133  if ($action eq "InitDeviceList" || $action eq "ChangeDevice" ) {
      134         $err = NmaUtil::execAndLog1("$sync_new", '1', ">/dev/null");
      135     }
    4. Save the changes.

  2. After the changes are made, Junos Space should not be communicating with subnet range 128.0.0.0/8. If you still see the issue, open a Technical Service Request with the Junos Space team for assistance.

Note: This modification may not persist though upgrades, and may need to be applied again.

 

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search