Juniper Networks NSM

End of Support Notice: The following devices will be deprecated and no longer supported, beginning with the May 2025 release. Juniper ScreenOS, Juniper ScreenOS VSYS, Juniper SA, and Juniper NSM.

To use a Juniper Networks NSM management station, complete the following steps.

Step 1: Configure the Device

FireMon strives to provide up-to-date product information, however we are not always aware when vendors change their device UI. If any Configure the Device procedure differs from your device version (UI location of fields, not information needed), please consult your device's user guide.

  1. Enable Syslog Messages on your NetScreen device:
    1. In your NetScreen Administration Tool, go to Configuration > Report Settings > Syslog.
    2. Enable Syslog messages by selecting the Enable Syslog Messages check box.
    3. Select the Source Interface that will communicate with the Security Manager Data Collector. On your system, this interface might be named “management” or something similar.
    4. In the IP/Hostname field of the Syslog servers section, enter the IP Address of the Data Collector.
    5. In the Port field, enter 514.
    6. In the Security Facility and Facility drop-down lists, select the option that enables the data collector to collect all Syslog messages.
    7. Select the Event Log check box, enabling Security Manager to retrieve configurations.
    8. Select the Traffic Log check box, enabling Security Manager to collect rule usage data.
    9. Select the Enable check box for the Data Collector Syslog server.
    10. Click Apply.
  2. Create a read-only administrator account for the data collector.
    1. In the NSM web UI, go to the Administrator tab and click the Add icon.
    2. The New Admin dialog box opens.
    3. In the General tab, enter a name for the data collector.
    4. In the Authorization tab, enter authentication information for the data collector.

Step 2: Onboard the Device in the Administration Module

  1. On the toolbar, click Device > Management Stations.
  2. Click Create, and then click Juniper Networks > NSM.
  1. General Properties section.
  1. In the Name box, type the name of the device as you want to see it in SIP.
  2. In the Description box, type an optional description of the device being added.
  3. In the Management IP Address box, type the IP address of the device.
  4. In the Data Collector Group box, select the IP address of the data collector group that will collect data from this device.
  5. In the Central Syslog Server box, select the syslog server from the list (optional).

Syslog fields are optional if the device uses the same IP for syslog and management.
A central syslog server is required only if syslog messages come from a different IP. A central syslog server must be created before it can be assigned to a device. To track usage via syslog, the device must support Level 3+.

  1. In the Syslog Match Names box, type the syslog match names (optional). You can enter multiple names separated by a comma.
  2. By default, the Automatically Retrieve Configuration check box is selected.
  3. In the External ID box, type a unique identifier to be used when the device identifier is different than what is displayed in SIP.
  1. For Collection Configuration, enable Update Rule Documentation on Member Devices to allow Rule Documentation fields on member devices to inherit a value from the management station. Any management stations Rule Documentation field updates will override updates on the member device. A rule marked to be removed will not be updated.
  1. Device Settings section.
  • By default, the Port used is 8443.
  • For MSSPs, in the Domainbox, type the name for the 'global' domain.
  • In the User Name box, type the user name used for the read-only administrator account.
  • In the Password box, type the password used for the read-only administrator account.
  • In the Re-enter Password box, retype the password entered above.
  1. Retrieval section.
    • Select the Enable Deprecated Ciphers and Algorithms check box to allow the use of weak SSH keys to extend the OpenSSH options with deprecated ciphers and algorithms for devices that cannot update the OS to a supported OpenSSH version.
  2. Click Save.
    Devices being managed will be listed in the Discovered Devices section.