Tuesday, September 22, 2015

Junos Space Security Director - Part III

The third part of this guide demonstrates how to import an SRX series firewall into Junos Space (version 14.1R3.4). It assumes that Junos Space, Security Director, and a Log Collector are already deployed and operational. For steps on how to install Junos Space components, start here.
  1. In Security Director, navigate to Devices and select Click here to Discover Devices.
  2. Follow the prompts to add a device target. In this example, we will add the SRX via its IP address.
  3. Continue to follow the prompts to add options like ping, SNMP, and SSH as methods to discover the device.
  4. Select Discover. Upon completion a status page will be displayed showing success.

  5. Navigate to Security Director Devices to verify configuration/connection status, and the schema version in use.
    1. If the schema version is out of date:
    2. Navigate to Network Management Platform -> Administration -> DMI Schemas -> Update Schema
    3. Select SVN Repository and then Configure
    4. Enter https://xml.juniper.net/dmi/repository/trunk/ for SVN URL
    5. Enter your Juniper Networks support credentials
    6. Test the connection and then save
    7. For Device Family select junos-es
    8. Click Connect
    9. Select the Junos version that matches the version installed on the SRX and click Install
    10. Once installed, navigate back to Network Management Platform -> Administration -> DMI Schemas, select the OS version recently installed and then under actions select Set as Default Scheme
    11. Navigate back to Security Director -> Security Director Devices to verify that the correct schema version is showing
  6. Right-click the device and select Import
  7. Select the policies to import (in this case we would import both NAT and Firewall policies, and click Next
  8. A summary will be shown listing the configuration elements to be imported. Click Finish.
  9. A summary will be shown listing the configuration elements that were imported. Click Close.
  10. Navigate to NAT Policies, right-click on the SRX host name and select Assign Devices
  11. Select the SRX host name and then select Modify
  12. In NAT Policies, right-click the on the SRX host name and select Publish NAT Policy
  13. Click Publish and then verify that it was successful
  14. Navigate to Firewall Policies, right-click on the SRX host name and select  Assign Devices
  15. Select the SRX host name and then select Modify 
  16. In Firewall Policies, right-click the on the SRX host name and select Publish Policy
  17. Click Publish and then verify that it was successful
  18.  To test things out, navigate to Firewall Policies, click on the SRX, and then click on the green lock to edit.
  19. Modify or create a policy (in my case, I changed an existing policy's action from permit to deny)
  20. Click Save and the right-click the SRX and select Publish
  21. Click on Publish and Update
  22. Verify that the update was successful by viewing the job status and/or doing a show | compare  from operational mode in the CLI 
  23. Don't forget to revert your change after testing is complete :)
The next post will show you how to configure logging for security policies.

Wednesday, September 2, 2015

Junos Space Security Director - Part II

The second part of this guide demonstrates how to add the Log Collector subsystem to Junos Space (version 14.1R3.4). It assumes that Junos Space and Security Director are already deployed and operational. For steps on deploying Junos Space and Security Director, see this post.

  1. Download the Log Collector OVA image from the Juniper Networks support site.
  2. Install the Log Collector image in your virtual environment. Refer to this Juniper document for details on how to size things.
  3. Upon starting the VM, enter the following credentials:
    1. root
    2. juniper123
  4. Change the password.
  5. Follow the prompts to configure the following settings:
    1. Configure IP address
      1. eth0 pulls a dynamic address, which you can change to a static (i.e. 10.10.10.6)
      2. eth1 is statically set by default. You can leave this alone.
    2. Configure time zone
    3. Configure name server settings
    4. Configure ntp settings
    5. Quit
  6. In Junos Space, navigate to Administration -> Fabric, and select the green button to add a fabric node.
  7. Name the node, type the IP of the collector, check the Add as a specialized node option, and enter the login credentials. 
  8. Check the job status under Jobs -> Job Management
  9. Once complete, log out and then log in again.
The next post will show you how to import and manage an SRX series firewall, and begin logging traffic.

Tuesday, September 1, 2015

Junos Space Security Director - Part I

The first part of this guide demonstrates the initial deployment of Junos Space and Security Director (version 14.1R3.4) in a virtual environment.
  1. Download the Junos Space (OVA) and Security Director (IMG) images from the Juniper Networks support site.
  2. Install the Junos Space image in your virtual environment. Refer to this Juniper page for details on how to size things. 
  3. Upon starting the VM, enter the default credentials:
    1. admin
    2. abc123
  4. Change the password.
  5. Select "S" to install Space.
  6. Configure the interface for eth0 to be used for management access (i.e. 10.10.10.5)
  7. Configure the interface for the GUI (i.e. 10.10.10.100)
  8. Junos Space will then be deployed, with the GUI showing the following:
  9. Upon completion, enter the following credentials:
    1. super
    2. juniper123
  10. Change the password.
  11. Login using the new password.
  12. Navigate to Administration -> Applications to add an application (green button).
  13. Upload the Security Director image via HTTP.
  14. Select the Security Director image that was previously uploaded and click Install, then OK.
    • Note - If you navigate away from the upload page, you will have to navigate back to Administration -> Applications and click the green button again to see the uploaded application.
  15. Navigate to Jobs -> Job Management to check the status of the install.
  16. Once complete, log out and then log back in, and then navigate to Administration -> Applications to look at what was installed.
The next post will show how to add the Log Collector subsystem to Junos Space.