Juniper JSA3800 User guide

JSA3800
Juniper
Brand
Juniper
Model
JSA3800
Type
User guide

This manual is also suitable for

The Juniper JSA3800 is a high-performance security appliance that combines advanced threat detection and prevention capabilities with comprehensive network security features. It utilizes machine learning and artificial intelligence to deliver real-time threat detection and automated incident response. The JSA3800 provides visibility and control across your entire network, including encrypted traffic, and offers a range of security features such as stateful firewall, intrusion prevention system (IPS), advanced malware protection, and unified threat management.

The Juniper JSA3800 is a high-performance security appliance that combines advanced threat detection and prevention capabilities with comprehensive network security features. It utilizes machine learning and artificial intelligence to deliver real-time threat detection and automated incident response. The JSA3800 provides visibility and control across your entire network, including encrypted traffic, and offers a range of security features such as stateful firewall, intrusion prevention system (IPS), advanced malware protection, and unified threat management.

Juniper Secure Analycs Risk Manager:
Adobe Flash End of Life and Changes to
Conguraon Source Management (CSM)
Published
2021-05-24
RELEASE
7.4.2
Juniper Networks, Inc.
1133 Innovaon Way
Sunnyvale, California 94089
USA
408-745-2000
www.juniper.net
Juniper Networks, the Juniper Networks logo, Juniper, and Junos are registered trademarks of Juniper Networks, Inc.
in the United States and other countries. All other trademarks, service marks, registered marks, or registered service
marks are the property of their respecve owners.
Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right
to change, modify, transfer, or otherwise revise this publicaon without noce.
Juniper Secure Analycs Risk Manager: Adobe Flash End of Life and Changes to Conguraon Source Management
(CSM)
7.4.2
Copyright © 2021 Juniper Networks, Inc. All rights reserved.
The informaon in this document is current as of the date on the tle page.
YEAR 2000 NOTICE
Juniper Networks hardware and soware products are Year 2000 compliant. Junos OS has no known me-related
limitaons through the year 2038. However, the NTP applicaon is known to have some diculty in the year 2036.
END USER LICENSE AGREEMENT
The Juniper Networks product that is the subject of this technical documentaon consists of (or is intended for use
with) Juniper Networks soware. Use of such soware is subject to the terms and condions of the End User License
Agreement ("EULA") posted at hps://support.juniper.net/support/eula/. By downloading, installing or using such
soware, you agree to the terms and condions of that EULA.
ii
Table of Contents
About This Guide | iv
1
Adobe Flash End of Life and Changes to Conguraon Source
Management (CSM)
Adobe Flash End of Life and Changes to Conguraon Source Management (CSM) | 2
Schedules and Device Backups | 4
Device Discovery | 7
Credenals | 8
Conguring Protocols | 9
iii
About This Guide
Use this guide to understand how you can manage your device conguraons aer 31 December 2020
due to Adobe Flash end of life (EOL) issues.
iv
1
CHAPTER
Adobe Flash End of Life and Changes
to Conguraon Source Management
(CSM)
Adobe Flash End of Life and Changes to Conguraon Source Management
(CSM) | 2
Schedules and Device Backups | 4
Device Discovery | 7
Credenals | 8
Conguring Protocols | 9
Adobe Flash End of Life and Changes to
Conguraon Source Management (CSM)
IN THIS SECTION
Product Versions | 2
How to Idenfy the Issue | 3
Locang the Conguraon Monitor | 3
Administrators with JSA Risk Manager appliances in their deployment are being alerted to changes in
Conguraon Source Manager due to the approaching end of life of Adobe Flash. Due to removal of
Adobe Flash, the Conguraon Source Management (CSM) funconality is integrated in to the
Conguraon Monitor. The updated Conguraon Monitor interface is available to administrators who
upgrade their JSA deployment in upcoming x pack releases.
JSA Risk Manager administrators are being alerted to an upcoming user interface change to the
Conguraon Source Management (CSM) component. Due to the End of Life (EOL) announcement for
Adobe Flash, JSA Risk Manager has deprecated the default Conguraon Source Management interface
and integrated device backup and conguraon funconality in to the Conguraon Monitor. The
Conguraon Monitor interface includes the same device backup funconality, but was developed
without Adobe Flash to ensure that administrators can comply with Adobe's 31 December 2020 end of
life announcement. Administrators who are in corporate environments who are required to remove
Adobe Flash can discuss upgrades to a JSA release that includes the updates to the Conguraon
Monitor. All created schedules (Scheduled Discovery, jobs) are automacally moved from the legacy
Admin tab Conguraon Source Management interface to the Conguraon Monitor on the Risks tab
aer you upgrade.
Product Versions
The following releases integrate scheduling and device conguraons on the Risks tab in to the
Conguraon Monitor:
JSA 7.4.1 x pack 1 and later
JSA 7.3.3 x pack 5 and later
2
How to Idenfy the Issue
A noce is displayed in the Conguraon Source Management component to advise administrators that
the Conguraon Source Management is deprecated. Administrators who see this informaon message
can upgrade to a JSA release that includes the Conguraon Monitor to avoid interrupons with device
conguraons aer 31 December 2020 due to Adobe Flash end of life (EOL) issues.
Figure 1: Legacy Conguraon Source Management User Interface for Adobe Flash.
Figure 2: Browsers Which Block Adobe Flash by Default do not Display the Conguraon Source
Management User Interface.
Locang the Conguraon Monitor
JSA 7.4.1 x pack 1 and JSA 7.3.3 x pack 5 updates move the funconality of discovery, backups,
credenals and scheduled to the Risks tab. Administrators can use the Conguraon Monitor to make
changes to their devices aer an upgrade to the JSA deployment. The funconality between
3
Conguraon Source Manager and the Conguraon Monitor is idencal and the Conguraon Monitor
does not include dependencies on Adobe Flash.
1. Log in to JSA.
2. Click the Risks tab.
3. In the Risk Manager pane, click Conguraon Monitor.
Figure 3: Locaon of the Conguraon Monitor on the Risks Tab.
4. Use the Conguraon Monitor to manage your devices.
Schedules and Device Backups
Schedules Conguraon for JSA Risk Manager allows administrators to dene backup jobs or device
discovery in the Conguraon Monitor. Schedules are now setup using the Conguraon Monitor.
Devices can be added to the schedule and a trigger denes the me and recurrence for the backup or
4
device discovery, which can occur either once, daily, weekly, monthly, or dened as a cron job
expression.
Figure 4: Schedules are Now Dened in the Conguraon Monitor for the Risk Manager Versions
Dened in this Technical Note.
1. Click the Risks tab.
2. Expand the Conguraon Monitor and select Schedules.
3. On the Scheduled page, click Add to create a new schedule or select and exisng schedule and click
Edit.
4. Type a unique Name for the schedule.
5. Select a Group from the drop-down list or type a new Group name.
6. Select a schedule type:
Opon Descripon
Backup Backup schedules allow users to collect device conguraon changes from
discovered network devices.
Discovery Updates the telemetry (neighbor) informaon for devices and adds newly discovered
network devices.
NOTE: If a discovery schedule exists, you must select Backup. You cannot change the Type
of an exisng schedule.
5
7. If you are creang a discovery schedule and want to add newly discovered devices to a product,
select Crawl.
8. If you are creang a backup schedule, click Edit and add or remove devices to be targeted for
backup. Then perform one of the following acons.
9. Use the arrows to move devices from the Available Devices list to the Selected Devices list.
10. Select Search to congure a search to dynamically target devices based on IP address, operang
system, model, or hostname.
TIP: You can search for Admin or Interface IP addresses with a comma-separated list of IP
addresses or CIDR ranges.
11. Select a Trigger to specify the frequency you want the schedule to run.
• Once
• Daily
• Weekly
• Monthly
• Cron
6
NOTE: Cron expressions that repeat more than once per hour are not accepted.
12. Click Save.
Device Discovery
Device Discovery is now located in the Conguraon Monitor on the Risks tab for the JSA Risk Manager
versions discussed in this technical note. Device Discovery streamlines adding network devices through
network management appliances, such as Check Point Management Servers, Palo Alto Panorama,
Juniper NSM, or by crawling the network with SNMP for discoverable IP addresses. The Device
Discovery funcons in JSA Risk Manager allow users to set up mulple networks and run discovery to
automacally add new rewalls, IPS, and other network devices so they can be backed up and added to
7
the Topology. It is important that administrators do not add overlapping address ranges or CIDR
addresses when discovering devices to prevent duplicates.
Figure 5: Device Discovery in the Conguraon Monitor Displays the Status or Logs for Added
Devices.
Credenals
Device credenals can be added to access and download the conguraon of devices such as rewalls,
routers, switches, or IPSs in the Conguraon Monitor on the Risks tab. Administrators can add
8
credenals for individual devices or for mulple network devices that use the same credenals and
priorize the credenal order JSA Risk Manager uses to back up network device conguraons.
Figure 6: Device Credenals can be Added in the Conguraon Monitor.
Conguring Protocols
JSA Risk Manager users can dene the protocol, port, and other details required to communicate to a set
of network devices. You can assign devices to network groups, which allows you to group together
protocol sets and address sets for your devices.
1. On the Risk tab, click Conguraon Monitor.
2. In the navigaon menu, click Protocols.
3. Select Add from the toolbar.
4. Type a Name for the protocol set.
9
5. In the Address Sets secon, click Add.
6. In the Add Address eld, type the IP address or CIDR range that you want to apply to the network
group, then click OK.
TIP: You can use IP4 or IP6 address or CIDR ranges.
7. Select the check box for each protocol you want to enable.
TIP: Select a protocol and click Increase Priority or Decrease Priority to adjust the order you
want the protocols to be used.
8. Select a protocol to congure its relevant properes. You can congure the following values for the
protocol parameters:
Protocol Parameter descripon
SSH Congure the following parameters:
Port- Type the port on which you want the SSH protocol to use when
communicang with and backing up network devices. The default SSH protocol port
is 22.
Version- Select the version of SSH that you want this network group to use when
communicang with network devices. The available opons are as follows:
Auto- This opon automacally detects the SSH version to use when
communicang with network devices.
a. Use SSH-1 when communicang with network devices.
b. Use SSH-2 when communicang with network devices.
Telnet Type the port number you want the Telnet protocol to use when communicang with
and backing up network devices. The default Telnet protocol port is 23.
HTTPS Type the port number you want the HTTPS protocol to use when communicang with
and backing up network devices. The default HTTPS protocol port is 443.
10
(Connued)
Protocol Parameter descripon
HTTP Type the port number you want the HTTP protocol to use when communicang with
and backing up network devices. The default HTTP protocol port is 80.
SCP Type the port number you want the SCP protocol to use when communicang with and
backing up network devices. The default SCP protocol port is 22.
SFTP Type the port number you want the SFTP protocol to use when communicang with
and backing up network devices. The default SFTP protocol port is 22.
FTP Type the port number you want the FTP protocol to use when communicang with and
backing up network devices. The default SFTP protocol port is 22.
TFTP The TFTP protocol does not have any congurable opons.
SNMP Congure the following parameters:
Port - Type the port number you want the SNMP protocol to use when
communicate with and backing up network devices.
Timeout(ms) - Select the amount of me, in milliseconds, that you want to use to
determine a communicaon meout.
Retries - Select the number of mes you want to aempt to retry communicaons
to a device.
Version - Select the version of SNMP you want to use for communicaons. The
opons are v1, v2, or v3.
V3 Authencaon - Select the algorithm you want to use to authencate SNMP
traps.
V3 Encrypon - Select the protocol you want to use to decrypt SNMP traps.
9. Click Save.
11
TIP: Aer you create your protocol sets, select a protocol set and click Increase Priority or
Decrease Priority to adjust the order you want the protocol sets to be checked.
12
  • Page 1 1
  • Page 2 2
  • Page 3 3
  • Page 4 4
  • Page 5 5
  • Page 6 6
  • Page 7 7
  • Page 8 8
  • Page 9 9
  • Page 10 10
  • Page 11 11
  • Page 12 12
  • Page 13 13
  • Page 14 14
  • Page 15 15
  • Page 16 16

Juniper JSA3800 User guide

JSA3800
Juniper
Brand
Juniper
Model
JSA3800
Type
User guide
This manual is also suitable for

The Juniper JSA3800 is a high-performance security appliance that combines advanced threat detection and prevention capabilities with comprehensive network security features. It utilizes machine learning and artificial intelligence to deliver real-time threat detection and automated incident response. The JSA3800 provides visibility and control across your entire network, including encrypted traffic, and offers a range of security features such as stateful firewall, intrusion prevention system (IPS), advanced malware protection, and unified threat management.

Download PDF
report

Ask a question and I''ll find the answer in the document

Finding information in a document is now easier with AI

Related papers

Other documents