• Download Software
• Research a Problem 
• Case Management 
• Contract & Product Management 
• Technical Documentation
  • Advanced Search
  • Documentation Archive
  • Documentation Bug Report
  • Enterprise MIBs
  • File Format Help
  • Glossary
  • Portable Libraries
• End-of-Life Products
• Contact Support
• Guidelines and Policies
• Security Resources

Adding a Reachable Device

A reachable device is a device you have installed and initialized, including configuring an IP address for the management interface and connecting the management interface to the network. You complete the reachable device workflow in cases where you set up the IDP device first and the NSM device object second.

To import an IDP device with a known IP address:

1. In the NSM navigation tree, select Device Manager > Devices.

2. Click the + icon and select Device to display the Add Device wizard. Configure the following properties:

   • Name–Specify a string to identify the IDP device. The string may contain letters, numbers, spaces, dashes, and underscores.
   • Color–Select a color. Some administrators use colors to distinguish devices by type, region, software version, and so forth.
   • Select Device Is Reachable (default).
3. Click Next.

4. In the Specify Connection Settings dialog box, enter the following connection information:

   • Enter the IP address of the IDP device.
   • Enter the username of the device admin user.
   • Enter the password for the device admin user.
   • Enter the password for the device root user.

     Note: In NSM, passwords are case-sensitive.

   • Select SSH Version 2 and port 22.
   Click Next.
5. On the Verify Device Authenticity page, use an out-of-band method to verify the RSA key fingerprint information to prevent man-in-the-middle attacks.

   Click Next.

   In response, NSM connects to the IDP device to retrieve device information. This process takes a moment.

6. Verify that the device type, OS version, device serial number, and device mode are correct.
7. Click Next to add the device to NSM.
8. Click Next to import the configuration from the IDP device.
9. Click Finish.

   For IDP 4.1 and later devices, NSM next runs a job to update the IDP device with the Recommended IDP security policy. The Job Information dialog box shows the status of the Update Device job.

10. After the job is complete, double-click the device in Device Manager to view the imported configuration.

    To check the device configuration status, mouse over the device and verify that the device status displays Managed.

Adding an Unreachable Device

An unreachable device is a device that has not been set up and so does not have an IP address for the management interface. You complete the unreachable device workflow in cases where you set up the NSM device object first and the IDP device second.

To add an IDP device with an unknown IP address:

1. In the NSM navigation tree, select Device Manager > Devices.
2. Click the + icon and select Device to display the Add Device wizard.

3. Configure the following properties:

   • Name–Specify a string to identify the IDP device. The string may contain letters, numbers, spaces, dashes, and underscores.
   • Color–Select a color. Some administrators use colors to distinguish devices by type, region, software version, and so forth.
   • Select Device Is Not Reachable.
4. Click Next.

5. On the Specify One Time Password page:

   • Make a note of the unique external ID for the device. The device administrator will need it to connect the device to NSM. This ID number represents the device within the management system. The wizard automatically provides this value.
   • Specify the first connection one-time password (OTP) that authenticates the device.
   • Click Show Device Commands to display the list of CLI commands that must be executed on the device to connect to NSM. The commands enable management, set the IP address for NSM, set the unique external ID, and set the device OTP.

     Copy these commands to a text file.

   Click Finish to complete the Add Device wizard and include the new device in the Device Manager list.
6. Log into the CLI as admin and enter su - to switch to root.
7. Run the CLI commands you copied in Step 5.
8. In the NSM Device Manager, mouse over the device to track its configuration status. The first status message is Waiting for 1st connect. After the connection has been established, the status displays Import Needed.
9. Right-click the device and select Import Device.

   The Job Information box displays the job type and status for the import; when the job status displays successful completion, click Close.

   For IDP 4.1 and later devices, NSM next runs a job to update the IDP device with the Recommended IDP security policy. The Job Information dialog box shows the status of the Update Device job.

10. After the job is complete, double-click the device in Device Manager to view the imported configuration.

    To check the device configuration status, mouse over the device and verify that the device status displays Managed.

Modeling an IDP Device Configuration

You model an IDP device configuration when the IDP device is not online, and you intend to push the configuration to the IDP device when it is ready to be put online and configured.

To model an IDP device

1. In the NSM navigation tree, select Device Manager > Devices.
2. Click the + icon and then select Device to display the Add Device wizard.

3. Configure the following properties:

   • Name–Specify a string to identify the IDP device. The string may contain letters, numbers, spaces, dashes, and underscores.
   • Color–Select a color. Some administrators use colors to distinguish devices by type, region, software version, and so forth.
   • Select Model Device.

4. In the Specify OS Name, Version, and Platform page, enter the following connection information:

   • In the OS Name list, select the device family that the modeled device belongs to.
   • In the platform list, select the device platform name.
   • In the OS version list, select the version of the operating system or firmware that runs on the device.
5. Click Finish.
6. Double-click the device to display the device configuration editor.
7. When you have completed the model configuration, check the device configuration status. Mouse over the device and verify that the device status displays Modeled.

Adding Device Clusters

In a high-availability (HA) deployment, an IDP device cluster is a set of two IDP devices deployed for the same purpose—to provide intrusion detection and prevention for a particular network segment. You use Appliance Configuration Manager (ACM) to configure HA. You use Network and Security Manager (NSM) to create a cluster object that will help you ensure the nodes (IDP devices) maintain the same feature configuration, which is a requirement of HA deployments.

To configure clusters in NSM:

1. Add the cluster object.
2. Add cluster members to the cluster object.

To add a cluster object:

1. In the NSM navigation tree, select Device Manager > Devices.
2. Click the + icon and then select Cluster to display the New Cluster wizard.

3. Configure the following properties:

   • Cluster Name–Specify a string to identify the IDP device. The string may contain letters, numbers, spaces, dashes, and underscores.
   • Color–Select a color. Some administrators use colors to distinguish devices by type, region, software version, and so forth.
   • In the OS Name list, select ScreenOS/IDP.
   • In the platform list, select the device model number.
   • In the Managed OS version list, select the IDP OS version.
4. Click OK.

To add cluster members:

1. In the NSM navigation tree, select Device Manager > Devices.
2. Right-click the cluster object and then select New > Cluster Member to display the Add Cluster Member wizard.
3. Complete the wizard steps.
4. Repeat to add the second cluster member.

   Note: An IDP cluster contains exactly two members.