Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Step 1: Begin

 

Juniper Networks® Junos® Space Security Director provides security policy management through an intuitive, centralized, Web-based interface. Using intuitive dashboards and reporting features, you gain insight into threats, compromised devices, risky applications, and more.

Install and Deploy Workflow

This flowchart illustrates the process to install or upgrade Security Director and deploy Log Collector.

Before You Begin

Install and configure Junos Space Virtual Appliance. You’ll need to set up the virtual appliance to run as a Junos Space node. See the Junos Space Virtual Appliance Installation and Configuration Guide.

Note

You can also install Security Director on a JA2500 Junos Space Appliance. You’ll need to set up the JA2500 appliance to run as a Junos Space node. See the Juniper Networks JA2500 Junos Space Appliance Hardware Guide.

Install Junos Space Security Director

Installing Security Director is easy. Once you've verified the supported Junos Space Network Management Platform version by logging in to Network Management Platform > Administration > Application, simply download the Security Director release image from the download site, upload it to the Junos Space Platform server, and then install it. You can find all the details in the Adding a Junos Space Application.

Note

You can install Junos Space Security Director only on the supported Junos Space Network Management Platform version.

Deploy Log Collector

You use Log Collector to enable log collection and view log data across multiple SRX Series devices. You can configure Log Collector as an All-in-One node or integrated node for small-scale deployments. For larger deployments, begin with one Log Receiver node and one Log Storage node, and incrementally add Log Storage nodes as your needs expand. You can have a maximum of one Log Receiver node and three Log Storage nodes.

You can use Security Director Log Collector or Juniper Secure Analytics (JSA) Series Appliance as a Log Collector to view log data in Security Director. For JSA Series Appliance as a Log Collector, see JSA Log Collector Overview.

Before You Begin

  • Click here to verify that the JA2500 Appliance or the Junos Space Virtual Appliance is running the correct versions of Junos Space Network Management Platform and Junos Space Security Director.

  • Open these ports between the Junos Space server and Log Collector:

    • Port 8004 (TCP)—For communication between the Junos Space server and the Log Collector node agent.

    • Port 8003 (TCP)—For log data queries.

    • Port 9200 (TCP)—For Log Storage nodes.

    • Port 9300 (TCP)—For communication across Elasticsearch clusters.

    • Port 4567 (TCP)—For communication between the Log Receiver node and Log Storage node.

    • Port 514 (TCP)—For receiving system logs.

    • Port 514 (UDP)—For receiving system logs.

    • Port 22 (TCP)—For SSH connectivity.

    The following ports are not required for Log Collector to function, but they are used by other peripheral services:

    • Port 5671 (TCP)

    • Port 32803 (TCP)

    • Port 32769 (UDP)

Note

In this guide, you learn how to deploy your Log Collector virtual machine (VM) on a VMware ESX server. Based on your requirement, you can choose to deploy the Log Collector VM on the KVM server, on the JA2500 Appliance, or as an integrated Log Collector. For details, see the Security Director Installation and Upgrade Guide.

Deploy Log Collector VM on a VMware ESX Server

  1. Install the VMware vSphere or vCenter client on your local system.
  2. Download the latest Log Collector open virtual appliance (OVA) image from the download site.
  3. Deploy the Log Collector OVA image onto the VMware ESX server using the VMware vSphere or vCenter client.
  4. Edit the CPU and memory according to the system requirement for the required events per second (eps). See Table 1 and Table 2.

    Table 1: VMware ESX Server with Solid-State Drives (SSDs)

    Setup (events per second)

    Log Receiver Node

    Log Storage Node

    Total Nodes

    Number of Nodes

    CPU

    Memory

    Number of Nodes

    CPU

    Memory

    4000

    1

    4

    16 GB

    -

    -

    -

    1

    10,000

    1

    8

    32 GB

    1

    8

    64 GB

    2

    20,000

    1

    8

    32 GB

    2

    8

    64 GB

    3

    Table 2: VMware ESX Server Without SSDs

    Setup (events per second)

    Log Receiver Node

    Log Storage Node

    Total Nodes

    Number of Nodes

    CPU

    Memory

    Number of Nodes

    CPU

    Memory

    3000

    1

    4

    16 GB

    -

    -

    -

    1

    10,000

    1

    8

    32 GB

    2

    8

    64 GB

    3

    20,000

    1

    8

    32 GB

    3

    8

    64 GB

    4

    Note

    VMs with 64-GB memory provide better stability for log storage.

  5. Power on the Log Collector VM.
  6. Log in to Log Collector with the default username root and password juniper123.
  7. Change the VM’s default password.
  8. Select a node type.
  9. Configure your network settings.

Do More with Policy Enforcer

You can install Policy Enforcer to configure Juniper Connected Security. Policy Enforcer integrates with Juniper Sky Advanced Threat Prevention (ATP) to provide centralized threat management and monitoring to your Juniper Connected Security network. You can use Policy Enforcer to combine threat intelligence from different solutions and act on that intelligence from one management point.

To install Policy Enforcer and add it to Security Director, check out these topics in the Policy Enforcer Installation Guide: