Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Documentation Search

    Adding IDP Series Devices to NSM Device Manager

    Before you can use Network and Security Manager (NSM) to manage an IDP Series device, you must add the IDP Series device to NSM Device Manager. Use one of the following workflows to add the IDP Series device to the NSM Device Manager:

    Adding a Reachable Device

    A reachable device is a device you have installed and initialized, including configuring an IP address for the management interface and connecting the management interface to the network. You complete the reachable device workflow in cases where you set up the IDP Series device first and the NSM device object second.

    To import an IDP Series device with a known IP address:

    1. In the NSM navigation tree, select Device Manager > Devices.
    2. Click the + icon and select Device to display the Add Device wizard. Configure the following properties:

      • Name–Specify a string to identify the IDP Series device. The string may contain letters, numbers, spaces, dashes, and underscores.
      • Color–Select a color. Some administrators use colors to distinguish devices by type, region, software version, and so forth.
      • Select Device Is Reachable (default).
    3. Click Next.
    4. In the Specify Connection Settings dialog box, enter the following connection information:

      • Enter the IP address of the IDP Series device.
      • Enter the username of the device admin user.
      • Enter the password for the device admin user.
      • Enter the password for the device root user.

        Note: In NSM, passwords are case-sensitive.

      • Select SSH Version 2 and port 22.
      Click Next.
    5. On the Verify Device Authenticity page, use an out-of-band method to verify the RSA key fingerprint information to prevent man-in-the-middle attacks.

      Click Next.

      In response, NSM connects to the IDP Series device to retrieve device information. This process takes a moment.

    6. Verify that the device type, OS version, device serial number, and device mode are correct.
    7. Click Next to add the device to NSM.
    8. Click Next to import the configuration from the IDP Series device.
    9. Click Finish.

      For IDP OS Release 4.1 and later devices, NSM next runs a job to update the IDP Series device with the Recommended IDP security policy. The Job Information dialog box shows the status of the Update Device job.

    10. After the job is complete, double-click the device in Device Manager to view the imported configuration.

      To check the device configuration status, mouse over the device and verify that the device status displays Managed.

    Adding an Unreachable Device

    An unreachable device is a device that has not been set up and so does not have an IP address for the management interface. You complete the unreachable device workflow in cases where you set up the NSM device object first and the IDP Series device second.

    To add an IDP Series device with an unknown IP address:

    1. In the NSM navigation tree, select Device Manager > Devices.
    2. Click the + icon and select Device to display the Add Device wizard.
    3. Configure the following properties:

      • Name–Specify a string to identify the IDP Series device. The string may contain letters, numbers, spaces, dashes, and underscores.
      • Color–Select a color. Some administrators use colors to distinguish devices by type, region, software version, and so forth.
      • Select Device Is Not Reachable.
    4. Click Next.
    5. On the Specify One Time Password page:

      • Make a note of the unique external ID for the device. The device administrator will need it to connect the device to NSM. This ID number represents the device within the management system. The wizard automatically provides this value.
      • Specify the first connection one-time password (OTP) that authenticates the device.
      • Click Show Device Commands to display the list of CLI commands that must be executed on the device to connect to NSM. The commands enable management, set the IP address for NSM, set the unique external ID, and set the device OTP.

        Copy these commands to a text file.

      Click Finish to complete the Add Device wizard and include the new device in the Device Manager list.
    6. Log into the CLI as admin and enter su - to switch to root.
    7. Run the CLI commands you copied in Step 5.
    8. In the NSM Device Manager, mouse over the device to track its configuration status. The first status message is Waiting for 1st connect. After the connection has been established, the status displays Import Needed.
    9. Right-click the device and select Import Device.

      The Job Information box displays the job type and status for the import; when the job status displays successful completion, click Close.

      For IDP OS Release 4.1 and later devices, NSM next runs a job to update the IDP Series device with the Recommended IDP security policy. The Job Information dialog box shows the status of the Update Device job.

    10. After the job is complete, double-click the device in Device Manager to view the imported configuration.

      To check the device configuration status, mouse over the device and verify that the device status displays Managed.

    Modeling an IDP Series Device Configuration

    You model an IDP Series device configuration when the device is not online, and you intend to push the configuration to the device when it is ready to be put online and configured.

    To model an IDP Series device

    1. In the NSM navigation tree, select Device Manager > Devices.
    2. Click the + icon and then select Device to display the Add Device wizard.
    3. Configure the following properties:

      • Name–Specify a string to identify the IDP Series device. The string may contain letters, numbers, spaces, dashes, and underscores.
      • Color–Select a color. Some administrators use colors to distinguish devices by type, region, software version, and so forth.
      • Select Model Device.
    4. In the Specify OS Name, Version, and Platform page, enter the following connection information:

      • In the OS Name list, select the device family that the modeled device belongs to.
      • In the platform list, select the device platform name.
      • In the OS version list, select the version of the operating system or firmware that runs on the device.
    5. Click Finish.
    6. Double-click the device to display the device configuration editor.
    7. When you have completed the model configuration, check the device configuration status. Mouse over the device and verify that the device status displays Modeled.

    Adding Device Clusters

    In a high-availability (HA) deployment, an IDP Series device cluster is a set of two IDP Series devices deployed for the same purpose—to provide intrusion detection and prevention for a particular network segment. You use Appliance Configuration Manager (ACM) to configure HA. You use Network and Security Manager (NSM) to create a cluster object that will help you ensure the nodes (IDP Series devices) maintain the same feature configuration, which is a requirement of HA deployments.

    To configure clusters in NSM:

    1. Add the cluster object.
    2. Add cluster members to the cluster object.

    To add a cluster object:

    1. In the NSM navigation tree, select Device Manager > Devices.
    2. Click the + icon and then select Cluster to display the New Cluster wizard.
    3. Configure the following properties:

      • Cluster Name–Specify a string to identify the IDP Series device. The string may contain letters, numbers, spaces, dashes, and underscores.
      • Color–Select a color. Some administrators use colors to distinguish devices by type, region, software version, and so forth.
      • In the OS Name list, select ScreenOS/IDP.
      • In the platform list, select the device model number.
      • In the Managed OS version list, select the IDP OS version.
    4. Click OK.

    To add cluster members:

    1. In the NSM navigation tree, select Device Manager > Devices.
    2. Right-click the cluster object and then select New > Cluster Member to display the Add Cluster Member wizard.
    3. Complete the wizard steps.
    4. Repeat to add the second cluster member.

      Note: An IDP Series cluster contains exactly two members.


    Published: 2011-02-08