Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Configure Protocols

 

For JSA Risk Manager to communicate with devices, you must define the communication method (protocol) required for communication to your network devices.

JSA Risk Manager provides default protocol configuration for your system. If you need to define protocols, you can define protocols to allow JSA Risk Manager to obtain and update device configuration. Many network environments have different communication protocols of different types or functions of the device. For example, a router might use a different protocol than the firewalls in the network. For a list of supported protocols by device manufacturer, see the Juniper Secure Analytics Risk Manager Adapter Configuration Guide.

JSA Risk Manager uses protocol sets to define groups of protocols for a set of devices that require a specific communication protocol. You can assign devices to network groups, which allows you to group together protocol sets and address sets for your devices.

Protocol sets are a named set of protocols for a set of devices that require specific protocol credentials.

Address sets are IP addresses that define the network group.

Configuring Protocols

You define protocols to obtain and update device configuration.

You can configure the following values for the protocol parameters.

Table 1: Protocol Parameters

Protocol

Parameter

SSH

Configure the following parameters:

Port Type the port on which you want the SSH protocol to use when communicating with and backing up network devices.

The default SSH protocol port is 22.

Version Select the version of SSH that you want this network group to use when communicating with network devices. The available options are as follows:

Auto This option automatically detects the SSH version to use when communicating with network devices.

1 Use SSH-1 when communicating with network devices.

2 Use SSH-2 when communicating with network devices.

Telnet

Type the port number you want the Telnet protocol to use when communicating with and backing up network devices.

The default Telnet protocol port is 23.

HTTPS

Type the port number you want the HTTPS protocol to use when communicating with and backing up network devices.

The default HTTPS protocol port is 443.

HTTP

Type the port number you want the HTTP protocol to use when communicating with and backing up network devices.

The default HTTP protocol port is 80.

SCP

Type the port number you want the SCP protocol to use when communicating with and backing up network devices.

The default SCP protocol port is 22.

SFTP

Type the port number you want the SFTP protocol to use when communicating with and backing up network devices.

The default SFTP protocol port is 22.

FTP

Type the port number you want the FTP protocol to use when communicating with and backing up network devices.

The default SFTP protocol port is 22.

TFTP

The TFTP protocol does not have any configurable options.

SNMP

Configure the following parameters:

Port Type the port number you want the SNMP protocol to use when communicate with and backing up network devices.

Timeout(ms) Select the amount of time, in milliseconds, that you want to use to determine a communication timeout.

Retries Select the number of times you want to attempt to retry communications to a device.

Version Select the version of SNMP you want to use for communications. The options are v1, v2, or v3.

V3 Authentication Select the algorithm you want to use to authenticate SNMP traps.

V3 Encryption Select the protocol you want to use to decrypt SNMP traps.

  1. On the navigation menu, click Admin to open the admin tab.
  2. Click Apps.
  3. In the Risk Manager pane, click Configuration Source Management.
  4. On the navigation menu, click Protocols.
  5. Configure a new network group:
    1. In the Network Groups pane, click the Add (+) icon.

    2. Type a name for a network group.

    3. Click OK.

    4. Use the Move Up and Move Down icons to prioritize the network groups. Move the network group you want to have first priority to the top of the list.

  6. Configure the address set:
    1. In the Add Address field, type the IP address or CIDR range that you want to apply to the network group, then click the Add (+) icon. For example, type an IP address range using a dash or wildcard ( * ) to indicate a range, such as 10.100.20.0-10.100.20.240 or 1.1.1*. If you type 1.1.1.*, all IP addresses meeting that requirement are included.

    2. Repeat for all IP addresses you want to add to the address set for this network group.

  7. Configure the protocol set:
    1. In the Network Groups pane, ensure the network group you want to configure protocols for is selected.

    2. Select check boxes to apply a protocol to the range of IP addresses assigned to the network group you created. Clearing the check box turns off the communication option for the protocol when attempting to back up a network device.

    3. For each protocol that you selected, configure values for the parameters.

    4. Use the Move Up and Move Down icons to prioritize the protocols. Move the protocol that you want to have first priority to the top of the list.

  8. Click OK.