Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Credentials

 

In JSA Risk Manager, credentials are used to access and download the configuration of devices such as firewalls, routers, switches, or IPSs.

Administrators use Configuration Source Management to input device credentials, which give JSA Risk Manager access to specific devices. Individual device credentials can be saved for a specific network device. If multiple network devices use the same credentials, you can assign credentials to a group.

You can assign different devices in your network to network groups, to group credential sets and address sets for your devices.

A credentials set contains information such as user name, and password values for a set of devices.

An address set is a list of IP addresses that define a group of devices that share a set of credentials.

For example, if all the firewalls in your organization have the same user name and password, then the credentials that are associated with the address sets for all the firewalls are used to back up device configurations for all firewalls in your organization.

If a network credential is not required for a specific device, the parameter can be left blank in Configuration Source Management. For a list of required adapter credentials, see the Juniper Secure Analytics Risk Manager Adapter Configuration Guide.

You Can Configure Your JSA Risk Manager to Prioritize How Each Network Group is Evaluated.

The network group at the top of the list has the highest priority. The first network group that matches the configured IP address are included as candidates when backing up a device. A maximum of three credential sets from a network group are considered.

For example, if your network groups have the following composition:

  • Network group 1 contains two credential sets

  • Network group 2 contains two credential sets

JSA Risk Manager compiles a maximum of three credential sets, so the following credential sets are used:

  • Both credential sets in network group 1 are used because network group 1 is higher in the list.

  • Only the first credential set in the network group 2 is used because only three credential sets are required.

When a credential set is used to successfully access a device, JSA Risk Manager uses that same credential set for subsequent attempts to access the device. If the credentials on that device change, the authentication fails and for the next authentication attempt, JSA Risk Manager compiles the credentials again to ensure success.

Configuring Credentials for JSA Risk Manager

Administrators must configure credentials to allow JSA Risk Manager to connect to devices in the network.

You can type an IP address range using a dash or wildcard (*) to indicate a range, such as 10.100.20.0-10.100.20.240 or 1.1.1*. If you type 1.1.1.*, all IP addresses meeting that requirement are included.

  1. On the navigation menu, click Admin.
  2. Click Apps.
  3. In the Risk Manager pane, click Configuration Source Management.
  4. On the navigation menu, click Credentials.
  5. On the Network Groups pane, click the Add (+) icon.
  6. Type a name for a network group, and then click OK.
  7. Move the network group that you want to have first priority to the top of the list. You can use the Move Up and Move Down arrow icons to prioritize a network group.
  8. In the Add Address field, type the IP address or CIDR range that you want to apply to the network group, then click the Add (+) icon.

    Repeat for all IP addresses you want to add to the address set for this network group.

  9. In the Credentials pane, click the Add (+) icon.
  10. Type a name for the new credential set, and then click OK.
  11. Type values for the parameters:

     

    Option

    Description

    Username

    Type the user name for the credential set.

    Password

    Type the password for the credential set.

    Enable Username

    Type the user name for second-level authentication for the credential set.

    Enable Password

    Type the password for second-level authentication for the credential set.

    SNMP Get Community

    Type the SNMP Get community.

    SNMPv3 Authentication Username

    Type the user name you want to use to authenticate SNMPv3.

    SNMPv3 Authentication Password

    Type the password you want to use to authenticate SNMPv3.

    SNMPv3 Privacy Password

    Type the protocol you want to use to decrypt SNMPv3 traps.

  12. Move the credential set you want to make first priority to the top of the list. Use the Move Up and Move Down arrow icons to prioritize a credential set.
  13. Repeat for each credential set that you want to add.
  14. Click OK.

Related Documentation