Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Configure Protocols

 

For JSA Risk Manager to communicate with devices, you must define the communication method (protocol) required for communication to your network devices.

JSA Risk Manager provides default protocol configuration for your system. If you need to define protocols, you can define protocols to allow JSA Risk Manager to obtain and update device configuration. Many network environments have different communication protocols of different types or functions of the device. For example, a router might use a different protocol than the firewalls in the network. For a list of supported protocols by device manufacturer, see the Juniper Secure Analytics Risk Manager Adapter Configuration Guide.

JSA Risk Manager uses protocol sets to define groups of protocols for a set of devices that require a specific communication protocol. You can assign devices to network groups, which allows you to group together protocol sets and address sets for your devices.

Protocol sets are a named set of protocols for a set of devices that require specific protocol credentials.

Address sets are IP addresses that define the network group.

Configuring Protocols

You define protocols to obtain and update device configuration.

  1. On the Risk tab, click Configuration Monitor.
  2. In the navigation menu, click Protocols.
  3. Select Add from the toolbar.
  4. Type a Name for the protocol set.
  5. In the Address Sets section, click Add.
  6. In the Add Address field, type the IP address or CIDR range that you want to apply to the network group, then click OK.Tip

    You can use IP4 or IP6 address or CIDR ranges.

  7. Select the check box for each protocol you want to enable.Tip

    Select a protocol and click Increase Priority or Decrease Priority to adjust the order you want the protocols to be used.

  8. Select a protocol to configure its relevant properties.

    You can configure the following values for the protocol parameters:

    Table 1: Protocol Parameters

    Protocol

    Parameter

    SSH

    Configure the following parameters:

    Port—Type the port on which you want the SSH protocol to use when communicating with and backing up network devices.

    The default SSH protocol port is 22.

    Version—Select the version of SSH that you want this network group to use when communicating with network devices. The available options are as follows:

    Auto—This option automatically detects the SSH version to use when communicating with network devices.

    1—Use SSH-1 when communicating with network devices.

    2—Use SSH-2 when communicating with network devices.

    Telnet

    Type the port number you want the Telnet protocol to use when communicating with and backing up network devices.

    The default Telnet protocol port is 23.

    HTTPS

    Type the port number you want the HTTPS protocol to use when communicating with and backing up network devices.

    The default HTTPS protocol port is 443.

    HTTP

    Type the port number you want the HTTP protocol to use when communicating with and backing up network devices.

    The default HTTP protocol port is 80.

    SCP

    Type the port number you want the SCP protocol to use when communicating with and backing up network devices.

    The default SCP protocol port is 22.

    SFTP

    Type the port number you want the SFTP protocol to use when communicating with and backing up network devices.

    The default SFTP protocol port is 22.

    FTP

    Type the port number you want the FTP protocol to use when communicating with and backing up network devices.

    The default SFTP protocol port is 22.

    TFTP

    The TFTP protocol does not have any configurable options.

    SNMP

    Configure the following parameters:

    Port—Type the port number you want the SNMP protocol to use when communicate with and backing up network devices.

    Timeout(ms)—Select the amount of time, in milliseconds, that you want to use to determine a communication timeout.

    Retries—Select the number of times you want to attempt to retry communications to a device.

    Version—Select the version of SNMP you want to use for communications. The options are v1, v2, or v3.

    V3 Authentication—Select the algorithm you want to use to authenticate SNMP traps.

    V3 Encryption—Select the protocol you want to use to decrypt SNMP traps.

  9. Click Save.Tip

    After you create your protocol sets, select a protocol set and click Increase Priority or Decrease Priority to adjust the order you want the protocol sets to be checked.