In JSA Risk Manager, credentials are used to access and download the configuration of devices such as firewalls, routers, switches, or IPSs.
Administrators use the Configuration Monitor to input device credentials, which give JSA Risk Manager access to specific devices. Individual device credentials can be saved for a specific network device. If multiple network devices use the same credentials, you can assign credentials to a group.
You can assign different devices in your network to network groups, to group credential sets and address sets for your devices.
A credentials set contains information such as user name, and password values for a set of devices.
An address set is a list of IP addresses that define a group of devices that share a set of credentials.
For example, if all the firewalls in your organization have the same user name and password, then the credentials that are associated with the address sets for all the firewalls are used to back up device configurations for all firewalls in your organization.
If a network credential is not required for a specific device, the parameter can be left blank. For a list of required adapter credentials, see the Juniper Secure Analytics Risk Manager Adapter Configuration Guide.
You Can Configure Your JSA Risk Manager to Prioritize How Each Network Group is Evaluated.
The network group at the top of the list has the highest priority. The first network group that matches the configured IP address are included as candidates when backing up a device. A maximum of three credential sets from a network group are considered.
For example, if your network groups have the following composition:
Network group 1 contains two credential sets
Network group 2 contains two credential sets
JSA Risk Manager compiles a maximum of three credential sets, so the following credential sets are used:
Both credential sets in network group 1 are used because network group 1 is higher in the list.
Only the first credential set in the network group 2 is used because only three credential sets are required.
When a credential set is used to successfully access a device, JSA Risk Manager uses that same credential set for subsequent attempts to access the device. If the credentials on that device change, the authentication fails and for the next authentication attempt, JSA Risk Manager compiles the credentials again to ensure success.
Configuring Credentials for JSA Risk Manager
Administrators must configure credentials to allow JSA Risk Manager to connect to devices in the network.
You can type an IP address range using a dash or wildcard (*) to indicate a range, such as 10.100.20.0-10.100.20.240 or 1.1.1*. If you type 1.1.1.*, all IP addresses meeting that requirement are included.
- On the Risk tab, click Configuration Monitor.
- In the navigation menu, click Credentials.
- Select Add from the toolbar.
- Type a Name for the new credentials.
- In the Address Sets section, click Add.
- In the Add Address field, type the IP address or CIDR range that you want to apply to the network group, then click OK.
- In the Credential Sets pane, click Add.
- Type a name for the new credential set, and then type
values for the parameters:
Type the user name for the credential set.
Type the password for the credential set.
Type the user name for second-level authentication for the credential set.
Type the password for second-level authentication for the credential set.
SNMP Get Community
Type the SNMP Get community.
SNMPv3 Authentication Username
Type the user name you want to use to authenticate SNMPv3.
SNMPv3 Authentication Password
Type the password you want to use to authenticate SNMPv3.
SNMPv3 Privacy Password
Type the protocol you want to use to decrypt SNMPv3 traps.
- Click Save.
After you create your credential sets, select a credential set and click Increase Priority or Decrease Priority to adjust the order you want the credential sets to be used.