Help Center User GuideGetting StartedFAQsRelease Notes
 
X
User Guide
Getting Started
FAQs
Release Notes
Contents  

Security Director Release Notes

The Junos Space Security Director application is a powerful and easy-to-use solution that lets you secure your network by creating and publishing firewall policies, IPsec VPNs, NAT policies, IPS policies, and application firewalls.

Note: To push IPS and application firewall signatures to a device, you need IPS and application firewall licenses.

Installing Junos Space Network Management Platform

Junos Space Security Director Release 16.1R1 is supported only on Junos Space Network Management Platform Release 16.1. For more information on the Network Management Platform upgrade process, see Upgrading to Junos Space Network Management Platform Release 16.1R1.

At the end of the installation, you are prompted to choose the backup tgz location to restore the previous version of the Network Management Platform release. Click N to continue with the fresh installation of the Network Management Platform.

Installing Security Director Release 16.1

In Junos Space Security Director Release 16.1, a single image installs Security Director, Log Director, and the Security Director Logging and Reporting modules. Installing the Security Director Release 16.1 image installs all three applications. You must deploy the Log Collector and then add it to the Junos Space Network Management Platform fabric to view the log data in the dashboard, events and logs, reports, and alerts.

For more information on adding Junos Space applications, see Adding a Junos Space Application.

Upgrading Security Director Prerequisites

Before you upgrade the Security Director, Log Director, and Security Director Logging and Reporting modules, you must upgrade to Junos Space Network Management Platform Release 16.1.

Follow this upgrade sequence if your current Security Director release is earlier than Security Director Release 15.2:

Upgrading Security Director

To upgrade from a previous version of Security Director to Security Director Release 16.1R1:

Note: If you are upgrading from a previous version of Security Director, clear your browser cache before accessing the Security Director UI.

Installing Slipstream Script

Note: You must ensure that Security Director is installed or upgraded to the latest version before installing the Slipstream script.

Procedure

To install the Slipstream script:

  1. Download the Slipstream script Slipstream-Framework-T1.xx-x.sh from the Download Site.
  2. Copy the downloaded script to the /tmp folder of the Junos Space Network Management Platform server.
  3. Use the chmod 777 Slipstream-Framework-T1.xx-x.sh command to change the permission of the file to read, write, or execute.
  4. Install the Slipstream script by running the following command: sh Slipstream-Framework-T1.xx-x.sh.
  5. On a multinode Junos Space fabric, you must copy and run the script individually on each node.

Upgrading Log Collector

Note: Before creating a backup of Log Collector Release 15.2R2, you must delete all the Log Collector nodes from Security Director > Administration > Logging Management > Logging Nodes.

Table 1 shows the topology difference between Log Collector Release 15.2R2 and Log Collector Release 16.1 before the upgrade.

Table 1: Understanding the Topology Difference Before Upgrading

Node Type

15.2R2

16.1R1

All-in-One

Yes

Yes

Log receiver

Yes

Yes

Log storage

Yes (Indexer node)

Yes

Query node

Yes (20K eps)

No

Master node

Yes (20K eps)

No

In Log Collector Release 16.1R1:

To upgrade from Log Collector Release 15.2 to Log Collector Release 16.1:

  1. If the log password was changed for the logging nodes in the Log Collector Release 15.2R2, perform the following steps. Else, continue with Step 2.
    • Use the ssh command to open a connection to Log Query Node (Indexer node) or All-in-One node.
    • Edit the elasticsearch.yml file, located at vi/etc/elasticsearch/.
    • Inside the elasticsearch.yml file, search for http.basic.password and replace the changed password with 58dd311734e74638f99c93265713b03c391561c6ce626f8a745d1c7ece7675fa.
    • Save the changes.
  2. Download the Log Collector upgrade script from Here.
  3. Copy the upgrade script to the /root path of all the applicable nodes that you want to upgrade.
  4. Run the sh Log-Collector-Upgrade-16.1R1.XXX script.

    The status of the upgrade is shown on the console.

    Note:

    • The Logstash process does not run on the log receiver node any longer. Instead jingest process will run.
    • You must ensure that jingest and elasticsearch processes are running.
  5. Add the logging nodes back to Security Director from Security Director > Administration > Logging Management > Logging Nodes.

Deploying Log Collector

System Requirement

Table 2 and Table 3 provide the virtual machine (VM) configuration that we recommend for the log collection to work effectively.

Table 2: With SSD Drives

Setup

Number of Nodes

(Log Receiver Nodes)

CPU

(Log Receiver Nodes)

Memory

(Log Receiver Nodes)

Number of Nodes

(Log Storage Nodes)

CPU

(Log Storage Nodes)

Memory

(Log Storage Nodes)

Total Nodes

4K events per second (eps)

1

4

16 GB

-

-

-

1

10K eps

1

8

32 GB

1

8

64 GB

2

20K eps

1

8

32 GB

2

8

64 GB

3

Table 3: With Non SSD Drives

Setup

Number of Nodes

(Log Receiver Nodes)

CPU

(Log Receiver Nodes)

Memory

(Log Receiver Nodes)

Number of Nodes

(Log Storage Nodes)

CPU

(Log Storage Nodes)

Memory

(Log Storage Nodes)

Total Nodes

3K eps

1

4

16 GB

-

-

-

1

10K eps

1

8

32 GB

2

8

64 GB

3

20K eps

1

8

32 GB

3

8

64 GB

4

Note: VMs with 64 GB memory gives better stability for the log collection.

Table 4 shows supported node types in which the Log Collector can be deployed.

Table 4: Log Collector Deployment Nodes

Node Type

Description

All-in-One node (combined deployment)

  • Both receiver and storage nodes run on the same VM or JA2500 appliance.
  • Supports eps of up to 3000 with spinning disks and 4000 with SSD drives.
  • Suitable for demos and small-scale deployments.

Log Receiver Node (Distributed deployment)

This node receives syslogs from SRX Series devices. SRX Series devices must be configured with the Log Receiver Node IP to send syslogs. Upon configuration, this node parses and forwards logs to Log Storage Node. You must provide the IP address of the Log Storage Node while configuring this node.

Log Storage Node (Distributed deployment)

This node analyzes, indexes, and stores the syslogs. It receives the syslogs from Log Receiver Node.

Note: Using vSphere Client version 5.5 or earlier, you cannot edit the settings of virtual machines using hardware version 10 or earlier. For more details, see VMware Knowledge Base.

Storage Requirements

The total storage required for retaining X number of days at a given events-per-second (eps) rate is:

eps * 0.155 * X = (in GB)

For example, the storage requirement for 7 days at 500 eps is 500 * 0.155 * 7 = 542 GB, with a +20% margin. The storage space is allocated and equally distributed to the log Indexer nodes.

Note: The logs get rolled over under the following scenarios:

  • Time-based rollover—Logs that are older than 45 days are automatically rolled over, even if the disk space is available.
  • Disk size-based rollover—Older logs get rolled over when the disk size reaches 400GB.

Deploying Log Collector VM on an ESX Server

Procedure

To deploy the Log Collector on an ESX server:

  1. Download the latest Log Collector open virtual appliance (OVA) image.
  2. Using vSphere or vCenter, deploy the Log Collector OVA image Log-Collector-16.1R1.ova onto the ESX server.
  3. Edit the CPU and memory as per the system requirement for the required events per second (eps).

    Note: Log Collector virtual machine (VM) contains a Virtual Appliance Management Infrastructure (VAMI) agent. The agent enables the VM to use the required server configuration from the ESX server.

  4. Power on the Log Collector VM.

    A configuration script lets you choose the node type and configure the network settings.

  5. Use the default credentials to log in to Log Collector. username is root and password is juniper123
  6. Change the root password of the VM.
  7. Deploy Log Collector as the desired node.
  8. Configure your network settings.

Add Log Collector Node to Security Director

To add Log Collector to Security Director, see Adding Log Collector to Security Director.

Installing Log Collector on the JA2500 Appliance Using a USB Flash Drive

To install the Log Collector on the JA2500 appliance using a USB flash drive, you must create a bootable USB flash drive, install the Log Collector node using the USB flash drive, and add the Log Collector node to Security Director.

Create a Bootable USB Flash Drive

Procedure

Before creating a bootable USB flash drive, download and install the Rufus utility on your system.

  1. Plug the USB storage device into the USB port of a laptop or PC.
  2. Download the Log collector ISO image from here.

Procedure

To create a bootable USB flash drive, follow these steps in Microsoft Windows:

  1. Open the Rufus utility installed on your computer.

    The Rufus window opens.

  2. From the Device list, select the USB storage device.
  3. In the Format Options section, select the ISO image downloaded in Step 2. Click the open or browse icon next to the Create a bootable disk using option to select the ISO image.
  4. Click Start.

    A progress bar on the Rufus page indicates the status of the bootable USB flash drive creation. A success message is displayed once the process completes successfully.

  5. Click Exit to exit the window.
  6. Eject the USB storage device and unplug it from the computer.

Procedure

If you are using a computer with Linux as the operating system, follow these steps:

Note: While you can use any of the available tools, we recommend that you use the dd command in Linux to create a bootable USB drive.

  1. Open a shell prompt.
  2. Use the cd command to go to the directory containing the software image file.
  3. Type the [user@host ~]$ dd if=Log-collector-version.spinnumber.img of=/dev/usb-drive command to copy the image file to the USB drive and press Enter.

    Log-Collector-version.spin-number.img is the name of the downloaded Junos Space image file, and /dev/usb-drive is the name of the device drive to which your USB drive is mapped. The image file is copied to the USB drive and you are taken to the command prompt.

  4. Eject the USB drive and unplug it from the computer.

Install Log Collector Using USB Flash Drive

Procedure

  1. Plug the USB storage device into the USB port of the JA2500 appliance.
  2. Follow these steps to access the JA2500 appliance boot menu:

    Procedure

    1. Power on the JA2500 appliance.
    2. While the JA2500 appliance powers on, press the key mapped to send the DEL character in the terminal emulation utility.

      Note: Typically, the Backspace key is mapped to send the DEL character.

    3. The boot menu appears after few minutes.
  3. Ensure that the USB boot is at the top of the appliance boot-priority order.

    If USB KEY: CBM USB 2.0 - (USB 2.0) is not at the top of the list, follow these steps:

    1. Use the down arrow to select USB KEY:CBM USB 2.0- (USB 2.0), and use the + key to move the entry to the top of the list.
    2. Press the F4 key to save your changes and exit the BIOS setup.
  4. Verify the BIOS setting, and then power off the JA2500 appliance.
  5. Power on the appliance again. The boot menu displays the following options:
    1. Install Log Collector on Juniper JA2500 Hardware
    2. Boot from local drive
  6. Select Install Log Collector on Juniper JA2500 Hardware.
  7. Power off the appliance once the installation is completed.
  8. Restart the appliance and select Boot from local drive.
  9. Use the default credentials to log in to the JA2500 appliance; username is root and password is juniper123.
  10. Change the default root password when prompted.
  11. After logging in, select the desired node type.
  12. Configure the IP address and gateway.
  13. Configure settings for the DNS name server and the NTP server.

Add Log Collector Node to Security Director

To add Log Collector to Security Director, see Adding Log Collector to Security Director.

Installing Integrated Log Collector on a JA2500 Appliance or Junos Space Virtual Appliance

Prerequisites

The prerequisites for installing integrated log collector on a JA2500 appliance or virtual machine (VM) are as follows:

Note: Security Director Logging and Reporting is not supported on a JA1500 appliance.

Specifications

Table 5 shows the specifications for installing the integrated Log Collector on a JA2500 appliance.

Table 5: Specifications for Installing an Integrated Log Collector on a JA2500

Component

Specification

Memory

8 GB

Log Collector uses 8 GB of memory of the available 32-GB system RAM.

Disk space

500 GB

This is used from the existing JA2500 appliance disk space.

CPU

Single core

Note: These specifications are used internally by the integrated Log Collector on a JA2500 appliance.

Table 6 shows the specifications for installing the integrated Log Collector on Junos Space Virtual Appliance.

Table 6: Specifications for Installing an Integrated Log Collector on a VM

Component

Specification

Memory

8 GB

If Integrated Log Collector is running on the Junos Space VM, we recommend adding 8 GB of RAM to maintain the Junos Space performance. It uses 8 GB of system RAM from the total system RAM.

Disk space

500 GB

Minimum 500 GB is required. You can add any amount of disk space.

CPU

2 CPUs of 3.20 GHz

Note: These specifications are used internally by the integrated Log Collector running on the Junos Space Virtual Appliance.

Procedure

To install the integrated Log Collector on a JA2500 appliance or virtual appliance:

  1. Download the integrated Log Collector image Integrated-Log-Collector-16.1.R1.xxx.sh from the Download Site.
  2. Copy the integrated Log Collector script to a JA2500 appliance or virtual appliance.
  3. Connect to the CLI of a JA2500 appliance or virtual appliance with admin privileges.
  4. Navigate to the location where you have copied the integrated Log Collector script.
  5. Change the permission of the Chmod +x Integrated-Log-Collector-16.1.R1.xxx.sh file.
  6. Install the integrated Log Collector script using the following command: sh Integrated-Log-Collector-16.1.R1.xxx.sh.

When integrated Log Collector is installed on the JA2500 appliance or VM, the following message is displayed:

Shutting down system logger: [ OK ]
Starting jingest ... jingest started.
{"log-collector-node": {"id":376,"ip-address":"x.x.x.x","priority":0,"node-type": "INTEGRATED","cpu-usage":0,"memory-usage":0, "fabric-id":0,"display-name": "Integrated","timestamp":0}}

Once the installation is complete, a Logging Node is automatically added in Administration > Logging Management > Logging Nodes.

Configuring Log Collector Using Scripts

If you used the standard setup menu to configure Log Collector, then you can use the following script, described in Table 7, to reconfigure it.

“jnpr-” <TAB>
[root@NWAPPLIANCE25397 ~]# jnpr- jnpr-configure-node jnpr-configure-ntp
jnpr-configure-timezone jnpr-network-script healthcheckOSLC

Table 7: Description of the Log Collector Script

Script

Description

jnpr-configure-node

Master script for the node configuration and network settings.

jnpr-configure-ntp

Script for NTP configuration.

jnpr-configure-timezone

Script of time zone configuration.

jnpr-network-script

Script for interface configuration.

healthcheckOSLC

Script of checking the issues with logging infrastructure.

Adding Log Collector to Security Director

Procedure

Once Log Collector is configured, you can add it to Security Director.

To add Log Collector to Security Director:

  1. From the Security Director user interface, select Administration > Logging Management > Logging Nodes, and click the plus sign (+).
  2. Provide the root credentials of the Log Collector node.
  3. Verify the corresponding job status.

    The Log Collector node appears in the Logging Nodes page with the status UP.

For more information on increasing the disk size of your VM when log files are too large, see Expanding the Size of the VM Disk for Log Collector.

For more information configuring vMotion, see Creating a VMkernel port and enabling vMotion on an ESXi/ESX host and Set Up a Cluster for vMotion.

Loading Junos OS Schema for SRX Series Releases

You must download and install the matching Junos OS schema to manage SRX Series devices. To download the correct schema, under the Network Management Platform list, select Administration > DMI Schema, and click Update Schema. See Updating a DMI Schema.

Management Scalability

Supported Devices

Security Director Release 16.1 is supported on the following SRX Series and LN Series hardware devices:

Supported Junos OS Releases

Note: Before you can manage an SRX Series device using Security Director, we recommend that you have the exact matching Junos OS schema installed on the Junos Space Network Management Platform. If there is a mismatch, a warning message is displayed during the publish preview workflow.

Supported Browsers

Security Director Release 16.1 is best viewed on the following browsers:

New Features

This section describes the new features available in Security Director Release 16.1.

Known Issues

Known Behavior

Documentation Updates

This section lists the errata and changes in Security Director Release 16.1R1 documentation:

Help us to improve. Rate this article.
Feedback Received. Thank You!

Ask questions in TechWiki

Check documentation in TechLibrary

Rating by you:      
X

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:
Email:

Need product assistance? Contact Juniper Support

Submit