Help Center User GuideGetting StartedFAQRelease Notes
 
X
User Guide
Getting Started
FAQ
Release Notes
Contents  

About the NSX Managers Page

To access this page, click Security Director > Devices > NSX Managers.

Use the NSX Managers page to discover the NSX Manager and perform service registration of the vSRX VM with the NSX Manager. The NSX Manager is added as a device in the Security Director and its inventory is synchronized with Security Director.

Starting in Policy Enforcer Release 19.1R2 onwards, you can select the perimeter firewall types for either the north-south or east-west traffic while registering the NSX Manager. For the north-south firewall integration, you can choose one or more of the already discovered SRX Series devices in Security Director as the perimeter firewall devices. Policy Enforcer is configured as the feed server for these perimeter devices automatically. For the NSX Manager with north-south firewall integration, create a firewall or IPS group policy. During the creation of a firewall or IPS rule for the corresponding group policy, select the perimeter devices as source addresses.

When you add an NSX Manager in Security Director, the NSX Management RESTful API configures Policy Enforcer as a system log server in NSX Manager. The system log server handler runs in the Policy Enforcer virtual machine. On receiving the security group membership changes from the system log, the system log service handler parses the system log and extracts the changed security group details. The security policies with rules having the modified security groups (dynamic address groups) as source or destination addresses are filtered and the perimeter firewall devices assigned to those policies are obtained. A remote procedure call (RPC) is sent to those perimeter firewall devices to update the dynamic address groups. The perimeter firewall devices then obtains and update the IP address feeds from Policy Enforcer.

Before you Begin

  1. Install the Policy Enforcer Release 17.1 OVA image.

    1. After the installation is complete, log in to the Policy Enforcer VM through SSH. Run the service commands to verify the status of the following services:

      	service nsxmicro status
      	service  sd_event_listener status
      	service nsx_callback_listener status
      	service  ssh_listener status
      
    2. If services are stopped, initiate the services again by running the following commands:

      	service nsxmicro start
      	service  sd_event_listener start
      	service nsx_callback_listener start
      	service  ssh_listener start
      
  2. Select Security Director > Administration > Policy Enforcer > Settings, and add Policy Enforcer to Security Director. For more information, see Identifying the Policy Enforcer Virtual Machine In Security Director.

  3. Download the SSH Key. Copy the vSRX OVA file to the Policy Enforcer VM along with the downloaded SSH key. See Downloading the SSH Key File.

  4. Obtain the vSRX license key before adding the NSX Manager to the Security Director.

Tasks You Can Perform

You can perform the following tasks from this page:

Field Descriptions

Table 136 provides guidelines on using the fields on the NSX Managers page.

Table 136: Fields on the NSX Managers Page

Field

Description

Hostname/IP Address

Specifies the hostname or the IPv4 address of the NSX Manager.

Name

Specifies the name of the NSX Manager.

Associated vCenter

Specifies the hostname or the IP address of the vCenter associated with the NSX Manager that is automatically fetched by Security Director.

Associated vCenter Status

Specifies the connection status of an associated vCenter.

Service Manager Registration Status

Specifies the registration status of the security services.

Services

Specifies the service definition of a selected NSX Manager.

Click View to view the service definition.

Port

Specifies the port number of the NSX Manager.

Username

Specifies the username of the NSX Manager. The user must have the administrator privileges to access the NSX Manager.

Connection Status

Specifies the connection status of the NSX Manager.

Related Documentation

Ask questions in TechWiki

Check documentation in TechLibrary

Rating by you:      
X

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:
Email:

Need product assistance? Contact Juniper Support

Submit