Help Center User GuideGetting StartedFAQRelease Notes
 
X
User Guide
Getting Started
FAQ
Release Notes
Contents  

Viewing and Synchronizing Out-of-Band Firewall Policy Changes Manually

Starting in Junos Space Security Director Release 19.2R1, when there is an out-of-band firewall policy change in the device, you can see an icon next to the corresponding policy in device-specific and group firewall policies in Security Director. You can manually synchronize the out-of-band changes for a device-specific policy, only when the automatic synchronization is disabled.

When you hover over the icon next to the policy, the tooltip indicates the out-of-band changes. Out-of-band firewall policy changes are applicable for both standard and unified firewall policies.

When a device is discovered in Security Director, the Managed Status is displayed as Managed in the Security Devices page. For manual synchronization of out-of-band policy changes, the managed status of the device must be SD Changed, Device Changed, or In Sync. For this, you must update the device atleast once from Security Director. In case of logical systems(LSYS), root device may show the status as Device Changed if a policy is assigned to it. Update the root device so that the status is In Sync.

Note Out-of-band changes are not supported if more than one policy is assigned to a device or if rules are configured in All Devices Policy Pre/Post policies.

Viewing Out-of-Band Firewall Policy Changes

To view out-of-band firewall policy changes:

Procedure

  1. Select Configure > Firewall Policy > Policies.

    The policies page appears. An icon is displayed for the policies indicating the out-of-band policy changes.

  2. Right-click the policy or select View Device Policy Changes from the More menu.

    The Out of Band Changes page appears.

  3. Click View to view the configuration changes for a device in CLI and XML format.

    The view configuration page for the device is displayed.

    After viewing the changes, you can choose to import or reject the out-of-band changes from the device.

  4. Click OK.

    Note To reject all the out-of-band changes, select Reject all changes option. The icon next to the policy will be cleared and the policy changes from the device will not be imported into Security Director. During the subsequent update from Security Director, the out-of-band changes will be overwritten in the device.

    To import the out-of-band changes to Security Director, see Importing Out-of-Band Firewall Policy Changes Manually.

Importing Out-of-Band Firewall Policy Changes Manually

Procedure

To import out-of-band firewall policy changes:

  1. Select Configure > Firewall Policy > Policies.

    The policies page appears. An icon is displayed for the policies indicating the out-of-band policy changes.

  2. Right-click the policy or select View Device Policy Changes from the More menu.

    The Out of Band Changes page appears.

  3. Select Select Changes from Device to accept the out of band firewall policy changes from a device.
  4. Select a device and click OK.

    Note In the case of group policy, you can view all the devices where the policy is associated, but you can select only one device and import the changes. After selecting a device, click Affected Devices to see all the devices where the policy is assigned.

    In case of both, group policy and device specific policy, an icon is seen next to the device(s) indicating the out-of-band changes.

    The Import Device Configuration Changes page appears.

  5. Select the firewall policy and click Next.

    Objects with conflicts are displayed, if any.

  6. Select objects and choose a conflict resolution type. Resolve any conflicts after you verify the information, if needed.
  7. Click Finish.

    A summary of the configuration changes is displayed.

    You can download the summary report as a ZIP file. The summaryreport.zip file contains the complete rules report as a PDF.

  8. Click OK to complete the import process.

    The Job Details page is displayed with status of the import job.

  9. Click OK.

    The policies page is displayed with an icon which indicates that the policy was edited and needs publishing to the device.

  10. Click Publish to publish the changes.

    During the subsequent update from Security Director, the out-of-band changes will be overwritten in the device(s).

Related Documentation

Ask questions in TechWiki

Check documentation in TechLibrary

Rating by you:      
X

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:
Email:

Need product assistance? Contact Juniper Support

Submit