Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Add Devices to Juniper Security Director Cloud

 

Starting in Security Director Release 21.3, you can add Security Director managed devices to Juniper® Security Director Cloud. You can add only root devices or the primary root device in a cluster device. Juniper Security Director Cloud automatically discovers the secondary device in a cluster. You cannot add MX Series, cSRX, logical system, and tenant system devices to Juniper Security Director Cloud.

Before You Begin

Open port 443 in your network between Security Director on-prem and Juniper Security Director Cloud. It is used to initiate the connection between Security Director on-prem and Juniper Security Director Cloud.

To add devices from Security Director on-prem to Juniper Security Director Cloud:

  1. Select Devices > Security Devices.

    The Security Devices page is displayed.

  2. Click Add Devices to Security Director Cloud.

    The Add Devices to Security Director Cloud page appears. You must enter the credentials to get authentication from Juniper Security Director Cloud. Hover over the device count tooltip to view selected device details.

  3. Complete the configuration according to the guidelines provided in Table 1.

    Table 1: Add Devices to Juniper Security Director Cloud

    Field

    Description

    Geographical Region

    Select a Juniper Security Director Cloud instance.

    Note: Security Director setup must have internet connectivity to get the region details.

    Username

    Enter the username for Juniper Security Director Cloud account.

    Password

    Enter the password for Juniper Security Director Cloud account.

  4. Click Next.

    The Add Devices to Security Director Cloud page appears.

  5. Select an organization account to which you want to add devices.
  6. Click Proceed.

    A confirmation message is displayed. Selected devices are added to Juniper Security Director Cloud and then these devices are permanently removed from Security Director on-prem.

    Note

    The default timeout value is set as 30 seconds for response from Juniper Security Director Cloud. If the response is not received within the timeout interval, current operation fails. To configure the timeout value for REST client, navigate to Junos Space Platform > Administration > Applications. Right-click Security Director, select Modify Application Settings, and then select Cloud-Onboarding. Enter the value in milliseconds.

  7. Click Yes to add devices to Juniper Security Director Cloud.

    The Job Status page is displayed with job details.

    Add Devices

    1. The job to add devices to Juniper Security Director Cloud is initiated. On successful completion, selected devices are added in Device Management > Devices page in Juniper Security Director Cloud application.
    2. If the Add Devices job fails, an error message is displayed and subsequent jobs for Adopt Devices and Delete Devices also fail.

    Adopt Devices

    1. After the devices have been successfully added, the job to adopt devices to Juniper Security Director Cloud is initiated.
    2. If the job for Adopt Devices fail, the subsequent Delete Devices job also fails. When the Adopt Devices job partially succeeds for certain devices, subsequent Delete Devices job is initiated for only successfully adopted devices.

    Delete Devices

    1. After successful completion of adopting devices, the Delete Device job is initiated and successfully adopted devices are permanently removed from Security Director on-prem.

      If you need to add the deleted device back in Security Director on-prem, you must delete the device manually from Juniper Security Director Cloud and delete the CLI command set system services netconf rfc-compliant from the device. You must then rediscover the device as a new device (See Overview of Device Discovery in Security Director).

      Note

      If you onboard a device to Juniper Security Director Cloud via Security Director on-prem, then the same device cannot be managed by both Security Director on-prem and Juniper Security Director Cloud application.

    2. If Delete Devices job fails partially for certain devices, you can manually trigger the retry job for those devices. Navigate to Monitor > Job Management, select a job, right-click and choose Retry on Failed Devices.
    Note

    The user authorized to perform onboard operation must have Super Administrator, Security Architect, Security Analyst, or Custom User with assigned Device Manager role. To assign user roles, navigate to Administration > Users & Roles.

    Firewall, NAT, and IPS policies created in Security Director on-prem are not migrated to Juniper Security Director Cloud. These policies remain the same as template in the corresponding policy pages.