Table of Contents

About this Guide
Objectives
Audience
Conventions
List of Technical Publications
Requesting Technical Support
Getting Started
Understanding an Infranet Controller Configuration
NSM and Device Management Overview
Communication Between an Infranet Controller and NSM Overview
Infranet Controller Services and Device Configurations Supported in NSM
Infranet Controller and NSM Installation Overview
UAC Installation Overview
NSM Installation Overview
Integrating Infranet Controllers
Adding Infranet Controllers
Importing an Infranet Controller Device Through Not Reachable Workflow
Installing and Configuring the Infranet Controller Device
Adding the Infranet Controller Device Through NSM
Configuring and Enabling the DMI Agent on the Infranet Controller Device
Confirming Connectivity and Importing the Infranet Controller Device Configuration
Requirements for Importing an Infranet Controller into NSM Through a Reachable Workflow
Importing an Infranet Controller Through Reachable Workflow
Importing Multiple Infranet Controllers
Creating the CSV File
Validating the CSV File
Adding and Importing Multiple Infranet Controllers
Verifying Imported Device Configurations
Using Device Monitor
Using Device Manager
Using Job Manager
Using Configuration Summaries
Adding Infranet Controller Clusters
Infranet Controllers Clusters in NSM Overview
Adding an Infranet Controller Cluster with Imported Cluster Members
Installing and Configuring the Cluster
Adding the Cluster in NSM
Adding the Cluster Members in NSM
Configuring and Enabling the DMI Agent on the Cluster
Importing Cluster Configuration
Using Templates
Creating and Applying an Infranet Controller Template
Creating the Template
Applying the Template
Promoting an Infranet Controller Configuration to a Template
Reverting an Infranet Controller Configuration to Default Values of a Template
Configuring an Infranet Controller
Configuring User Roles and Administrator Roles
Configuring Infranet Controller User Roles (NSM Procedure)
Configuring Access Options on an Infranet Controller User Role (NSM Procedure)
Configuring OAC Settings for a User Role (NSM Procedure)
Creating and Configuring Infranet Controller Administrator Roles (NSM Procedure)
Delegating Management Tasks to Infranet Controller Administrator Roles (NSM Procedure)
Configuring Security Requirements for Administrators and Users
Configuring Infranet Controller Source IP Access Restrictions (NSM Procedure)
Configuring Infranet Controller Browser Access Restrictions (NSM Procedure)
Configuring Infranet Controller Certificate Access Restrictions (NSM Procedure)
Configuring Infranet Controller Password Access Restrictions (NSM Procedure)
Configuring Infranet Controller Host Checker Access Restrictions (NSM Procedure)
Configuring Infranet Controller RADIUS Request Attribute Restrictions for User Realms (NSM Procedure)
Configuring the Number of Concurrent Sessions and Concurrent Users for Infranet Controller Users (NSM Procedure)
Configuring the Infranet Controller RADIUS Server and Layer 2 Access
Configuring the Infranet Controller as a RADIUS Server (NSM Procedure)
Configuring Authentication Protocol Sets
Using RADIUS Proxy
Using the Infranet Controller for 802.1X Network Access (NSM Procedure)
Configuring Location Groups (NSM Procedure)
Configuring RADIUS Clients (NSM Procedure)
Uploading a New RADIUS Client Dictionary
Creating a RADIUS Dictionary Based on an Existing Model
Configuring a New RADIUS Vendor (NSM Procedure)
Creating a RADIUS Client
Configuring RADIUS Return Attributes Policies (NSM Procedure)
Configuring RADIUS Request Attributes Policies (NSM Procedure)
Configuring an Infranet Enforcer as a RADIUS Client of the Infranet Controller (NSM Procedure)
Non-Juniper 802.1X Supplicant Configuration Overview
Configuring Authentication Realms
Creating an Authentication Realm (NSM Procedure)
Configuring Role Mapping Rules (NSM Procedure)
Configuring Infranet Controller Authentication Policies (NSM Procedure)
Configuring Infranet Enforcer Policies
Configuring Infranet Enforcer Resource Access Policies (NSM Procedure)
Configuring Infranet Controller IPsec Routing Policies (NSM Procedure)
Configuring Infranet Controller IP Address Pool Policies (NSM Procedure)
Configuring Infranet Controller Source Interface Policies (NSM Procedure)
Configuring an Infranet Controller to Connect to a ScreenOS Enforcer (NSM Procedure)
Configuring an Infranet Controller to Connect to a JUNOS Enforcer (NSM Procedure)
Configuring Host Enforcer Policies
Configuring Infranet Controller Host Enforcer Policies (NSM Procedure)
Configuring IF-MAP Federation Settings
Configuring IF-MAP Server Settings on the Infranet Controller (NSM Procedure)
Configuring IF-MAP Client Settings on the Infranet Controller (NSM Procedure)
Configuring IF-MAP Session Export Policy on the Infranet Controller (NSM Procedure)
Configuring IF-MAP Session Import Policy on the Infranet Controller (NSM Procedure)
Configuring IF-MAP Server Replicas (NSM Procedure)
Configuring Authentication Servers
Configuring an Infranet Controller Anonymous Server Instance (NSM Procedure)
Creating a Custom Expression for an Authentication Server (NSM Procedure)
Configuring an Infranet Controller RSA ACE/Server Instance (NSM Procedure)
Configuring an Infranet Controller Active Directory or NT Domain Server Instance (NSM Procedure)
Configuring an Infranet Controller Certificate Server Instance (NSM Procedure)
Configuring an Infranet Controller LDAP Server Instance (NSM Procedure)
Configuring an Infranet Controller Local Authentication Server Instance (NSM Procedure)
Configuring an Infranet Controller NIS Server Instance (NSM Procedure)
Configuring an Infranet Controller RADIUS Server Instance (NSM Procedure)
Configuring an Infranet Controller eTrust SiteMinder Server Instance (NSM Procedure)
Configuring an Infranet Controller MAC Address Authentication Server for Unmanageable Devices (NSM Procedure)
Configuring Sign-In Policies
Configuring Infranet Controller Sign-in Policies (NSM Procedure)
Configuring Administrator Sign-In Policies
Configuring User Sign-in Policies
Configuring Infranet Controller Standard Sign-in Pages (NSM Procedure)
Configuring Host Checker Policies
Creating Infranet Controller Global Host Checker Policies Overview
Configuring Advanced Endpoint Defense Policy (NSM Procedure)
Configuring New Client-Side Policies (NSM Procedure)
Configuring Virus Signature Version Monitoring and Patch Assessment (NSM Procedure)
Specifying Customized Requirements Using Custom Rules (NSM Procedure)
Configuring a Patch Assessment Custom Rule (NSM Procedure)
Configuring the Remote IMV Server (NSM Procedure)
Enabling Customized Server-Side Policies (NSM Procedure)
Executing Host Checker Policies
Implementing Infranet Controller Host Checker Policies (NSM Procedure)
Restricting Infranet Controller and Resource Access Through Host Checker
Configuring Host Checker Restrictions
Remediating Infranet Controller Host Checker Policies
Configuring Infranet Controller General Host Checker Options (NSM Procedure)
Configuring Host Checker Automatic Installation (NSM Procedure)
Configuring Infranet Controller Host Checker Logs (NSM Procedure)
Managing an Infranet Controller
Unified Access Control Manager
UAC Manager in NSM Overview
Associating Enforcement Points with an Infranet Controller Using the UAC Manager
Disassociating the Configuration Between an Enforcement Point and an Infranet Controller
Enabling Dot1x Ports on the Enforcement Points Using the UAC Manager
Disabling the Dot1x Ports on an Enforcement Point Using the UAC Manager
Using System Management Features in an Infranet Controller
Managing Large Binary Data Files
Configuring Infranet Controller System Options (NSM Procedure)
Removing an Infranet Controller from NSM Management (NSM Procedure)
Deactivating a DMI Agent in an Infranet Controller (NSM Procedure)
Configuring the Infranet Controller to Interoperate with IDP
Configuring ISG-IDP as a Sensor on the Infranet Controller (NSM Procedure)
Configuring Infranet Controller Sensor Settings for Connecting to a Standalone IDP Device (NSM Procedure)
Creating an IDP Device Entry
Enabling or Disabling the Connection to an Existing IDP Device
Configuring Sensor Event Policies (NSM Procedure)
Creating a Custom Expression for Sensor Settings (NSM Procedure)
Troubleshooting an Infranet Controller
Troubleshooting the IF-MAP Federation Network (NSM Procedure)
Monitoring and Configuring Logs in an Infranet Controller
Monitoring an Infranet Controller
Realtime Monitor Overview
Viewing Device Status
Viewing Device Monitor Alarm Status
Configuring Logs in an Infranet Controller
Configuring RADIUS Attribute Logs (NSM Procedure)
Configuring Event Logs (NSM Procedure)
Configuring User Access Logs (NSM Procedure)
Configuring Administrator Access Logs (NSM Procedure)
Configuring Client-Side Logs (NSM Procedure)
Configuring the Infranet Controller as an SNMP Agent (NSM Procedure)
Configuring Custom Log Filters (NSM Procedure)
Index
Index
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.