NSM and Intrusion Detection and Prevention Device Management Overview

NSM is the Juniper Networks network management tool that allows distributed administration of network appliances. You can use the NSM application to centralize status monitoring, logging, and reporting, and to administer IDP Series configurations.

IDP technology detects and stops attacks when deployed inline to your network. Unlike intrusion detection service (IDS),, IDP uses multiple methods to detect attacks against your network and to prevent attackers from gaining access and damaging your system. IDP drops malicious packets or connections before the attacks enter your network. IDP is designed to reduce false positives and ensure that only actual malicious traffic is detected and stopped. You can also deploy IDP as a passive sniffer, similar to a traditional IDS, but with greater accuracy and manageability.

NSM is the sole means for configuring and managing IDP on the ISG1000, ISG2000, and standalone IDP Sensors running IDP 4.x. Standalone IDP sensors running IDP 3.x and earlier are managed using the IDP management server and UI.

The ISG1000 and ISG2000 security modules have an optional component installed that provides IDP functionality. If you have purchased an ISG1000 or ISG2000 device that does not have IDP capability, you can upgrade the device to be an IDP-capable system by replacing the memory chip in the CPU. You install up to three security modules and instal the Advanced and IDP license keys for IDP.

With NSM, you can manage most of the parameters that you can configure through the IDP admin console. The configuration screens rendered through NSM are similar to the screens in the IDP admin console. NSM incorporates a broad configuration management framework that allows co-management using other methods.

After you have completed installation, follow these steps to get started with managing an IDP device with NSM:

  1. Add the IDP device to NSM. When you first add the IDP device to NSM in first instance, NSM pushes the policy named Recommended to the device.
  2. Update the IDP detector engine and attack object database.
  3. Update software version (if necessary).
  4. Run the Profiler.
  5. Examine the logs.
  6. Create address objects for IDP rulebase rules.
  7. Optionally, configure additional rulebases.
  8. If adding this device changes your plan to distribute administrative responsibility, create NSM users with the access privileges.

An administrator (a user of NSM or IDP) has a specific level of permission. You can create multiple administrators with specific roles to control access to the devices in each domain.

Related Documentation