Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Preparing the Network Hierarchy

    Juniper Secure Analytics (JSA) uses the network hierarchy to determine your network traffic and provides you with the ability to view network activity for your entire deployment. JSA supports any network hierarchy that can be defined by a range of IP addresses.

    You can create your network based on many different variables, including geographical or business units. For example, your network hierarchy might include corporate IP address ranges (internal or external), physical departments or areas, mail servers, and webservers.

    Once you define the components you want to add to your network hierarchy, you can install JSA and then configure the network hierarchy using the JSA interface. For each component you want to add to the network hierarchy, use Table 1 to indicate each component in your network map.

    At a minimum, we recommend that you define objects in the network hierarchy for:

    • Internal/external demilitarized zone (DMZ)
    • VPN
    • All internal IP address space (for example,
    • Proxy servers
    • Network Address Translation (NAT) IP address range
    • Server network subnets
    • Voice-over-IP (VoIP) subnets

    Table 1: Network Hierarchy



    IP/CIDR Value



    Example for NAT




    Example for DMZ




    For more information, see the Juniper Secure Analytics Administration Guide.

    The following sections explain how to set your network before you install the JSA software:

    Identifying Network Settings

    Before you install Juniper Secure Analytics (JSA), you must have the following information for each system you want to install:

    • Hostname
    • IP address
    • Network mask address
    • Subnet mask
    • Default gateway
    • Primary DNS server
    • Secondary DNS server (optional)
    • Public IP address for networks using Network Address Translation (NAT)
    • E-mail server
    • NTP server (console only) or Time server

    Identifying Security Monitoring Devices and Flow Data Sources

    Juniper Secure Analytics (JSA) can collect and correlate events received from external sources such as security equipment (for example, firewalls, VPNs, or IDSs), and host or application security logs, such as Windows logs. Device Support Modules (DSMs), and Flow Collectors allow you to integrate JSA with this external data. JSA automatically discovers sensor devices that are sending system log (syslog) messages to an Event Collector. The sensor devices that are automatically discovered by JSA appear in the Sensor Devices window within the JSA Administration console. Once autodiscovery is completed, you should disable the Auto Detection Enabled option in the Event Collector configuration. For more information, see the Juniper Secure Analytics Administration Guide and Log Sources Users Guide.

    Identifying Network Assets

    Juniper Secure Analytics (JSA) can learn about your network and server infrastructure based on flow data. The Server Discovery function uses the JSA Asset Profile database to discover many types of servers.

    Defining certain additional server and IP address types also improves tuning results. Table 2 provides a list of possible servers. See the Juniper Secure Analytics Users Guide for information on defining servers within JSA. If your network includes a large number of servers, you can use CIDR or IP subnet addresses within the server networks category.

    Table 2: Asset Identification


    IP Address(es)



    NAT address range

    Vulnerability scanners

    Network management


    Virus definition and other updates

    Windows Server networks, such as domain controllers or Exchange servers

    Published: 2015-03-18