Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

ON THIS PAGE
 

Step 1: Begin

Juniper Security Director brings powerful security management, installed on-premises. This guide walks you through installing Juniper Security Director, onboarding your devices, and configuring Juniper Security Director to manage your devices. Use this guide if you need to manage SRX Series Firewalls using Juniper Security Director.

Here’s the high-level order of installation and device onboarding workflow.

Prepare to Install Juniper Security Director

Hardware Requirements

Table 1: Hardware Requirements for ESXi Server
VM Configuration Device Management Capability Log Analytics and Storage Capability
16 vCPU, 80 GB RAM, 2.1 TB storage

  • Up to 1000 devices

  • Up to 10000 policy rules per device

  • Up to 6000 NAT rules per device

  • Up to 1000 VPNs per device/system

  • Up to 17000 logs per second

  • Out of the 2.1 TB storage, 1.5 TB is dedicated for log analytics.
40 vCPU, 208 GB RAM, 4.2 TB storage

  • Up to 3000 devices

  • Up to 20000 policy rules per device

  • Up to 10000 NAT rules per device

  • Up to 1500 VPNs per device/system

  • Up to 40000 logs per second

  • Out of the 4.2 TB storage, 3.5 TB is dedicated for log analytics.
Note:

We do not recommend hyperthreading on VMware hypervisor (ESXi) Server. You must use dedicated resources for CPU, RAM, and disk as per the hardware requirement. We do not recommend oversubscription or sharing resources.

Software Requirements

  • Juniper Security Director runs on a VMware hypervisor (ESXi) Server. Use vCenter and vSphere version 7.0 and later. You must deploy the OVA through vCenter Server only. We do not support OVA deployment on ESXi directly.

  • You must have the following dedicated IP addresses in the same subnet:

    • Management IP address—IP address for the VM that provides access to the Juniper Security Director CLI.

    • UI virtual IP address—Virtual IP address to access the Juniper Security Director GUI.

    • Device connection virtual IP address—Virtual IP address to establish connection between the managed devices and Juniper Security Director.

    • Log collector virtual IP address—Virtual IP address to receive logs from devices.

  • Ensure that you have access to SMTP, NTP, and DNS servers from the VM network (Juniper Security Director).

    Note:

    We support NTP server with IPv4 address only.

Download the OVA and Software Bundle

  1. Download the Juniper Security Director OVA (.ova file) from https://support.juniper.net/support/downloads/?p=security-director-on-prem to a Web server or your local machine.

  2. Download the Juniper Security Director Software Bundle (.tgz file) to your local machine from https://support.juniper.net/support/downloads/?p=security-director-on-prem and then transfer the file to your staging server.

    A staging server is an intermediate server where the software bundle is downloaded and is accessible from the VM.

    The staging server must support software bundle download from the Juniper Security Director VM through Secure Copy Protocol (SCP). Before you deploy the VM, you must have the details of the staging server, including the SCP username and password.

Deploy the VM

  1. Open the vSphere Client.

  2. Right-click the inventory object that is a valid parent object of a VM and select Deploy OVF Template.

  3. On the Select an OVF template page:

    • Enter the webserver OVA URL, where you have downloaded the OVA. The system might warn you about source verification. Click Yes.

      Note:

      Ensure that firewall rules do not block image access from the vSphere cluster.

      OR

    • Select the Local file option and click UPLOAD FILES to choose the OVA file from your local machine.

  4. On the Select a name and folder page, enter the VM name and the location.

  5. On the Select a compute resource page, select the compute resource for the host on which the VM will be deployed.

  6. On the Review details page, review the details of the resources to be provisioned.

  7. On the Select storage page, select the storage for the configuration and the virtual disk format. We recommend you to use virtual disk format as Thick provision.

    Note:

    We do not recommend thin provisioning. If you choose thin provisioning and the actual disk space available is low, the system might encounter problems once the disk is full.

  8. On the Select networks page, select the network to configure IP allocation for static addressing.

  9. On the Customize template page, configure Juniper Security Director on-premise OVA parameters.

    Note: Prepare all details for the Custom template page in advance. The OVF template will timeout after 6 to 7 minutes.
    Note:

    • The cliadmin user password field does not strictly validate password requirements. However, during the installation process, the system enforces strict validations and rejects the password that does not meet the specified requirements, causing installation failure. To avoid issues during installation, ensure that the password meets these criteria:

      • Must be at least 8 characters long and not more than 32 characters.

      • Must not be dictionary words.

      • Must include at least three of the following:

        • Numbers (0-9)

        • Uppercase letters (A-Z)

        • Lowercase letters (a-z)

        • Special characters (~!@#$%^&*()_-+={}[];:"'<,>.?/|\)

    • We recommend you to use FQDN.

  10. On the Ready to complete page, review all the details and if required, go back and edit the VM parameters. These network parameters cannot be changed from the VM configuration after successful installation. However, network parameters can be changed from the CLI. Click Finish to begin the OVA deployment.

    You can monitor the OVA deployment progress status in the Recent Tasks window at the bottom of your screen till it is 100% complete. The Status column shows the deployment complete percentage.

    Congratulations! Now the OVA deployment is complete.

  11. Click the triangle icon to power on the VM.

    Note:
    • By default, the VM is deployed with the smallest resource configuration mentioned in Hardware Requirements. Adjust the resources to match other resource configurations using the VMWare Edit VM settings.
    • The resource allocation must match Hardware Requirements. Incorrect allocation will result in VM installation to fail.

Once the VM powers on, navigate to the Summary tab and click LAUNCH WEB CONSOLE to monitor the software bundle installation status.

Note:

Avoid performing any operation on the console until the installation is complete.

A successful installation requires approximately 30 minutes. If the installation lasts longer, check the Web console for potential errors. You can ssh to the VM IP using the cliadmin user and the password you configured during the OVA deployment. Then, use the show bundle install status command to check the installation status.

You can view the installation progress on the console. After the installation is complete, the console displays Successfully installed software bundle on the cluster.

Congratulations! The software bundle installation is now complete.