Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Credentials for Accessing Device Configurations

SUMMARY In JSA Risk Manager, credentials are used to access and download the configuration of devices such as firewalls, routers, switches, or IPSs.

You can configure credentials, protocols, and schedules in the Configuration monitor in JSA 7.4.1, fix pack 1 and later. For previous versions of JSA, see Network Device Management. For more information on this change, see Juniper Secure Analytics Risk Manager: Adobe Flash End of Life and Changes to Configuration Source Management (CSM).

Administrators use the Configuration Monitor to input device credentials that give JSA Risk Manager access to specific devices. Individual device credentials can be saved for a specific network device. If multiple network devices use the same credentials, you can assign credentials to a group.

You can assign different devices in your network to network groups, to group credential sets and address sets for your devices.

A credentials set contains information such as username, and password values for a set of devices. An address set is a list of IP addresses that define a group of devices that share a set of credentials.

For example, the firewalls in your organization might have the same username and password. If so, the credentials that are associated with all the address sets for all the firewalls are used to back up device configurations for all firewalls in your organization.

If a network credential is not required for a specific device, the parameter can be left blank. For a list of required adapter credentials, see the Juniper Secure Analytics Risk Manager Adapter Configuration Guide.

Configure JSA Risk Manager to Prioritize How Each Network Group is Evaluated

The network group that is first on the list has the highest priority. The first network group that matches the configured IP address are included as candidates when you are backing up a device. A maximum of three credential sets from a network group are considered.

For example, if your network groups have the following composition:
  • Network group 1 contains two credential sets.
  • Network group 2 contains two credential sets.
JSA Risk Manager compiles a maximum of three credential sets, so the following credential sets are used:

  • Both credential sets in network group 1 are used because network group 1 is higher in the list.

  • Only the first credential set in the network group 2 is used because only three credential sets are required.

When a credential set is used to successfully access a device, JSA Risk Manager uses that same credential set for subsequent attempts to access the device. If the credentials on that device change, the authentication fails and for the next authentication attempt, JSA Risk Manager compiles the credentials again to ensure success.