Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Network Device Configuration and Monitoring

SUMMARY In JSA Risk Manager, you can manage the efficiency of your network devices, investigate your network device configuration, investigate firewall rules, and identify security risks that are created by invalid firewall rules.

  1. Click the Risks tab.
  2. In the navigation pane, click Configuration Monitor.
  3. To search your network devices, enter an IP address or hostname in the Device IP or Name field.
  4. Double-click the device that you want to investigate.
    The rule Event Count column displays the firewall rule trigger frequency. A zero event count rule is displayed for one of the following reasons:
    • A rule is not triggered and might cause a security risk. You can investigate your firewall device and remove any rules that are not triggered.
    • A JSA log source mapping is not configured.
  5. To search the rules, on the Rules toolbar, click Search > New Search.
  6. To investigate the device interfaces, click Interfaces.
  7. To investigate access control list (ACL) device rules, click ACLs.

    Each access control list defines the interfaces that the devices on your network are communicating over. When the conditions of an ACL are met, the rules that are associated with an ACL are triggered. Each rule is tested to allow or deny communication between devices.

  8. To investigate network address translation (NAT) device rules, on the toolbar, click NAT.

    The Phase column specifies when to trigger the NAT rule, for example, before or after routing.

  9. To investigate the history or compare device configurations, click History.

    You can view device rules in a normalized comparison view or the raw device configuration. The normalized device configuration is a graphical comparison that shows added, deleted, or modified rules between devices. The raw device configuration is an XML or plain text view of the device file.