Devices Overview
The Devices page displays your devices that are managed by Juniper Security Director Cloud. You can view device information, such as the software release version, the platform, and various status indicators. You can also view the device inventory details, rollback to a configuration version, resynchronize or reboot a device, and upgrade a device.
To access this page, click SRX > Device Management > Devices.
Field Descriptions - Devices Page
Table 1 describes the fields on the Devices page.
Fields |
Description |
---|---|
Host Name |
Displays the name of the device, device cluster, or multinode high availability (MNHA) pair. A MNHA pair is named by combining the device names. The MNHA deployment mode is displayed beside the name. For example, MNHA - Routing Mode. |
Device Group |
Displays the name of the group with which the device is associated. |
Inventory Status |
The Inventory Status column displays the discovery and synchronization status of the device with Juniper Security Director Cloud after it is added. The possible statuses are:
|
Device Config Status |
Indicates if differences exist in configurations in a device and in the Junos Detailed Configuration tab for the device in Juniper Security Director Cloud. Click Resolve to view the steps to accept or reject the differences and synchronize the configurations. For more information, see Resolve Out-of-Band Changes. |
Management Status |
Displays the connectivity status of the device with Juniper Security Director Cloud. You can manage the device from Juniper Security Director Cloud when the Up status is displayed. The possible statuses are:
|
Device Health Status |
Displays the resources used by the device, such as CPU processing power, memory, and storage. The health status is displayed only for devices with subscriptions. The status of the device is color-coded.
|
Subscriptions |
Displays the subscriptions added to the device.
|
OS Version |
Displays the OS firmware version running on the device Unknown status is displayed for devices that are not managed by Juniper Security Director Cloud. |
Product Series |
Displays the model number of the device. For devices that are not managed by Juniper Security Director Cloud, the product details are discovered through SNMP. If the product details cannot be discovered, Unknown status is displayed. |
Field Descriptions - Device Details Pane
The following table describes the fields on the Device Details pane for standalone and cluster devices:
Fields |
Description |
---|---|
Basic Information | |
Host Name |
Displays the name of the device. |
OS Version |
Displays the OS firmware version running on the device. This field displays Unknown for devices that Juniper Security Director Cloud doesn't manage. |
Family |
Displays the device family of the selected device. For devices that Juniper Security Director Cloud doesn't manage, the family is the same as the provided vendor name. The field displays Unknown if the vendor name is not available and if SNMP is not used or has failed. |
Product Series |
Displays the model number of the device. For devices that Juniper Security Director Cloud doesn't manage, the platform details are discovered through SNMP. If the platform details cannot be discovered, the field displays Unknown. |
Serial Number |
The serial number of the device chassis. This field displays Unknown for devices that Juniper Security Director Cloud doesn't manage. |
Status Information | |
Management Status |
Displays the connection status of the device in Juniper Security Director Cloud.
|
Inventory Status |
Displays the current state of the device configuration.
|
The following table describes the fields on the Device Details pane for each device in an MNHA pair.
Fields |
Description |
---|---|
Status |
|
Node status |
Displays the overall status of the node or device. |
Cold sync |
Displays the cold synchronization process status. The process is initiated to resynchronize control-plane services when the node is active. During this process, SRG state information is exchanged between the nodes. |
ICL |
Displays the interchassis link (ICL) status. An ICL is a logical IP link established using IP addresses that are routable in the network. |
Encrypted |
Displays the ICL encryption status. |
Local / Peer ID |
Identifies the node in the cluster. The local ID of the second node is displayed as the peer ID of the first node. Similarly, the local ID of the first node is displayed as the peer ID of the second node. |
BFD |
Displays the bidirectional forwarding detection (BFD) protocol configuration such as multiplier and minimum interval. For example, if 3*200 ms is configured, 3 indicates the multiplier and 200 ms indicates the minimum interval. |
ICD |
Displays the status of the interchassis datapath (ICD) which is an additional link used to handle asymmetric traffic. |
Path monitoring SRG0 |
A method that uses ICMP to verify the reachability of the IP address. The default interval for ICMP ping probes is 1 second. |
SRG |
|
SRG0 |
A unit that manages all control plane stateless services such as firewall, NAT, and ALG. SRG0 is active on all participating nodes and handles symmetric security flows. |
Health status |
Indicates the health status of the SRG. |
System integrity check |
Displays the node’s ability to eliminate single points of failure to ensure continuous operations over an extended period. |
Local / Peer ID |
Identifies the node in the cluster. The local ID of the second node is displayed as the peer ID of the first node. Similarly, the local ID of the first node is displayed as the peer ID of the second node. |
At failure |
Displays the link status in case of a node failure |
SRG x, where x is > 0. |
A unit that manages control plane stateful services. For example, IPsec VPN or virtual IPs in hybrid or default gateway mode. |
Health status |
Displays the health status of the node. The possible statuses are Healthy, Unhealthy, and Unknown. |
Control plane status |
Displays the state of the control plane services. |
Current state |
Displays if the device is in active or backup mode. |
Failover readiness |
Displays the readiness of the node in case of a failover. A failover happens when one node detects a failure (hardware/software and so on) and traffic transitions to the other node in a stateful manner. |
Deployment type |
Displays the deployment type of the Services Redundancy Group (SRG). The possible values are Cloud (Cloud deployment), Hybrid (Hybrid deployment), Routing (Routing deployment), and Switching (switching/default gateway deployment). |
Managed services |
Displays the services enabled for the services redundancy group (SRG). |
Activeness priority |
Displays the priority for the SRG1 in a node to take up the active role if both the nodes initialize at the same time. |
Process packet on backup |
Displays the packet forward engine status to forward packets on backup node for the corresponding SRG. |
Preemption |
Displays the preemption status of the node. If preemption is enabled for both nodes, the node with higher activeness priority always remains active after a failover. |
BFD path monitoring Note:
BFD path monitoring information is not displayed for devices running Junos OS Release 22.4R1 and 22.4R2. |
Displays the bidirectional forwarding detection (BFD) protocol configurations and test status. |
Signal route Note:
Signal route information is not displayed for devices running Junos OS Release 22.4R1 and 22.4R2. |
Displays the active and backup signal route configuration and status. |
Activeness probe Note:
Activeness probe information is not displayed for devices running Junos OS Release 22.4R1 and 22.4R2. |
Displays the status and details of the probe configured for activeness determination. |
Field Descriptions - Device Inventory Page > Overview Tab
Table 4 describes the fields on the Overview tab in the Device Inventory page.
Field | Description |
---|---|
Chassis |
Displays the port usage and health status of the hardware devices. |
System Information |
Displays the following details of the devices:
|
Subscriptions |
Displays the subscriptions attached to the device and the status of the subscriptions. |
Rules |
Displays the number of rules configured for the device along with the number of used and unused rules. |
Memory |
Displays the storage resources used by the device. |
Security Packages |
Displays the name of the installed security packages. |
CPU |
Displays the CPU processing power used by the device. |
Licenses |
Displays the number of times an item is licensed. |
Chassis |
Displays the port usage and health status of the hardware devices. |
Field Descriptions - Device Inventory Page > Chassis Tab
Table 5 describes the fields on the Chassis tab in the Device Inventory page.
Field | Description |
---|---|
Model |
Displays the model of the selected module. |
Serial number |
Displays the serial number of the selected module. |
Module |
Displays the module of the device. |
Type |
Displays the type of the device. |
Model |
Displays the model of the device. |
Version |
Displays the version of the device software. |
Part Number |
Displays the part number of the device. |
Serial Number |
Displays the serial number of the device. |
Physical Interfaces |
Displays standard information about physical interfaces connected to the device in the type-/fpc/pic/port format where type indicates the media type that identifies the network device. For example, ge-0/0/6. Click View to go to the Interfaces tab. |
Description |
Displays an optional description for this interface configured on the device. The description can be a text string that contains up to 512 characters. Longer strings are truncated to 512 characters. If there is no information, the column is empty. |
Field Descriptions - Device Inventory Page > Interfaces Tab
Table 6 describes the fields in the Interfaces tab.
Field | Description |
---|---|
Interface Name |
Displays the interface that is used to connect to Juniper Security Director Cloud. |
IPv4 Address |
Displays the IPv4 address assigned to the logical interface. If you do not add a logical interface to a physical interface, this column will be blank. |
IPv6 Address |
Displays the IPv6 address assigned to the logical interface. The IPv6 address is displayed only if the device has an IPv6 address. If you do not add a logical interface to a physical interface, this column will be blank. |
IfIndex |
Displays the unique identifying number associated with a physical or logical interface. |
Admin Status |
Displays the administrative status of the physical interface, which can be Up or Down. |
Operational Status |
Displays the link status of the interface, which can be Up or Down. |
VLAN ID |
Displays the VLAN ID assigned to the logical interface. If you do not add a logical interface to a physical interface, this column will be blank. |
MTU |
Displays the maximum transmission unit (MTU) size on the physical interface. |
Speed |
Displays the speed (MBps) at which the interface is running. |
Duplex Mode |
Displays the connection characteristic.
|
Link Type |
Displays the link level type of the physical interface. |
Linecard |
Displays the number of interface slots. |
Field Descriptions - Device Inventory Page > Device Administration Tab
Table 7 describes the fields on the Licenses tab.
Field | Description |
---|---|
Name |
Displays the name of the license associated with the device. |
Status |
Displays the status of the license, which can be:
Only valid licenses are included in the license count calculation. |
Expiry Date |
Displays the expiry date of the licensed feature. |
Total Licenses |
Displays the total licenses available for the feature. |
Used Licenses |
Displays the total licenses used for the feature. |
Required Licenses |
Displays the total licenses required for the feature. |
Install License |
The option to add licenses to the device. See Add Licenses. |
Table 8 describes the fields on the Certificates tab.
Field | Description |
---|---|
Certificate ID |
Displays the unique identification of the certificate. |
Issuer Organization |
Displays the details of the organization that issued the certificate. |
Status |
Displays the expiration status of the certificate:
|
Expiry Date |
Displays the date and time when the certificate expires. |
Encryption Type |
Displays the type of the certificate:
|
Import |
The option to import certificates into the device. See Import Device Certificates. |
Generate Default Trusted CAs |
The option to generate default trusted CA profiles. See Import Device Certificates. |
Table 9 describes the fields on the Software tab.
Field | Description |
---|---|
Software Name |
Displays the name of the installed software package. |
State Type |
State Type |
Software Description |
Displays the description of the software package. |
Version |
Displays the version number of the installed software package. |
Table 10 describes the fields on the Security Packages tab.
Field | Description |
---|---|
Version |
Displays the currently installed security package version. |
License |
Displays the number of licenses associated with the security package. Click the link to see the details of the licenses. |
Name |
Displays the name of the currently installed security package. |
Field Descriptions - Device Inventory Page > Configuration Template Tab
Table 11 describes the fields on the Configuration Template tab on the Device Inventory page.
Field | Description |
---|---|
Name |
Displays the name of the configuration template. |
Deployment Status |
Displays the deployment status of the configuration template, which can be No configuration, Ready to deploy, or Deployed. |
Last Deployed |
Displays the date when the configuration template was deployed. |
Description |
Displays the description of the configuration template. |
Validation |
Displays the status of the configuration templates validation job, which can be Success, Failed, or Inprogress. This field is temporarily populated when you click Validate on the Configuration Template page. |
Field Descriptions - Device Inventory Page > Junos Detailed Configurations Tab
The Junos Detailed Configuration tab enables you to configure Junos OS for an SRX Series Firewall. You can configure interfaces, general routing information, routing protocols, user access, and system hardware properties.
The left pane lists the Junos OS components. The Quick Links to Sections in the right pane provides links to sections in a particular component. You can click the required link to navigate directly to the corresponding section.
Table 12 desribes the icons, Call To Action (CTA) buttons, and different statuses displayed on the Junos Detailed Configuration tab.
Icon, CTA Buttons, or Status Displayed | Description |
---|---|
Deploy successful | Displayed when all the configuration(s) are deployed successfully on the device. |
Deployment in progress | Displayed when the configuration(s) deployment is in-progress. |
Deploy pending | Displayed when configuration(s) are pending deployment. |
Last deployed | Displays the number of hours or days since the last deployment and the email address of the user who deployed the configuration(s). |
Preview | Click to preview the configuration(s) that are pending deployment on the device. |
Deploy | Click to deploy the configuration(s) on the device. When you click, Deploy, the options to modify the configurations are disabled. |
Use to search and to navigate to a specific component, section, or parameter. | |
Displayed if a Junos component has configuration(s) that is pending deployment. | |
Restore To Last Deployed State | Click to restore the configured parameter, section, or component to its earlier state. |
Table 13 describes the Junos OS components that you can configure from the Junos Detailed Configuration tab.
Component | Description |
---|---|
Access | Use this section to configure essential user access and authentication features. Essential user access features include login classes, user accounts, access privilege levels, and user authentication methods. For more information, see the User Access and Authentication Administration Guide for Junos OS. |
Accounting Options | Use this section to configure collection interval, file to contain accounting data, specific fields and counter names on which statistics must be collected. For more information, see the Network Management and Monitoring Guide. |
Bridge Domains | Use this section to configure Layer 2 bridging on your SRX Series Firewall. For more information, see the Layer 2 Bridging, Address Learning, and Forwarding User Guide. |
Class of Service | Use this section to configure class of service (CoS) to define service levels that provide different delay, jitter, and packet loss characteristics to applications served by specific traffic flows. Applying CoS features to each device in your network ensures quality of service (QoS) for traffic throughout your entire network. For more information, see the Class of Service User Guide (Security Devices). |
Dynamic Profiles | Use this section to create dynamic profiles to use with DHCP or PPP client access. For more information, see the Broadband Subscriber Sessions User Guide. |
Firewall | Use this section to configure firewall filters and policers. For more information, see the Routing Policies, Firewall Filters, and Traffic Policers User Guide. |
Forwarding Options | Use this section to configure traffic forwarding options. For more information, see the Broadband Subscriber Management Wholesale User Guide. |
Interfaces | Use this section to provide information about interfaces, interfaces set, and interface range used on the device. For more information, see the Interfaces User Guide for Security Devices. |
Junos ES Root configuration | Use this section to configure JSRC to interact with a SAE in an SRC environment to authorize and to provision subscribers. For more information, see the Broadband Subscriber Sessions User Guide. |
Multi-Chassis | Use this section to configure consistency check parameters for a multichassis link aggregation group. |
PoE | Use this section to configure PoE interfaces, FPC configurations, and corresponding notifications. For more information, see the Interfaces User Guide for Security Devices. |
Policy Options | Use this section to configure routing policies. For more information, see the Routing Policies, Firewall Filters, And Traffic Policers User Guide. |
Protocols | Use this section to configure the protocols for a routing instance. |
Routing Instances | Use this section to configure IPv4 and IPv6 routing protocols and settings. For more information, see the Routing Protocols Overview. |
Security | Use this section to configure the following:
|
Services | Use this section to configure the router or switch settings to connect to the local router or switch. For more information, see the Broadband Subscriber Services User Guide. |
Session Limit Group | Use this section to configure the maximum allowed number of concurrent web management sessions. For more information, see the Flow-Based and Packet-Based Processing User Guide for Security Devices. |
SMTP | Use this section to configure SMTP server settings for the SRX Series Firewall. |
SNMP | Use this section to configure SNMP implementation in Junos OS. |
Switch Options | Use this section to configure Layer 2 learning and forwarding properties for a VLAN or a virtual switch. For more information, see the Ethernet Switching User Guide. |
System | Use this section to configure and to monitor the system log messages. For more information, see the Network Management and Monitoring Guide. |
VLANs | Use this section to configure the VLAN properties on the device. For more information, see the Ethernet Switching User Guide. |
VMHost | Use this section to configure VM host management properties. For more information, see the Junos OS Software Installation and Upgrade Guide. |
WLAN | Use this section to configure WLAN properties on the device. For more information, see the Interfaces User Guide for Security Devices. |