Evaluated Configuration Guide - Juniper Networks
[pic]
Juniper Networks IDP 4.0 & NSM 2006.1
Evaluated Configuration Guide
Rev B.2
8/1/2006
Prepared for:
Juniper Networks, Inc.
1194 North Mathilda Avenue
Sunnyvale, CA 94089
Prepared By:
En Pointe Technologies, Inc.
8310 Capital of Texas Highway, Ste. 305
Austin, TX 78731
Table of Contents
1 Usage Guidance 3
1.1 Usage Assumptions 3
1.1.1 Access 3
1.1.2 Access Scope 3
1.1.3 Dynamic 3
1.1.4 User Processes 3
1.1.5 Manage 3
1.1.6 No Evil Administrators 3
1.1.7 No Trust 3
1.1.8 Location 3
1.1.9 Protection 4
2 Installation/Configuration Guidance 5
2.1 Installation Prerequisites 5
2.1.1 IDP Sensor 5
2.1.2 NSM Server 5
2.1.3 NSM UI 6
2.2 Installation Procedures 6
2.2.1 IDP Sensor 6
2.2.2 NSM Server 6
2.2.3 NSM UI 13
2.3 Configuration Procedures 21
2.3.1 IDP Sensor 21
2.3.2 NSM Server 23
2.3.3 NSM UI 69
3 Appendix A 70
3.1 Software Identification 70
3.1.1 NSM UI 70
3.1.2 NSM Server 71
3.1.3 IDP Sensor 73
4 Appendix B: ACM Wizard 75
4.1 ACM Home Page 75
4.2 ACM Wizard Main Page 77
4.2.1 Setup 79
4.2.2 Mode 83
4.2.3 Networking 84
4.2.4 System 127
4.2.5 Management 139
4.2.6 Done 143
Usage Guidance
Performance of the security functions claimed for IDP and NSM is dependent on specific assumptions about the security environment in which both IDP and NSM will be installed and implemented. The following list of assumptions must be met in order for IDP & NSM to be considered in its evaluated configuration.
1 Usage Assumptions
1 Access
It is assumed that both IDP and NSM have access to all the IT System data it needs to perform its functions. This is accomplished by ensuring that the IDP sensor is correctly connected to the network(s) to be monitored and that NSM is correctly connected to and can communicate with IDP. [A.ACCESS]
2 Access Scope
It is assumed that the IDP appliance implemented is appropriately scalable to the IT Systems within the network in which the IDP appliance monitors. [A.ASCOPE]
3 Dynamic
It is assumed that the IDP appliance will be managed in a manner that allows it to appropriately address changes to the IT Systems that it monitors. [A.DYNMIC]
4 User Processes
It is assumed that the IDP Sensor, NSM Server, and NSM UI are installed on dedicated systems that do not contain any user processes that are not required to operate IDP or NSM. [A.USER_PROCESSES]
5 Manage
It is assumed that there will be one or more competent individuals assigned to manage both IDP and NSM and the security of the information they contain. [A.MANAGE]
6 No Evil Administrators
It is assumed that the authorized administrators are not careless, willfully negligent, or hostile, and will follow and abide by the instructions provided within the documentation provided for both IDP and NSM. [A.NOEVIL]
7 No Trust
It is assumed that both IDP and NSM can only be accessed by authorized users. [A.NOTRST]
8 Location
It is assumed that the processing resources of both the IDP Sensor and the NSM Server will be located within controlled access facilities, which will prevent unauthorized physical access. [A.LOCATE]
9 Protection
It is assumed that the hardware and software critical to security policy enforcement for both the IDP Sensor and NSM Server will be protected from unauthorized physical modification. [A.PROTCT]
Installation/Configuration Guidance
There are specific installation and initialization requirements that must be met in order for IDP and NSM to operate in its evaluated configuration. Administrators must perform the steps described in this guidance document before implementing IDP and NSM in an operational environment so that each of the security functions can properly function.
NOTE: All of the software files required to install NetScreen-Security Manager are located on the NetScreen-Security Manager installation CD or on the Internet at the Juniper Networks corporate support web site.
1 Installation Prerequisites
The following prerequisites must be accommodated prior to installing IDP or NSM.
1 IDP Sensor
The IDP Sensor requires one or more of the following IDP appliances:
▪ IDP 50
▪ IDP 200
▪ IDP 600-C
▪ IDP 600-F
▪ IDP 1000-C
▪ IDP 1100-F
2 NSM Server
The NSM Server requires a server meeting or exceeding the following hardware requirements:
▪ CPU: Sun Microsystems UltraSPARC IIi 500MHz (or higher), OR Linux 1GHz (x86) processor (or higher)
▪ Memory: 1GB (or higher); 2GB+ (depending on the number of managed devices and configuration size)
▪ Swap Space: 4 GB for both GUI Server and Device Server
▪ Storage: IDE Hard Disk Drive with 10K rpm (minimum); 15K rpm (recommended); 18 GB disk space (minimum); 40 GB disk space (recommended)
▪ Network Connection 100MBps NIC Ethernet adapter
▪ Other Server must be dedicated to running NetScreen-Security Manager.
The NSM Server also requires one of the following operating systems to be installed on the server:
NOTE: The latest available operating system security patches and service packs must be installed prior to installing the NSM Server or Client software.
▪ Solaris 8
▪ Solaris 9
▪ Red Hat Enterprise Linux (ES/AS) 3.0-Update 5 or 4.0-Update 1
3 NSM UI
The NSM UI requires the following minimum hardware, operating system, and software components:
Hardware
▪ IBM® compatible PC
▪ 400MHz Pentium® II or equivalent (minimum)
▪ 700 MHz Pentium II or equivalent (recommended)
▪ RAM: 256 MB (minimum)
▪ 512 MB or above (recommended)
▪ 384kbps (DSL) or LAN connection - minimum bandwidth required to connect to the NetScreen-Security Manager management system.
Operating System
NOTE: The latest available operating system security patches and service packs must be installed prior to installing the NSM Server or Client software.
▪ Microsoft Windows XP
▪ Microsoft Windows NT® Workstation/Server 4.0, Service Pack 6a or higher
▪ Microsoft Windows 2000 Server, Advanced Server, or Professional editions
▪ Red Hat Enterprise Linux ES 3.0 or 4.0
▪ Red Hat Enterprise Linux AS
▪ US English versions only
Software Components
▪ Java Runtime Environment (JRE) version 1.4.2
2 Installation Procedures
1 IDP Sensor
The IDP appliance is delivered with the IDP Sensor software version 4.0 pre-installed on the IDP appliance. However, new versions of the IDP Sensor software may be made available online or via CD-ROM. In order to upgrade the IDP Sensor software to the most current, follow the procedures detailed in the “Updating IDP Sensor Software” section in Chapter 6 of the “IDP 50, 200, 600, 1100 Installer’s Guide”, version 4.0.
2 NSM Server
To install the NSM Server, perform the following steps:
NOTE: This section assumes that an operating system as identified within section 2.1.2 has already been installed.
1. Log on to the operating system using the “root” account configured during the installation process of the operating system.
2. Change the current directory to the path containing the NSM Server installation script.
3. Execute the NSM Server installation script.
sh nsm2006.1_servers_linux_x86.sh
4. A prompt is displayed asking which servers to install. Type “3” and press Enter to confirm installing both the GUI Server and Device Server on the same system.
Creating staging directory...ok
########## PERFORMING PRE-INSTALLATION TASKS ##########
Running preinstallcheck...
Checking if platform is valid...............................ok
Checking for correct intended platform......................ok
Checking if all needed binaries are present.................ok
Checking for platform-specific binaries.....................ok
Checking for PostgreSQL.....................................ok
Checking if user is root....................................ok
Checking if user root exists................................ok
Checking if system meets RAM requirement....................ok
Checking for sufficient disk space..........................ok
Checking if RPM binary is the minimum version ..............ok
Noting OS name..............................................ok
Stopping any running servers
########## GATHERING INFORMATION ##########
1) Install Device Server only
2) Install GUI Server only
3) Install both Device Server and GUI Server
Enter selection (1-3) []> 3
5. A prompt is displayed asking if the machine will participate in an HA cluster. Press Enter to accept the default value of “n”.
########## GENERAL SERVER SETUP DETAILS ##########
Will this machine participate in an HA cluster? (y/n) [n]>
6. A prompt is displayed asking to provide the directory path in which the Device Server data will be stored. Press Enter to accept the default value of “/var/netscreen/DevSvr”.
########## DEVICE SERVER SETUP DETAILS ##########
The Device Server stores all of the user data under a single directory.
By default, this directory is /var/netscreen/DevSvr. Because the user data (including logs and policies) can grow to be quite large, it is sometimes desirable to place this data in another partition.
Please enter an alternative location for this data if so desired, or press ENTER for the location specified in the brackets.
Enter data directory location [/var/netscreen/DevSvr]>
7. A prompt is displayed asking to provide the directory path in which the GUI Server data will be stored. Press Enter to accept the default value of “/var/netscreen/GuiSvr”.
########## GUI SERVER SETUP DETAILS ##########
The GUI Server stores all of the user data under a single directory.
By default, this directory is /var/netscreen/GuiSvr. Because the user data (including database data and policies) can grow to be quite large, it is sometimes desirable to place this data in another partition.
Please enter an alternative location for this data if so desired, or press ENTER for the location specified in the brackets.
Enter data directory location [/var/netscreen/GuiSvr]>
8. A prompt is displayed asking to provide the directory path in which the GUI Server database logs will be stored. Press Enter to accept the default value of “/var/netscreen/GuiSvr/xdb/log”.
The GUI Server stores all of the database logs under a single directory.
By default, this directory is /var/netscreen/GuiSvr/xdb/log. Because the database log can grow to be quite large, it is sometimes desirable to place this log in another partition.
Please enter an alternative location for this log if so desired, or press ENTER for the location specified in the brackets.
Enter database log directory location [/var/netscreen/GuiSvr/xdb/log]>
9. A prompt is displayed asking to provide the IP address for the management interface that will be used to communicate with the IDP appliance(s). Type in the IP address of the management interface and press Enter.
Enter the management IP address of this server []> 10.10.10.50
Setting GUI Server address and port to 10.10.10.50:7801 for Device Server
10. A prompt is displayed asking to provide and confirm the password that will be used for authenticating to the “super” user. Type in the password and press Enter. Then retype the password and press Enter to confirm the password defined.
Please enter a password for the 'super' user
Enter password (password will not display as you type)>
Please enter again for verification
Enter password (password will not display as you type)>
11. A prompt is displayed asking if a Statistical Report Server will be used with this GUI Server. Press Enter to accept the default value “n”.
Will a Statistical Report Server be used with this GUI Server? (y/n) [n]>
12. A prompt is displayed asking if the server processes need to be restarted automatically in case of a failure. Press Enter to accept the default value “y”.
########## HIGH AVAILABILITY (HA) SETUP DETAILS ##########
Will server processes need to be restarted automatically in case of a failure? (y/n) [y]>
13. A prompt is displayed asking if this machine will require local database backups. Press Enter to accept the default value “y”.
########## BACKUP SETUP DETAILS ##########
Will this machine require local database backups? (y/n) [y]>
14. A prompt is displayed asking what hour of the day to start the database backup. Press Enter to accept the default value “02”.
Enter hour of day to start the database backup (00 = midnight, 02 = 2am, 14 = 2pm ...)[02]>
15. A prompt is displayed asking if the daily backup will need to be sent to a remote machine. Press Enter to accept the default value “n”.
Will daily backups need to be sent to a remote machine? (y/n) [n]>
16. A prompt is displayed asking to enter the number of backups to keep. Press Enter to accept the default value “7”.
Enter number of database backups to keep [7]>
17. A prompt is displayed asking to enter the rsync command timeout. The default timeout is 1800. Press Enter to accept the default value “1800”.
Enter the rsync command timeout [1800]>
18. A prompt is displayed asking to specify the location of the database backup directory. Press Enter to accept the default value “/var/netscreen/dbbackup”.
Enter database backup directory [/var/netscreen/dbbackup]>
19. A prompt is displayed asking to specify the full path to the rsync program installed. Press Enter to accept the default value “/usr/bin/rsync”.
The database backup server(s) requires that you have previously installed the rsync program.
Enter the full path to rsync [/usr/bin/rsync]>
20. A prompt is displayed asking for the Postgres DevSvr Db port which is by default “5432”. Press Enter to accept the same default value, like wise Postgres DevSvr Db super user with a default name of “nsm” is prompted. Accept the default name for which you will be prompted to give a password and also verification is asked with respect to the password entered.
########## DEVSVR DB SETUP DETAILS ##########
Enter Postgres DevSvr Db port [5432]>
Postgres DevSvr Db port set to 5432
Enter Postgres DevSvr Db super user [nsm]>
Postgres DevSvr Db super user set to 'nsm'
Enter Postgres DevSvr Db password for user 'nsm'
Enter password (password will not display as you type)>
Please enter again for verification
Enter password (password will not display as you type)>
Postgres DevSvr Db password set for 'nsm'
21. A prompt is displayed asking if the servers should be started after the installation has completed. Type “y” and press Enter.
########## POST-INSTALLATION OPTIONS ##########
Start server(s) when finished? (y/n) []> y
22. A prompt is displayed asking to confirm the set of configurations that have just been applied. Type “y” and press Enter to accept the configurations. Otherwise, type “n” to repeat steps 6 - 23.
########## CONFIRMATION ##########
About to proceed with the following actions:
- Install Device Server
- Install GUI Server
- Install High Availability Server
- This machine does not participate in an HA cluster
- Store Device Server data in /var/netscreen/DevSvr
- Store GUI Server data in /var/netscreen/GuiSvr
- Store GUI Server database log in /var/netscreen/GuiSvr/xdb/log
- Use IP address 10.10.10.50 for management
- Connect to GUI Server at 10.10.10.50:7801
- Set password for 'super' user
- Servers will be restarted automatically in case of a failure
- Local database backups are enabled
- Start backups at 02
- Daily backups will not be sent to a remote machine
- Number of database backups to keep: 7
- Logging is disabled: n
- Create database backup in /var/netscreen/dbbackup
- Use rsync program at /usr/bin/rsync
- Postgres DevSvr Db Server port: 5432
- Postgres DevSvr Db super user: nsm
- Postgres DevSvr Db password set for ‘nsm’
- Start server(s) when finished: Yes
Are the above actions correct? (y/n)> y
23. After the configuration has been accepted, the installation process begins. If the installation is completed successfully, then you will see test similar to the text provided below. If the installation process does not complete successfully, then you should ensure that you have correctly satisfied all of the installation prerequisites identified in section 2.1 and then re-execute the installation script.
########## EXTRACTING PAYLOADS ##########
Extracting payload..........................................ok
Decompressing payload.......................................ok
########## PERFORMING INSTALLATION TASKS ##########
----- INSTALLING Device Server -----
Looking for existing RPM package............................ok
Removing DevSvr files from default location.................ok
Installing Device Server RPM................................ok
Unpacking DevSvr............................................ok
Installing JRE..............................................ok
Creating var directory......................................ok
Creating /var/netscreen/dbbackup............................ok
Putting NSROOT into start scripts...........................ok
Filling in Device Server config file(s).....................ok
Setting permissions for Device Server.......................ok
----------Setting up PostgreSQL for DevSvr--------------
Changing password for user nsm.
New UNIX password:
BAD PASSWORD: it is based on a dictionary word
Retype new UNIX password:
Passwd: all authentication tokens updated successfully.
Setting up PostgreSQL for DevSvr. . . ........................ok
Installation of Device Server complete.
----- INSTALLING GUI Server -----
Looking for existing RPM package............................ok
Removing GuiSvr files from default location.................ok
Installing GUI Server RPM...................................ok
Installing JRE..............................................ok
Creating var directory......................................ok
Putting NSROOT into start scripts...........................ok
Filling in GUI Server config file(s)........................ok
Setting permissions for GUI Server..........................ok
Running generateMPK utility.................................ok
Running fingerprintMPK utility..............................ok
Installation of GUI Server complete.
----- INSTALLING HA Server -----
Looking for existing RPM package............................ok
Removing HaSvr files from default location..................ok
Installing HA Server RPM....................................ok
Creating var directory......................................ok
Putting NSROOT into start scripts...........................ok
Filling in HA Server config file(s).........................ok
Setting permissions for HA Server...........................ok
Installation of HA Server complete.
----- SETTING START SCRIPTS -----
Enabling Device Server start script.........................ok
Enabling GUI Server start script............................ok
Enabling HA Server start script.............................ok
########## PERFORMING POST-INSTALLATION TASKS ##########
Running nacnCertGeneration..................................ok
Running idpCertGeneration...................................ok
Removing staging directory..................................ok
Starting GUI Server.........................................ok
Starting Device Server......................................ok
Starting HA Server..........................................ok
NOTES:
- Installation log is stored in /usr/netscreen/DevSvr/var/errorLog/netmgtInstallLog. 20060613094753
- This is the GUI Server fingerprint: 38:09:B8:7A:3E:21:0B:FC:D8:20:8B:B4:3A:AC:7E:76:F3:4A:8A:56
You will need this for verification purposes when logging into the GUI Server. Please make a note of it.
- To enable firmware updates to ScreenOS 4.x devices, the TFTP server on this machine needs to be enabled.
- To enable firmware updates to ScreenOS 4.x devices, the TFTP server on this machine must have its root directory set to ‘/usr/netscreen/DevSvr/var/cache’
[root@nsm ~]#
3 NSM UI
To install the NSM UI, perform the following steps:
1. Log on to the operating system using the “root” or “administrator” account configured during the installation process of the operating system.
2. Open a terminal window or command prompt, if it is not already open.
3. Insert the NSM CD or download NSM Client application from Juniper Networks, Inc. website:
4. Change the current directory to the path containing the NSM UI installation file:
For Windows:
d:\ (Assuming that D: is the drive letter associated with the CD device)
or,
C:\tempdir (Assuming that C:\tempdir is the location where NSM UI installation was downloaded to)
5. Execute the NSM UI installation file:
For Windows:
nsm2006.1_ui_win_x86.exe
6. The “Introduction” screen is displayed, as identified in the figure below. Click on “Next” to continue.
[pic]
7. The “License Agreement” screen is displayed, as identified in the figure below. Read through the agreement and select “I accept the terms of the License Agreement”, if it is agreed. Then click on “Next” to continue.
[pic]
8. The “Choose Install Folder” screen is displayed, as identified in the figure below. Click on “Next” to accept the default value and continue.
[pic]
NOTE: The installation path identified above is based on a Windows installation. See below for the default values of each operating system.
Windows: C:\Program Files\NetScreen-Security Manager
9. The “Choose Shortcut Folder” screen is displayed, as identified in the figure below. Click on “Next” to accept the default value and continue.
[pic]
10. The “Pre-Installation Summary” screen is displayed, as identified in the figure below. Click on “Install” to confirm the installation options selected and continue with the installation process.
[pic]
11. The “Installing NetScreen-Security Manager” screen is displayed, as identified in the figure below. Remain patient until the indicator at the bottom of the screen becomes completely green, indicating that the installation is now complete.
[pic]
12. The “Install Complete” screen is then displayed, as identified in the figure below. Click on “Done” to exit the NSM UI installer.
[pic]
3 Configuration Procedures
The following subsections provide instructions for configuring the IDP Sensor, NSM Server, and NSM UI components. The configuration procedures should be performed in the order in which they are presented, unless specific steps reference to perform other procedures outside of this order.
1 IDP Sensor
Configuring the IDP appliance involves connecting to the IDP appliance, as described in section 2.3.1.1 below, and running the Appliance Configuration Manager (ACM) wizard, as further described in section 4 below.
1 Connect to the IDP Appliance
To connect with and configure the IDP appliance, you may establish a connection either by connecting through the management port or through the console. The following subsections describe how to connect to the IDP appliance using both methods.
1 Using the Management Port
To connect to the IDP appliance using the management port, perform the following steps:
1. Locate the management port for your IDP appliance. The management port is identified as the following for each respective evaluated IDP appliance:
▪ IDP 50 - MGT
▪ IDP 200 - MGT
▪ IDP 1000-C - MGT
▪ IDP 1100-F - MGT
▪ IDP 600-C MGT
▪ IDP 600-F MGT
2. Connect a standalone computer, such as a laptop, to the IDP appliance management port, as identified above. To connect directly to the appliance, use a crossover cable. To connect to the appliance over a hub or switch, use a straight-through cable.
3. Change the IP address of the standalone computer to 192.168.1.2, with the subnet mask being 255.255.255.0 and the gateway being 192.168.1.1. For instructions on changing your IP address, see your computer’s operating system documentation.
4. On the connected computer, open a Web browser. Enter the URL of the ACM wizard as . Because the ACM uses a secure form of HTTP, you MUST enter https:// before the IP address.
5. Enter the default user name (root) and password (abc123). When the ACM wizard appears, proceed to section 4 below.
2 Using the Console
To connect to the IDP appliance using the console, perform the following steps:
1. Connect to the IDP appliance. The console can be accessed through either the serial port or the keyboard and monitor connections:
a. For serial console connections, connect a serial console to the IDP appliance Serial port and configure the terminal software to use parameters 8-N-1, 9600. For Windows, use HyperTerminal. For Linux, use minicom.
b. For keyboard and monitor connections, connect a keyboard and monitor to the IDP appliance.
2. Log in to the IDP appliance using the default user name (root) and password (abc123). The Ethernet configuration script automatically runs. Follow the instructions in the script’s help text to configure Ethernet access to the IDP appliance.
3. When prompted, select the network card you want to configure. The default configuration for that network card appears.
a. To accept the default configuration, type n and press Enter to continue.
b. To reconfigure the network card, type y. Assign an IP address and netmask to the network card. Be sure to use an IP address that is reachable by the computer you will use to configure the Sensor software. Press Enter to continue.
4. When prompted, set a default route by pressing y. Enter the default route for the computer that you will use to configure the Sensor software. Press Enter.
5. Perform the procedures above in section 2.3.1.1.1 to connect to the management port just configured, and run the ACM wizard.
2 NSM Server
1 Authenticate to the NSM Server
Before any configuration can be applied to the NSM Server, you must first authenticate to the NSM Server using the NSM UI installed. To authenticate, perform the following steps.
1. Open the shortcut selected in the “Choose Shortcut Folder” screen for the NSM UI installation (see item 9 in section 2.2.3).
2. If this is the first time that the NSM UI is run, a prompt will display with the RSA fingerprint of the NSM server. Verify this fingerprint with the fingerprint previously documented in step 23 of section 2.2.2 of this document. Click “Accept” if correct.
3. The NSM UI Login prompt is displayed, as identified in the figure below. Enter the administrator name in the “Login:” field, the password in the “Password:” field, and the IP address or hostname of the NSM Server in the “Server:” field. Then left-click on “OK”.
NOTE: If this is your first time authenticating to the NSM Server, you will need to use the “super” administrator account with the password specified in step 10 of section 2.2.2 above.
[pic]
4. The NSM UI is then displayed, as identified in the figure below. The default display is the Log Viewer module display. However, the NSM UI remembers the last screen in focus the next time the same user authenticates.
[pic]
2 Configure Events to Log
To ensure that all auditable events required are selected to be recorded, perform the following steps:
1. Left-click on the “Audit Log Viewer” module.
2. Left-click on the “Edit” menu bar.
3. Left-click on “Set Auditable Activity”.
4. Left-click on the check box next to each of the following “Read only” auditable events that are not already selected with a check mark:
|View Admins |FAU_GEN.1: Access to the TOE and System data |
|View Audit Logs |FAU_GEN.1 [FAU_SAR.1]: Reading of information from the audit records |
| |FAU_GEN.1: Access to the TOE and System data |
|View Devices, Device Groups, & |FAU_GEN.1: Access to System |
|Templates | |
|View Device Config |FAU_GEN.1: Access to the TOE and System data |
|View Device Logs |FAU_GEN.1: Access to the TOE and System data |
|View Admin Roles |FAU_GEN.1: Access to the TOE and System data |
|View IDP Rulebase |FAU_GEN.1: Access to the TOE and System data |
|View Backdoor Rulebase |FAU_GEN.1: Access to the TOE and System data |
|View Security Policies |FAU_GEN.1: Access to the TOE and System data |
|View Action Attributes |FAU_GEN.1: Access to the TOE and System data |
|View SYNProtector Rulebase |FAU_GEN.1: Access to the TOE and System data |
|View Traffic Signature Rulebase |FAU_GEN.1: Access to the TOE and System data |
|View Network Honeypot Rulebase |FAU_GEN.1: Access to the TOE and System data |
|View Auditable Activities |FAU_GEN.1: Access to the TOE and System data |
5. Left-click on the “Read-write” tab next to the “Read only” tab.
6. Left-click on the check box next to each of the following “Read-write” auditable events that are not already selected with a check mark:
NOTE: While all Read-write auditable events are selected, by default, the Read-write auditable events below must remain selected with a check mark to comply with the evaluated configuration.
|Create Admins |FAU_GEN.1: Access to the TOE and System data |
| |FAU_GEN.1 [FMT_MTD.1]: All modifications to the values of TSF data |
|Edit Admins |FAU_GEN.1: Access to the TOE and System data |
| |FAU_GEN.1 [FMT_MTD.1]: All modifications to the values of TSF data |
|Delete Admins |FAU_GEN.1: Access to the TOE and System data |
| |FAU_GEN.1 [FMT_MTD.1]: All modifications to the values of TSF data |
|Update Device Config |FAU_GEN.1: Access to the TOE and System data |
| |FAU_GEN.1 [FMT_MOF.1]: All modifications in the behavior of the functions |
| |of the TSF. |
| |FAU_GEN.1 [FMT_MTD.1]: All modifications to the values of TSF data |
|Hide & Unhide Device Log |FAU_GEN.1: Access to the TOE and System data |
| |FAU_GEN.1 [FMT_MTD.1]: All modifications to the values of TSF data |
|Purge Device Logs |FAU_GEN.1: Access to the TOE and System data |
| |FAU_GEN.1 [FMT_MTD.1]: All modifications to the values of TSF data |
|Create Security Policies |FAU_GEN.1: Access to the TOE and System data |
| |FAU_GEN.1 [FMT_MOF.1]: All modifications in the behavior of the functions |
| |of the TSF. |
| |FAU_GEN.1 [FMT_MTD.1]: All modifications to the values of TSF data |
|Delete Rulebases |FAU_GEN.1: Access to the TOE and System data |
| |FAU_GEN.1 [FMT_MOF.1]: All modifications in the behavior of the functions |
| |of the TSF. |
| |FAU_GEN.1 [FMT_MTD.1]: All modifications to the values of TSF data |
|Delete Security Policies |FAU_GEN.1: Access to the TOE and System data |
| |FAU_GEN.1 [FMT_MOF.1]: All modifications in the behavior of the functions |
| |of the TSF. |
| |FAU_GEN.1 [FMT_MTD.1]: All modifications to the values of TSF data |
|Create Admin Roles |FAU_GEN.1: Access to the TOE and System data |
| |FAU_GEN.1 [FMT_MTD.1]: All modifications to the values of TSF data |
| |FAU_GEN.1 [FMT_SMR.1]: Modifications to the group of users that are part of|
| |a role. |
|Edit Admin Roles |FAU_GEN.1: Access to the TOE and System data |
| |FAU_GEN.1 [FMT_MTD.1]: All modifications to the values of TSF data |
| |FAU_GEN.1 [FMT_SMR.1]: Modifications to the group of users that are part of|
| |a role. |
|Delete Admin Roles |FAU_GEN.1: Access to the TOE and System data |
| |FAU_GEN.1 [FMT_MTD.1]: All modifications to the values of TSF data |
| |FAU_GEN.1 [FMT_SMR.1]: Modifications to the group of users that are part of|
| |a role. |
|Attack Update |FAU_GEN.1: Access to the TOE and System data |
| |FAU_GEN.1 [FMT_MOF.1]: All modifications in the behavior of the functions |
| |of the TSF. |
| |FAU_GEN.1 [FMT_MTD.1]: All modifications to the values of TSF data |
|Modify policylookup Table |FAU_GEN.1: Access to the TOE and System data |
| |FAU_GEN.1 [FMT_MOF.1]: All modifications in the behavior of the functions |
| |of the TSF. |
| |FAU_GEN.1 [FMT_MTD.1]: All modifications to the values of TSF data |
|Create/Edit IDP Rulebase |FAU_GEN.1: Access to the TOE and System data |
| |FAU_GEN.1 [FMT_MOF.1]: All modifications in the behavior of the functions |
| |of the TSF. |
| |FAU_GEN.1 [FMT_MTD.1]: All modifications to the values of TSF data |
|Create/Edit Backdoor Rulebase |FAU_GEN.1: Access to the TOE and System data |
| |FAU_GEN.1 [FMT_MOF.1]: All modifications in the behavior of the functions |
| |of the TSF. |
| |FAU_GEN.1 [FMT_MTD.1]: All modifications to the values of TSF data |
|Edit Security Policies |FAU_GEN.1: Access to the TOE and System data |
| |FAU_GEN.1 [FMT_MOF.1]: All modifications in the behavior of the functions |
| |of the TSF. |
| |FAU_GEN.1 [FMT_MTD.1]: All modifications to the values of TSF data |
|Modify Action Attributes |FAU_GEN.1: Access to the TOE and System data |
| |FAU_GEN.1 [FMT_MOF.1]: All modifications in the behavior of the functions |
| |of the TSF. |
| |FAU_GEN.1 [FMT_MTD.1]: All modifications to the values of TSF data |
|Create/Edit SYN/Protector Rulebase|FAU_GEN.1: Access to the TOE and System data |
| |FAU_GEN.1 [FMT_MOF.1]: All modifications in the behavior of the functions |
| |of the TSF. |
| |FAU_GEN.1 [FMT_MTD.1]: All modifications to the values of TSF data |
|Create/Edit Traffic Signature |FAU_GEN.1: Access to the TOE and System data |
|Rulebase |FAU_GEN.1 [FMT_MOF.1]: All modifications in the behavior of the functions |
| |of the TSF. |
| |FAU_GEN.1 [FMT_MTD.1]: All modifications to the values of TSF data |
|Create/Edit Network Honeypot |FAU_GEN.1: Access to the TOE and System data |
|Rulebase |FAU_GEN.1 [FMT_MOF.1]: All modifications in the behavior of the functions |
| |of the TSF. |
| |FAU_GEN.1 [FMT_MTD.1]: All modifications to the values of TSF data |
7. Left-click on “OK” to confirm and save the selections.
3 Configure NSM to Communicate with IDP
Before configuring communication to the IDP appliance, ensure that the procedures identified above for connecting to and configuring the IDP appliance have been performed. Also ensure that the IDP appliance is powered on and that the management port is correctly configured and connected to communicate with the NSM Server.
To establish a communication path between the NSM Server and the IDP appliance, the following steps must be performed:
1. Left-click on the plus sign (+) next to the “Device Manager” module to expand the components within that module.
2. Left-click on the “Security Devices” component.
3. Left-click on the plus sign (+) within the “Security Device Tree” tab that is displayed to the right of the modules tree.
4. Left-click on “Device”.
[pic]
5. Type in a name for the IDP appliance in the “Device Name” field.
6. Select the default option displayed “Device is Reachable (i.e. Static IP Address)”
7. Left-click on “Next” to continue.
[pic]
8. Type in the IP Address of the management port for the IDP appliance within the “IP Address” field.
9. Type in “admin” in the “Name” field.
10. Type in the password created for the admin user in the “Password” field.
NOTE: This is the password specified for the admin account in section 4.2.1.1.
11. Type in the password created for the root user in the “Super user Password for IDP Device” field.
NOTE: This is the password specified for the root account in section 4.2.1.1.
12. Select the default selection, “SSH Version 2”, in the “Connect To Device With:” field.
13. Select the default selection, “22”, in the “Port Number” field.
14. Left-click on “Next” to continue.
[pic]
15. Verify the SSH Key displayed by connecting to the console of the IDP appliance, as described in section 2.3.1.1.2, and typing the following commands:
cd /etc/ssh
ssh-keygen -l -f ssh_host_dsa_key.pub
16. If the key presented as a result from performing the commands above matches the key displayed in “Verify Device Authenticity” window, then left-click on “Next” to confirm the device’s authenticity.
[pic]
17. The Add Device wizard will now attempt to auto detect the settings configured on the IDP appliance. When the detection is complete, the “Finish” button will be enabled. Left-click on “Finish” to complete the process for adding the IDP appliance.
[pic]
18. The Add Device wizard will now display a text box indicating that the device is currently being added.
[pic]
19. When the Add Device wizard is complete, the NSM UI will brought back into focus and the IDP appliance just added will now be displayed within the “Security Devices Tree” tab.
[pic]
4 Import IDP Device Configuration
Before any changes can be made to the IDP appliance configuration, the configuration of the IDP appliance must first be imported into the NSM Server. This is accomplished by performing the following steps:
1. Within the “Security Devices Tree” tab, right-click on the IDP device added in section 2.3.2.3 above, and left-click on “Import Device”.
[pic]
2. The configuration pertaining to the IDP appliance added will be imported. When the importing process is complete, a result will be returned indicating “Device imported successfully”, as identified in the figure below. Left-click on “Close” to exit the Import Device wizard.
[pic]
5 Update IDP Detector Engine
The IDP Detector Engine
1. While in the “Device Manager” module view, select “IDP Detector Engine > Load IDP Detector Engine” from the “Devices” menu bar.
[pic]
2. A confirmation prompt is displayed, reminding the user to save any changes to the IDP appliance configuration before proceeding. Left-click on “Next” to continue.
[pic]
3. Select the check box next to the IDP appliance added in section 2.3.2.3 above. Left-click on “Finish” to continue.
[pic]
4. A “Job Information” window is displayed, indicating that the operation has completed successfully. Left-click on “Close” to exit the IDP Detector Engine wizard.
[pic]
6 Install Attack Signature Updates
1. While in the “Device Manager” module view, select “View/Update NSM Attack Database” from the “Tools” menu bar.
[pic]
2. A confirmation prompt is displayed, reminding the user to save any changes to the IDP appliance configuration before proceeding. Left-click on “Next” to continue.
[pic]
3. A summary prompt is displayed, identifying both the current version.
[pic]
[pic]
7 Create Policies to Monitor/Protect Networks
1. Right-click on the “Security Policies” module and left-click on “New Policy…”
[pic]
2. Type in a name for the IDP policy within the “Policy Name” field.
[pic]
After entering the Name in the “Policy Name” field the “Next” button gets enabled. Left-click on the “Next” button and you will be taken to the below window.
[pic]
Un-check the “Firewall/VPN Devices” statement and tick the checkbox having the statement “Stand Alone IDP Devices” as shown below.
[pic]
3. Select “Use IDP Template”, then select a template available within the “Name” selection box and left-click on “OK”.
[pic]
Once a Name is selected from the drop down box, the Next button gets enabled. Left-click on the “Next” button
[pic]
Left-click on the “Next” button.
[pic]
Click on the “Finish” button.
4. When the policy has been successfully created, the NSM UI will brought back into focus and the security policy just created will now be displayed within the “Security Policies” screen.
[pic]
8 Apply Policies to the IDP Appliance
1. Left-click on the “Security Devices” component within the “Device Manager” module.
2. Right-click on the IDP appliance added in section 2.3.2.3 above and left-click on “Policy > Assign Policy…”.
[pic]
3. Select the IDP policy created in section 2.3.2.7 above within the “Security Policy Name” field.
[pic]
4. Left-click on “OK’ to apply the policy to the IDP appliance.
[pic]
5. When the operation has successfully completed, the NSM UI will brought back into focus with the IDP appliance displayed within the “Security Devices Tree” tab.
[pic]
9 Update the Configuration to the IDP Appliance
1. While in the “Security Devices” view of the “Device Manager” module, right-click on the IDP appliance added in section 2.3.2.3 above and left-click on “Update Device”.
[pic]
2. Confirm the default option selected, “Restart IDP Profiler after Device Update” and left-click on “OK”.
NOTE: It is not mandatory to request the IDP Profiler to restart after the device update.
[pic]
3. When the device update is complete, a confirmation screen is displayed. Left-click on “Close” to exit the Update Device wizard.
[pic]
10 Configure Authentication Failure Handling
1. While in the “Security Devices” view of the “Device Manager” module, left-click on “Preferences” from the “Tools” menu bar.
[pic]
Once you click on “Preferences” the following window appears.
[pic]
2. Left-click on “System Properties”.
3. Set the numerical value in the “Consecutive, failed login attempts until blocked” field to a value other than zero.
NOTE: The default value of 10 in considered being a reasonable value for ensuring convenience of users in the event of a mistake, while also preventing multiple unsuccessful authentication attempts for cases where an attacker may attempt to brute force an account.
4. Left-click on “OK’ to accept the new value, save the change, and exit the Preferences screen.
[pic]
11 Create an Administrator
1. While in the “Security Devices” view of the “Device Manager” module, left-click on “Manage Administrators and Domains” from the “Tools” menu bar.
[pic]
5. Left-click on the plus sign (+) to create a new administrator.
[pic]
6. Type in a name for the new administrator within the “Name” field.
7. Enter information into the other available fields.
NOTE: The only field required to be completed is the “Name” field. Therefore, the remaining fields are optional and do not have to be completed to create an administrator, if they are not needed.
[pic]
8. Left-click on the “Authorization” tab.
9. Left-click on the “Set Password…” button.
[pic]
10. Type in the password to be used for the new administrator within the “Enter a new password:” and “Confirm new password:” fields.
NOTE: The password provided must be between 9-64 characters in length.
[pic]
11. Left-click on the “Permissions” tab.
12. Left-click on the plus sign (+) to assign a role to the new administrator.
[pic]
13. Select the role to be assigned to the administrator from one of the available roles within the “Role” selection box.
[pic]
14. Select the check box next to the Domain that the new administrator will be assigned to and left-click on “OK” to accept the selection. The default domain is the global domain.
[pic]
15. The focus is then returned back to the New Administrator wizard. Left-click on “OK” to accept the configurations applied and create the new administrator defined.
[pic]
16. The focus is then returned back to the Manage Administrators and Domains screen. Left-click on “OK” to exit the Manage Administrators and Domains screen.
[pic]
3 NSM UI
No configuration steps are necessary since all configurations that affect the NSM UI are only configurable and enforceable from the NSM Server.
Appendix A
1 Software Identification
1 NSM UI
1. Open the shortcut selected in the “Choose Shortcut Folder” screen for the NSM UI installation (see item 9 in section 2.2.3).
2. The NSM UI Login prompt is displayed, as identified in the figure below. Verify that the version and build identified in the bottom left-hand corner of NSM UI Login prompt matches the version indicated for the NSM UI within the Security Target.
[pic]
2 NSM Server
1. Authenticate to the NSM Server using the steps provided in section 2.3.2.1.
2. When the NSM UI is displayed, left-click on “About NetScreen-Security Manager” from the “Help” menu bar.
[pic]
3. The “About Juniper Networks - NSM” prompt is displayed. Verify that the version and build identified in the bottom left-hand corner of the “About Juniper Networks - NSM” prompt matches the version indicated for the NSM Server within the Security Target.
[pic]
3 IDP Sensor
1. From within the NSM UI, left-click on the plus sign (+) next to the “Device Manager” module to expand the components within that module.
2. Left-click on the “Security Devices” component.
3. Right-click on the IDP appliance added in section 2.3.2.3 above, and left-click on “Edit”.
[pic]
4. The IDP appliance properties are displayed. Verify that the version and build identified in the “Detector Version” field matches the version indicated for the IDP Sensor within the Security Target.
[pic]
Appendix B: ACM Wizard
1 ACM Home Page
When you first navigate to the IDP appliance through a web browser, you are presented with the ACM home page as identified in the figure below. From here, you can view and apply the current IDP configuration, download or upload the IDP configuration, or reconfigure the IDP appliance using the ACM wizard. Additionally, individual links are also presented beneath the “ACM menu” section which allows you to browse to a specific configuration page within the ACM wizard.
[pic]
2 ACM Wizard Main Page
Once the ACM Wizard is invoked, you are redirected to the ACM wizard page as identified in the figure below. From here, you can start the configuration process by clicking on “Start Configuration Wizard”, or you can import an existing configuration file by specifying the location of the existing configuration file and clicking on “Upload Config Template”.
[pic]
1 Setup
The Setup section of the ACM wizard allows you to:
▪ specify the password for the root and admin accounts on the IDP Sensor, and to
▪ specify a Fully Qualified Domain Name (FQDN) for the IDP appliance.
1 Choose Sensor Passwords
The “Choose Sensor Passwords” page provides the ability to change the password for both the root and admin accounts, as identified in the figure below.
WARNING: While changing the default passwords is optional on this page, it is required by the evaluated configuration that you change the root and admin passwords from their default value of (abc123).
NOTE: As indicated in the figure below, the password chosen must be between 6-20 characters in length.
[pic]
2 Choose Sensor FQDN
The “Choose Sensor FQDN” page provides the ability to change or set the FQDN for the IDP Appliance, as identified in the figure below.
[pic]
2 Mode
The Mode section of the ACM wizard allows you to:
▪ specify the deployment mode that is to be used by the IDP Sensor.
1 Choose Deployment Mode
The “Choose Deployment Mode” page provides the ability to specify which deployment mode to be used by the IDP Sensor, as identified in the figure below.
As indicated, the modes available for deployment include:
▪ Sniffer Mode
▪ Bridge Mode
▪ Proxy-Arp Mode
▪ Transparent Mode
▪ Router Mode
NOTE: The configuration screens within the next section vary based on the deployment mode chosen here. For the additional mode-specific configurations, see section 4.2.3.2 below.
[pic]
3 Networking
The Networking section of the ACM wizard allows you to:
▪ configure the network interface hardware installed on your IDP appliance,
▪ configure deployment mode-specific configurations,
▪ configure the routing table, and
▪ configure DNS.
1 Choose Network Interface Hardware
The “Choose Network Interface Hardware” page provides the ability to specify the transmission mode to be used by the network interfaces installed on your IDP appliance, as identified in the figure below.
By default, the transmission mode is set to “auto”.
[pic]
2 Deployment Mode Specific Configurations
This section provides the additional configuration pages available within the Networking section that are specific to the deployment mode chosen in section 4.2.2.1 above.
1 Sniffer Mode
If Sniffer mode was chosen in section 4.2.2.1 above, then the following configuration pages are displayed.
1 Configure the Management Interface
The “Configure the Management Interface” page provides the ability to choose the management interface to be used and the IP address and netmask to be assigned to the management interface, as identified in the figure below.
[pic]
2 Choose Sniffer Interface(s)
The “Choose Sniffer Interface(s)” page provides the ability to choose one or more interfaces to be used for sniffing network traffic, as identified in the figure below.
[pic]
3 Choose Reset Interface
The “Choose Reset Interface” page provides the ability to choose the interface to be used for resetting live connections, as identified in the figure below.
[pic]
2 Bridge Mode
If Bridge mode was chosen in section 4.2.2.1 above, then the following configuration pages are displayed.
1 Configure VLANs and Virtual Routers
The “Configure VLANs and Virtual Routers” page provides the ability to enable 802.1Q VLAN tags and/or multiple virtual routers, as identified in the figure below.
[pic]
2 Configure the Management Interface
The “Configure the Management Interface” page provides the ability to choose the management interface to be used and the IP address and netmask to be assigned to the management interface, as identified in the figure below.
[pic]
3 Configure Forwarding Interfaces
The “Choose Forwarding Interfaces” page provides the ability to choose the interfaces that will be used to forward traffic, as identified in the figure below.
NOTE: You must configure at least two interfaces.
[pic]
4 Configure Bridge Interfaces
The “Configure Bridge Interfaces” page provides the ability to specify the IP address and netmask for the forwarding interfaces defined in section 4.2.3.2.2.3 or to specify Stealth mode in cases where no IP address is assigned to the forwarding interface, as identified in the figure below.
[pic]
3 Proxy-ARP Mode
If Proxy-Arp mode was chosen in section 4.2.2.1 above, then the following configuration pages are displayed.
1 Configure VLANs and Virtual Routers
The “Configure VLANs and Virtual Routers” page provides the ability to enable 802.1Q VLAN tags and/or multiple virtual routers, as identified in the figure below.
[pic]
2 Configure the Management Interface
The “Configure the Management Interface” page provides the ability to choose the management interface to be used and the IP address and netmask to be assigned to the management interface, as identified in the figure below.
[pic]
3 Configure Forwarding Interfaces
The “Choose Forwarding Interfaces” page provides the ability to choose the interfaces that will be used to forward traffic, as identified in the figure below.
NOTE: You must configure at least two interfaces.
[pic]
4 Configure Proxy-ARP Interfaces
The “Configure Proxy-ARP Interfaces” page provides the ability to specify the IP address and netmask for the forwarding interfaces defined in section 4.2.3.2.3.3, as identified in the figure below.
[pic]
4 Transparent Mode
If Transparent mode was chosen in section 4.2.2.1 above, then the following configuration pages are displayed.
1 Configure VLANs and Virtual Routers
The “Configure VLANs and Virtual Routers” page provides the ability to enable multiple virtual routers, as identified in the figure below.
[pic]
2 Configure the Management Interface
The “Configure the Management Interface” page provides the ability to choose the management interface to be used and the IP address and netmask to be assigned to the management interface, as identified in the figure below.
[pic]
3 Configure Forwarding Interfaces
The “Choose Forwarding Interfaces” page provides the ability to choose the interfaces that will be used to forward traffic, as identified in the figure below.
NOTE: You must configure at least two interfaces.
[pic]
5 Router Mode
If Router mode was chosen in section 4.2.2.1 above, then the following configuration pages are displayed.
1 Configure VLANs and Virtual Routers
The “Configure VLANs and Virtual Routers” page provides the ability to enable 802.1Q VLAN tags and/or multiple virtual routers, as identified in the figure below.
[pic]
2 Configure the Management Interface
The “Configure the Management Interface” page provides the ability to choose the management interface to be used and the IP address and netmask to be assigned to the management interface, as identified in the figure below.
[pic]
3 Configure Forwarding Interfaces
The “Choose Forwarding Interfaces” page provides the ability to choose the interfaces that will be used to forward traffic, as identified in the figure below.
NOTE: You must configure at least two interfaces.
[pic]
4 Configure Router Interfaces
The “Configure Router Interfaces” page provides the ability to specify the IP address and netmask for the forwarding interfaces defined in section 4.2.3.2.5.3, as identified in the figure below.
[pic]
3 Choose Routing Table
The “Configure Routing Table” page provides the ability to specify one or multiple routes to be used by the network interfaces installed on your IDP appliance, as identified in the figure below.
As a minimum, the default route should be specified for the network pertaining to the management interface.
[pic]
4 Configure DNS
The “Configure DNS” page provides the ability to enable and configure DNS information, such as Domain Name, Domain Search, and up to three different Name servers, as identified in the figure below.
[pic]
4 System
The System section of the ACM wizard allows you to:
▪ configure the date, time, and time zone,
▪ configure NTP settings,
▪ configure Radius settings,
▪ configure SNMP settings, and
▪ configure SSH access settings.
1 Configure Date/Time
The “Configure Date/Time” page provides the ability to enable and configure the date, time, and time zone for the IDP appliance, as identified in the figure below.
[pic]
2 Configure NTP
The “Configure NTP” page provides the ability to enable NTP and configure the ability to synch time with up to three different NTP servers, as identified in the figure below.
[pic]
3 Configure Radius
The “Configure Radius” page provides the ability to enable and configure Radius information, such as the Radius server IP, Radius server port, the shared secret and external User ID, as identified in the figure below.
[pic]
4 Configure SNMP
The “Configure SNMP” page provides the ability to enable and configure SNMP information, such as the read only community, system location, and system contact, as identified in the figure below.
[pic]
5 Configure SSH Access
The “Configure SSH Access” page provides the ability to enable remote access via SSH and to configure networks that are restricted access to initiate communication via SSH, as identified in the figure below.
The “Restrict Networks” button for configuring restricted access is further described below in section 4.2.4.5.1.
[pic]
1 Restrict Networks
When the “Restrict Networks” button is clicked from the “Configure SSH Access” page, an additional “Configure SSH Access” page is displayed providing the ability to specify networks that should be allowed to establish a connection via SSH, as identified in the figure below.
When no networks are defined and SSH is enabled, access to establish a connection via SSH is granted to any network. When specific network(s) are defined and SSH is enabled, only the network(s) specified are allowed access to establish a connection via SSH and all other network not specifically defined are denied access.
[pic]
5 Management
The Management section of the ACM wizard allows you to:
▪ configure NSM server communication settings, and
▪ configure settings that restrict access to the ACM interface.
1 Configure Access to the IDP ACM
The “Configure Access to the IDP ACM” page provides the ability to enable access to the ACM and to configure networks that are restricted access to initiate communication to ACM, as identified in the figure below.
The “Restrict Networks” button for configuring restricted access is further described below in section 4.2.5.1.1.
[pic]
1 Restrict Networks
When the “Restrict Networks” button is clicked from the “Configure Access to the IDP ACM” page, an additional “Configure Access to the IDP ACM” page is displayed providing the ability to specify networks that should be allowed to establish a connection to ACM, as identified in the figure below.
When no networks are defined and ACM is enabled, access to establish a connection to ACM is granted to any network. When specific network(s) are defined and ACM is enabled, only the network(s) specified are allowed access to establish a connection to ACM and all other network not specifically defined are denied access.
[pic]
6 Done
The Done section of the ACM wizard allows you to:
▪ view, save, and apply the settings selected through the previous ACM wizard pages.
1 Brief Configuration Report
The “Brief Configuration Report” page is the default page displayed within the Done section and provides the ability to view a brief summary of, save, and apply the settings selected through the previous ACM wizard pages, as identified in the figure below.
NOTE: While only a brief view of the configuration defined is displayed, all configurations that have been defined are saved and applied when “Save Only” or “Save & Apply” is selected.
[pic]
2 Detailed Configuration Report
By selecting the “Detailed Configuration Report” button from the “Brief Configuration Report” page, the “Detailed Configuration Report” page is displayed which provides the ability to view a detailed summary of, save, and apply the settings selected through the previous ACM wizard pages, as identified in the figure below.
Note: The entire page could not be captured in the figure below. However, all information that is displayed in addition the information in the Brief Configuration Report” page is identified within the figure below.
[pic]
3 Save Only
By selecting the “Save Only” option and clicking the “Confirm Configuration” button from either the “Brief Configuration Report” page or “Detailed Configuration Report” page, the “Configuration Saved” page is displayed which confirms having saved the settings selected through the previous ACM wizard pages, as identified in the figure below.
[pic]
4 Save & Apply
By selecting the “Save & Apply” option and clicking the “Confirm Configuration” button from either the “Brief Configuration Report” page or “Detailed Configuration Report” page, the “Configuration Saved & Applied” page is displayed which confirms having saved and applied the settings selected through the previous ACM wizard pages, as identified in the figure below.
[pic]
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related download
- bseries ipcamera manual
- evaluated configuration guide juniper networks
- rhub admin manual
- technology and support cisco community
- this lab involves using software network analyzers to
- quick howto ch10 windows linux and samba linux
- sample iso 9001 quality manual asq
- installing a new server
- radford university
- chapter 01 introduction to windows server 2016
Related searches
- professional learning networks for edu
- professional learning networks for educators
- computer networks tutorial pdf
- computer networks tutorialspoint
- computer networks book pdf
- personal learning networks for teachers
- professional learning networks for teachers
- computer networks basics pdf
- palo alto networks globalprotect download
- computer networks 5th edition pdf
- computer networks and internets pdf
- computer networks systems approach pdf