Network and Security Manager (NSM) Release Notes DMI Schema

Similar documents
Network and Security Manager (NSM) Release Notes DMI Schema

Network and Security Manager (NSM) Release Notes DMI Schema & NSM Schema

Network and Security Manager (NSM) Release Notes DMI Schema

Network and Security Manager (NSM) Release Notes DMI Schema & NSM Schema

Network and Security Manager (NSM) Release Notes DMI Schema & NSM Schema

Network and Security Manager (NSM) Release Notes DMI Schema

Intrusion Detection and Prevention Release Notes

Table 1 List of Common Ports Used by STRM Components. Port Direction Reason. components. your SMTP gateway

Intrusion Detection and Prevention Release Notes

NSM Plug-In Users Guide

Cluster Upgrade. SRX Series Services Gateways for the Branch Upgrade Junos OS with Minimal Traffic Disruption and a Single Command APPLICATION NOTE

Network Configuration Example

Juniper Networks. Junos Pulse on Mobile Release 2.0. Android build #7687. BlackBerry build #154. Apple ios build #8059. Juniper Networks, Inc.

QUICKSTART GUIDE FOR BRANCH SRX SERIES SERVICES GATEWAYS

Intrusion Detection and Prevention IDP 4.1r4 Release Notes

Junos Pulse Access Control Service Release Notes

UPGRADING STRM TO R1 PATCH

NSM Plug-In Users Guide

Partition Splitting. Release Juniper Secure Analytics. Juniper Networks, Inc.

NSM Plug-In Users Guide

IDP Detector Engine Release Notes

Secure Remote Access with Comprehensive Client Certificate Management

Setting Up an STRM Update Server

Technology Overview. Retrieving VLAN Information Using SNMP on an EX Series Ethernet Switch. Published:

CONFIGURING WEBAPP SECURE TO PROTECT AGAINST CREDENTIAL ATTACKS

Release Notes. Juniper Secure Analytics. Juniper Networks, Inc North Mathilda Avenue Sunnyvale, CA USA

SRX240 Services Gateway Quick Start

Network Configuration Example

Deploying JSA in an IPV6 Environment

Junos Pulse Secure Access Service

JSA Common Ports Lists

Network Configuration Example

Juniper Networks Access Control Release Notes

JUNIPER NETWORKS PRODUCT BULLETIN

Junos Pulse Access Control Service

Junos Pulse MSS MSG Release 4.2R1

Deploying STRM in an IPV6 Environment

Juniper Networks Certification Program

IDP Detector Engine Release Notes

Wireless LAN. SmartPass Quick Start Guide. Release 9.0. Published: Copyright 2013, Juniper Networks, Inc.

Release Notes: J-Web Application Package Release 17.4A1 for EX4300 and EX4600 Switches

J-Care Agility Services Advanced Options

VMWARE VIEW WITH JUNIPER NETWORKS SA SERIES SSL VPN APPLIANCES

Web Device Manager Guide

SETTING UP A JSA SERVER

Juniper Networks NetScreen-Secure Access

Release Notes: J-Web Application Package Release 15.1A4 for Juniper Networks EX Series Ethernet Switches

Pulse Policy Secure. Guest Access Solution Configuration Guide. Product Release 5.2. Document Revision 1.0 Published:

Junos Space. Reports. Release Published: Copyright 2014, Juniper Networks, Inc.

Juniper Exam JN0-314 Junos Pulse Access Control, Specialist (JNCIS-AC) Version: 7.0 [ Total Questions: 222 ]

Technical Configuration Example

SRX110 Services Gateway Quick Start

ScreenOS 5.4.0r4 FIPS Reference Note

JUNOS SCOPE SOFTWARE IP SERVICE MANAGER

Installing JSA Using a Bootable USB Flash Drive

Managing User-Defined QID Map Entries

Customizing the Right-Click Menu

Restore Data. Release Juniper Secure Analytics. Juniper Networks, Inc.

Junos Pulse Secure Access Service Release Notes

STRM Log Manager Administration Guide

Junos Pulse Secure Access Service

Network Configuration Example

Junos Pulse 2.1 Release Notes

Junos Pulse Secure Access Service Release Notes

PULSE CONNECT SECURE APPCONNECT

JN0-355 Q&As. Junos Pulse Secure Access, Specialist (JNCIS-SA) Pass Juniper JN0-355 Exam with 100% Guarantee

Configuring Dynamic VPN

Pulse Secure Access. Release Notes July R3.2. Build Published Document Version

Coordinated Threat Control

Integration Guide. SafeNet Authentication Client. Using SAC CBA with Juniper Junos Pulse

Junos Pulse Secure Access Service

Steel-Belted Radius Installation Instructions for EAP-FAST Security Patch

Pulse Secure Desktop Client

Junos Pulse Access Control Service. Release Notes (Rev. 1.0)

Network Configuration Example

Pulse Policy Secure. Getting Started Guide. Product Release 5.1. Document Revision 1.0 Published:

Release Notes: J-Web Application Package Release 15.1A1 for Juniper Networks EX Series Ethernet Switches

C2000 and C4000 Hardware Quick Start Guide

Pulse Secure Mobile Android Release 6.3.0

Unified Access Control 4.0R2. Supported Platforms. IC Build OAC Build Junos Pulse Release

Network Configuration Example

Certification Graphics Usage

Pulse Policy Secure. Access Control in the Federated Enterprise Using IF-MAP Network Configuration Example. Product Release 5.2

TX Matrix Cable Shelf Assembly Installation Instructions

ScreenOS 5.0.0r9-FIPS With NSM Reference Note

JUNIPER OPTIMUM CARE SERVICE

Network Configuration Example

Unless otherwise noted, all references to STRM refer to STRM, STRM Log Manager, and STRM Network Anomaly Detection.

Reference Data Collections

CONFIGURING THE CX111 FOR THE SSG SERIES

Juniper JN0-570 JNCIS-SSL. Download Full Version :

Juniper Secure Analytics Quick Start Guide

Juniper Sky Enterprise

How to Set Up Your SRX4100 Services Gateway

Junos Genius FAQs. What is Junos Genius? How can I access the Junos Genius platform? What learning assets are available on Junos Genius?

How to Set Up Your SRX300 Services Gateway

ESET SECURE AUTHENTICATION. Juniper SSL VPN Integration Guide

Release Notes for Cisco UCS Platform Emulator, Release 3.1(1ePE1)

EX2500 Ethernet Switch 3.1 Release Notes

JUNOS SPACE ROUTE INSIGHT

Transcription:

Network and Security Manager (NSM) Release Notes DMI Schema Release version 255 ver 1.0.252, November 8, 2012 Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA 94089 USA 408-745-2000 www.juniper.net

Version Summary Juniper Networks Network and Security Manager (NSM) is a software application that centralizes control and management of your Juniper Networks devices. With Network and Security Manager, Juniper Networks delivers integrated, policy-based security and network management for all security devices and other Juniper Networks devices in your networks. Network and Security Manager uses the technology developed for Juniper Networks ScreenOS to enable and simplify management support for previous and current versions of ScreenOS and now for Junos Software. By integrating management of all Juniper Networks devices, Network and Security Manager enhances the overall security and manageability of the Internet gateway Addressed Issues: None Known Issues: In the NSM UI, the group selector panels titled Members/Non-Members map to the panels titled Available/Selected or Available List/Selected List in the SA or Infranet Controller admin UI. (55674) Identifier names (names of key fields) in the SA and Infranet Controller configuration, such as the names or realms, roles, sign-in URLS, sign-in pages and so forth, cannot be changed through the NSM UI. This is correct NSM behavior. However, identifier names can be changed through the SSL VPN SA and Infranet Controller Web UI. (57104) Selection of multiple objects is not available through the NSM UI, even though this capability is available on the SA and Infranet Controller admin UI in multiple places. (57190) The SA and Infranet Controller admin UI allows duplication of objects such as roles or resource profiles. This capability does not exist in the NSM UI. (55527) The default value of Network Connect option in the SA template's User role is not validated to its correct default value by NSM.(570650) After a device reboot, NSM status may change to "Device Changed". The workaround is to execute "Import Device" from NSM after the device reboot. (722250) In Active/Passive Cluster IPv6 can be enabled on Management port using NSM configuration which will allow admin to access an A/P Cluster using IPv6 Address (820259) If the administrator configures virtual ports for the external interface when the external interface is disabled, NSM accepts the configuration without any validation errors. However, when the configuration is pushed to the device, device-side validation fails and the device throws an error, resulting in a failed config update from NSM. (58625) DMI Schema Release 2

When configuring IP address for virtual ports, no validation check is performed on the NSM side. When the configuration is updated to the SA device, an error will be generated if the IP address is invalid. (58627) In NSM, administrators are allowed to edit virtual ports settings from the Passive node, provided the Cluster license is installed on that node. (59215) When configuring Host Checker registry check rule types via NSM, the input type validation is not completed for DWORD and binary registry values. (384845) If an SA 7.0R1 device is added to NSM 2009.1r1 or 2010.1, after first import, they will see a configuration validation error at Resource policies > General > Kerberos Intermediation. The workaround is to create a dummy realm under Kerberos realm definition and attach it to Kerberos intermediation, but this workaround can only be applied if Kerberos SSO is not employed in the customer s deployment. (485829) Through NSM, User is able to update Secure Meeting configuration on SA service successfully even if SMTP Login and SMTP Password are invalid. (59632) Discrepancy between NSM UI and IVE admin UI : On the NSM UI, if the admin performs the following steps: - Edit configuration, Go to Users->Resource Policies->Web->General->Kerberos->Kerberos Intermediation and enable 'Fallback to NTLM V2' option. - Go to Users->Resource Policies->Web->Basic Auth/NTLM SSO. - Create a new policy with Authentication type as Kerberos. - Then: 'Default' value is not present for the Label option. However, a similar workflow when performed on the IVE admin UI results in the 'Default' value being present in the dropdown. To work around this issue, the NSM administrator needs to manually enter the value for the Label field. (464103) Through NSM, if user selects Sequential room number with prefix option, and leaving a blank value, an error is thrown Meeting room number prefix cannot by empty. In spite of this error, if the configuration is pushed to the SA through update device, then the following results may happen depends on the configuration of the IVE: (384371) - In the Admin UI, if the Meeting Name is set to User, then update device will fail with the error Please specify a Room for the Meeting Name. This is the expected behaviour, as described in the bug description. - In the Admin UI, if the Meeting Name is set to Expression, then the update device will succeed. But the result is wrong, as described in the comment 5. The Meeting Name will be set to Sequential Room with prefix, but the value of the prefix will be incorrect. PR 691493 - EX devices loaded with 11.2 and above is unable to configure server-reject-vlan option under Dot1x properly. PR 688353 - Serial Number is not displayed for SRX110 device under Hardware inventory Chassis information. DMI Schema Release 3

New platforms SRX240B2, SRX240H2, SRX240H2-DC added with 11.4R5.5 are not supported with 11.4R5.5 schema. Added Support: 12.1R4.7 for junos, junos-es and junos-ex. Removed Support: None DMI Schema Release 4

Supported releases This DMI schema update supports the following device code releases: Note: Junos 10.4R2 will not be supported. Junos 11.2R2 will not be supported. Junos Service Releases have limited support in NSM. Junos Service Release device CLI changes will not be supported in NSM. SA 7.0r7 and 7.1r3 do not have published schema and will not be supported from NSM. Please refer to the SA release notes for more details. Device Family J/SRX family JunOS version Release 12.1 12.1R1.9, 12.1R2.9, 12.1R3.5,12.1R4.7 Release 11.4 11.4R1.6, 11.4R2.14, 11.4R3.7,11.4R4.4, 11.4R4-S1.2,11.4R4-S2, 11.4R5.5 Release 11.2 11.2R1.10, 11.2R3.3, 11.2R4.3, 11.2R5.4 11.2R6.3, 11.2R7.4 Release 11.1 11.1R1.14, 11.1R2.3, 11.1R3.5, 11.1R4.4, 11.1R6.4 Release 10.4 10.4R1.9, 10.4R3.4, 10.4R4.5, 10.4R5.5, 10.4R6.5 10.4R7.5, 10.4R8.5, 10.4R9.2, 10.4R10.7, 10.4R11.4 Release 10.3 10.3R1.9, 10.3R2.11, 10.3R3.7, 10.3R4.4 Release 10.2 10.2R2.11, 10.2R4.8 Release 10.1 10.1R1.8, 10.1R2.8, 10.1R3, 10.1R4.4 Release 10.0 10.0R1, 10.0R2, 10.0R3, 10.0R4 Release 9.3 9.3R1, 9.3R2, 9.3R3, 9.3R4 DMI Schema Release 5

M/MX Release 12.2 12.2R1.8 Release 12.1 12.1R1.9, 12.1R2.9, 12.1R3.5,12.1R4.7 Release 11.4 11.4R1.6, 11.4R2.14, 11.4R3.7, 11.4R4.4, 11.4R5.5 Release 11.2 11.2R1.10, 11.2R3.3, 11.2R4.3, 11.2R5.4 11.2R6.3, 11.2R7.4 Release 11.1 11.1R1.14, 11.1R2.3, 11.1R3.5, 11.1R4.4, 11.R6.4 Release 10.4 10.4R1.9, 10.4R3.4, 10.4R4.5, 10.4R5.5, 10.4R6.5 10.4R7.5, 10.4R8.5, 10.4R9.2, 10.4R10.7, 10.4R11.4 Release 10.3 10.3R1.9, 10.3R2.11, 10.3R3.7, 10.3R4.4 Release 10.2 10.2R2.11, 10.2R4.8 Release 10.1 10.1R1.11, 10.1R1.8, 10.1R2.8, 10.1R3, Release 10.1 10.1R4.4 Release 10.0 10.0R1, 10.0R2, 10.0R3, 10.0R4 Release 9.3 9.3R1, 9.3R2, 9.3R3, 9.3R4 DMI Schema Release 6

Device Family EX Junos-QFX JunOS version Release 12.2 12.2R1.8 Release 12.1 12.1R1.9, 12.1R2.9, 12.1R3.5,12.1R4.7 Release 11.4 11.4R1.6, 11.4R2.14, 11.4R3.7, 11.4R4.4, 11.4R5.5 Release 11.3 11.3R2.4, 11.3R3.2, 11.3R4.2 Release 11.2 11.2R1.2, 11.2R3.3, 11.2R4.3, 11.2R5.4, 11.2R6.3, 11.2R7.4 Release 11.1 11.1R1.14, 11.1R2.3, 11.1R3.5, 11.1R4.4, 11.1R6.4 Release 10.4 10.4R1.9, 10.4R3.4, 10.4R4.5, 10.4R5.5, 10.4R6.5 10.4R7.5, 10.4R8.5, 10.4R9.2, 10.4R10.7, 10.4R11.4 Release 10.3 10.3R1.9, 10.3R2.11, 10.3R3.7, 10.3R4.4 Release 10.2 10.2R2.11, 10.2R4.8 Release 10.1 10.1R1.8, 10.1R2.8, 10.1R3, 10.1R4.4 Release 10.0 10.0R1, 10.0R2, 10.0R3, 10.0R4 Release 9.3 9.3R1, 9.3R2, 9.3R3, 9.3R4 Release 11.3 11.3R1.7 Device Family Secure Access Infranet Controller Junos - MAG JunOS version Release 7.3 7.3R1 Release 7.2 7.2R1.1, 7.2R3 Release 7.1 7.1R1, 7.1R2, 7.1R4,7.1R6 Release 7.0 7.0R1, 7.0R3, 7.0R6 Release 6.5 6.5R1, 6.5R2, 6.5R3, 6.5R4, 6.5R5, Release 6.5 6.5R7, 6.5R9, 6.5R10, 6.5R11 Release 6.4 6.4R1, 6.4R2, 6.4R3, 6.4R4, 6.4R5 Release 6.3 6.3R1,6.3R2, 6.3R3, 6.3R5, 6.3R6, 6.3R7 Release 4.3 4.3R1 Release 4.2 4.2R1.1 Release 4.1 4.1R1, 4.1R2, 4.1R6 Release 4.0 4.0R1, 4.0R3 Release 3.1 3.1R1, 3.1R2, 3.1R3, 3.1R4, 3.1R5, 3.1R7 Release 3.0 3.0R1, 3.0R2, 3.0R3 Release 2.2 2.1R1, 2.2R2, 2.2R3, 2.2R4 Release 11.4 11.4R2.8 Release 11.1 11.1R1.2, 11.1R1.14 DMI Schema Release 7

NSM releases are bundled with specific versions of Schema. All listed versions of NSM can be upgraded to the latest schema. NSM Release Bundled Schema version NSM 2012.1 Version 233 NSM 2011.4 Version 222 NSM 2011.1 Version 166 NSM 2010.4 Version 158 NSM 2010.3 Version 143 NSM 2010.2 Version 134 NSM 2010.1 Version 119 NSM 2009.1r1 Version 87 NSM 2008.2r2 Version 66 DMI Schema Release 8

Schema Update considerations Online Schema update KB12561 Offline Schema update KB12756 Before the Schema is applied on the NSM servers, the below changes may need to be performed. These changes are required on 2010.3 and 2010.4 versions of NSM. These changes may also be required when upgrading to a later NSM version. 1. Login to the NSM GUI Server & edit the /usr/netscreen/guisvr/var/guisvr.cfg Modify the line that looks as below guisvrdirectivehandler.max.heap 1024000000 to guisvrdirectivehandler.max.heap 1536000000 2. Login to the NSM Device Server & edit the /usr/netscreen/devsvr/var/devsvr.cfg Modify the line that looks as below devsvrdirectivehandler.max.heap 1024000000 to devsvrdirectivehandler.max.heap 1536000000 3. Login to the NSM Dev Server & edit the file /usr/netscreen/devsvr/var/be/cfg/swrpcinfo.prop Modify the below parameters to new values as shown below: get-re-info.response.retry=60 request-package-add.response.retry=10 request-reboot.response.retry=10 file-put.response.timeout=120 file-put.response.retry=10 (may be set as high as 40 if upgrade is timing out) These changes are required due to the increased JUNOS image sizes. 4. Stop all the NSM processes Non-HA environment HA environment /etc/init.d/hasvr stop /etc/init.d/guisvr stop /etc/init.d/devsvr stop /etc/init.d/hasvr stop DMI Schema Release 9

5. Start all the processes Non-HA environment HA environment /etc/init.d/guisvr start /etc/init.d/devsvr start /etc/init.d/hasvr start /etc/init.d/hasvr start 6. On the client we need to update the heap size Go to C:\Program Files\Network and Security Manager/ Edit NSM.lax file & modify the heap size to the below values lax.nl.java.option.java.heap.size.initial=48m to lax.nl.java.option.java.heap.size.initial=64m lax.nl.java.option.java.heap.size.max=768m to lax.nl.java.option.java.heap.size.max=1280m Getting Help For more assistance with Juniper Networks products, visit: www.juniper.net/support Juniper Networks provides maintenance releases (updates and upgrades) for NSM software. To have access to these releases, you must register your NetScreen devices and NSM application with Juniper Networks at the above web address. Copyright 2007 Juniper Networks, Inc. All rights reserved. Juniper Networks and the Juniper Networks logo are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered trademarks, or registered service marks in this document are the property of Juniper Networks or their respective owners. All specifications are subject to change without notice. Juniper Networks assumes no responsibility for any inaccuracies in this document or for any obligation to update information in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without receiving written permission from: Juniper Networks, Inc. ATTN: General Counsel 1194 N. Mathilda Ave. Sunnyvale, CA 94089 U.S.A. http://www.juniper.net DMI Schema Release 10

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback