Deploying JSA in an IPV6 Environment

Similar documents
Deploying STRM in an IPV6 Environment

SETTING UP A JSA SERVER

Restore Data. Release Juniper Secure Analytics. Juniper Networks, Inc.

Managing User-Defined QID Map Entries

Customizing the Right-Click Menu

Partition Splitting. Release Juniper Secure Analytics. Juniper Networks, Inc.

Setting Up an STRM Update Server

Reference Data Collections

Forwarding Logs Using Tail2Syslog. Release Security Threat Response Manager. Juniper Networks, Inc.

JSA Common Ports Lists

Release Notes. Juniper Secure Analytics. Juniper Networks, Inc North Mathilda Avenue Sunnyvale, CA USA

Installing JSA Using a Bootable USB Flash Drive

Reconfigure Offboard Storage During a JSA Upgrade

NSM Plug-In Users Guide

CUSTOM EVENT PROPERTIES FOR IBM Z/OS

Patch Release Notes. Release Juniper Secure Analytics. Juniper Networks, Inc.

Troubleshooting Guide

NSM Plug-In Users Guide

Release Notes Patch 1

Upgrading STRM to

STRM Administration Guide

STRM Getting Started Guide. Release Security Threat Response Manager. Juniper Networks, Inc.

NSM Plug-In Users Guide

Adaptive Log Exporter Users Guide

High Availability Guide

Customizing SNMP Traps

Patch Release Notes. Release Juniper Secure Analytics. Juniper Networks, Inc.

STRM Log Manager Administration Guide

WinCollect User Guide

ScreenOS 5.4.0r4 FIPS Reference Note

Blackwire C610 Blackwire C620

Cisco Meeting Management

Cisco Unified Communications Manager Device Package 8.6(2)( ) Release Notes

Cisco Meeting Management

UPGRADING STRM TO R1 PATCH

Hardware Installation 1. Install two AA batteries in the mouse. Pairing Process in Vista and Windows XP SP2

STRM Adaptive Log Exporter

Juniper Secure Analytics

Considerations for Deploying Cisco Expressway Solutions on a Business Edition Server

Tetration Cluster Cloud Deployment Guide

Cisco Unified Communications Manager Device Package 10.5(1)( ) Release Notes

Log Sources Users Guide

Operation Manual for Cloud 3700F Version 0

Home Automation by Reliant User Manual

QUICK START GUIDE HOW TO LOAD YOUR ECLIPSE MP3 PLAYER:USING WINDOWS MEDIA PLAYER* When you connect your device to your computer and open your

Device Registration Walkthrough

Cisco Unified IP Conference Phone 8831 and 8831NR Release Notes for Firmware Release 10.3(1)SR3

Charging Pad / Charging Stand

RFID SIP Firmware Update Instructions for minipad / rpad

Panda Wireless Version 4.0 ( BLE + EDR) Bluetooth USB Adapter Quick Start Guide Model number: PBU40 FCC ID:2ADUTLGPBU40

USER GUIDE. Element Wireless Smart Plug Model: E1C-NB6

Bluetooth Mini Keyboard. User s Manual. Version /05 ID NO: PAKL-231B

Cisco Meeting App. What's new in Cisco Meeting App Version December 17

Juniper Secure Analytics Patch Release Notes

Wireless LAN. SmartPass Quick Start Guide. Release 9.0. Published: Copyright 2013, Juniper Networks, Inc.

Retractable Kaleidoscope TM Notebook mouse USER GUIDE

Network Configuration Example

Installation Guide 2/4-Port HDMI Multimedia KVMP Switch with Audio GCS1792 / GCS1794 PART NO. M1085 / M1086

TABLE OF CONTENTS Folding the Jacket Case into a Stand... 2 FCC Information... 3 Location of Parts and Controls... 4 Charging the Keyboard...

Quick Start Guide. 2/4-Port 4K DisplayPort KVMP Switch with Dual Video Out and RS-232

PRODUCT DIAGRAM PACKAGE CONTENTS

USER GUIDE. USB Virtual COM. Accessory Part No Version 2.10

Bluetooth Wireless Technology Enabled Optical Mouse

USB Ultra-Mini Bluetooth 2.0 Adapter with EDR USER GUIDE

Zodiac WX QUICK START GUIDE

Juniper Secure Analytics Virtual Appliance Installation Guide

PACKAGE CONTENTS SPECIFICATIONS

Quick Start Guide Bluetooth to Serial Adapter

1. Product description

VS0801H 8-Port HDMI Switch RS-232 Control Tool V User Manual

midibox 2 user manual

Model: SWBGFSA-0 WiFi/Bluetooth/GPS 3-in-1 Combo Module User Guide

Juniper Secure Analytics Patch Release Notes

Don t plug me in just yet.

Introduction. Package Contents. System Requirements

Bluetooth Micro Dongle User s Guide. Rating: 5V DC 80mA Made in China

USB Hub-Audio Series. January 1999 A

ActiveHome2 USB 2-Way Home Automation Interface. Model CM15A

Juniper Secure Analytics Patch Release Notes

Easi-Speak Docking Station. Warranty & Support. Technical Support

USER GUIDE. Ultra-Slim Stow-N-Go TM ExpressCard Presenter

N331 Wireless Mini Optical Mouse User s Guide

Rocket 640L/644L 6Gb/s SATA Host Adapter Quick Installation Guide

Owner s Manual. USB to RJ45 Cisco Rollover Cable. Model: U RJ45-X PROTECT YOUR INVESTMENT!

Installation Guide esata 1.5Gbps 1 external + 1 internal port Low profile PCI card GIC711SW6 PART NO. M0559

Single Port Serial PC Card User Manual

SMART SWITCH. User s Manual. This product is to be used with the MySmartBlinds automation kit.

User Manual. Daffodil. 2.4GHz Wireless Mouse Souris Sans Fil 2.4GHz 2.4GHz Wireless Maus Mouse senza fili da 2.4 GHz Ratón Inalámbrica 2.

BLUETOOTH KEYBOARD & SPEAKER CASE

Rocket 272x 6Gb/s SAS/SATA Host Adapter Quick Installation Guide

LaserJet Pro M501 Getting Started Guide

USER GUIDE. Smart Wi-Fi LED Bulb (2700K and 5000K) Model: W11-N11

Accessibility Features for the Cisco Unified SIP Phone 3905

Technology Overview. Retrieving VLAN Information Using SNMP on an EX Series Ethernet Switch. Published:

TERMINAL USER MANUAL 13/12/2017

READ FIRST! Bluetooth USB Adapter 2.0 Manual. Included in This Package Bluetooth USB Adapter CD-ROM with Bluetooth software and manual

DisplayPort Multi-Display Splitter/Expanders. Models: B , B DVI, B HDMI

EN-9235TX-32 Quick Installation Guide

Technical Configuration Example

NA502 Multiple RF Home Gateway

Transcription:

Juniper Secure Analytics Deploying JSA in an IPV6 Environment Release 7.3.0 Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA 94089 USA 408-745-2000 www.juniper.net Published: 2017-09-14

Copyright Notice Copyright 2017 Juniper Networks, Inc. All rights reserved. Juniper Networks, Junos, Steel-Belted Radius, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. The Juniper Networks Logo, the Junos logo, and JunosE are trademarks of Juniper Networks, Inc. The following terms are trademarks or registered trademarks of other companies: Java TM and all Java-based trademarks and logos are trademarks or registered trademarks of Oracle and/or its affiliates. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners. All specifications are subject to change without notice. Juniper Networks assumes no responsibility for any inaccuracies in this document or for any obligation to update information in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. FCC Statement The following information is for FCC compliance of Class A devices: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. The equipment generates, uses, and can radiate radio-frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference, in which case users will be required to correct the interference at their own expense. The following information is for FCC compliance of Class B devices: The equipment described in this manual generates and may radiate radio-frequency energy. If it is not installed in accordance with Juniper Networks installation instructions, it may cause interference with radio and television reception. This equipment has been tested and found to comply with the limits for a Class B digital device in accordance with the specifications in part 15 of the FCC rules. These specifications are designed to provide reasonable protection against such interference in a residential installation. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures: Reorient or relocate the receiving antenna. Increase the separation between the equipment and receiver. Consult the dealer or an experienced radio/tv technician for help. Connect the equipment to an outlet on a circuit different from that to which the receiver is connected. Caution: Changes or modifications to this product could void the user's warranty and authority to operate this device. Disclaimer THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT, SUBJECT TO THE MODIFICTAIONS SET FORTH BELOW ON THIS PAGE, ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR JUNIPER NETWORKS REPRESENTATIVE FOR A COPY. Deploying JSA in an IPV6 Environment Release 7.3.0 Copyright 2017, Juniper Networks, Inc. All rights reserved. Printed in USA. Revision History September 2017 Deploying JSA in an IPV6 Environment The information in this document is current as of the date listed in the revision history. END USER LICENSE AGREEMENT The Juniper Networks product that is the subject of this technical documentation consists of (or is intended for use with) Juniper Networks software. Use of such software is subject to the terms and conditions of the End User License Agreement ( EULA ) posted at http://www.juniper.net/support/eula.html, as modified by the following text, which shall be treated under the EULA as an Entitlement Document taking precedence over any conflicting provisions of such EULA as regards such software: As regards software accompanying the STRM products (the Program ), such software contains software licensed by Q1 Labs and is further accompanied by third-party software that is described in the applicable documentation or materials provided by Juniper Networks. 2

For the convenience of Licensee, the Program may be accompanied by a third party operating system. The operating system is not part of the Program, and is licensed directly by the operating system provider (e.g., Red Hat Inc., Novell Inc., etc.) to Licensee. Neither Juniper Networks nor Q1 Labs is a party to the license between Licensee and the third party operating system provider, and the Program includes the third party operating system AS IS, without representation or warranty, express or implied, including any implied warranty of merchantability, fitness for a particular purpose or non-infringement. For an installed Red Hat operating system, see the license file: /usr/share/doc/redhat-release-server-6server/eula. By downloading, installing or using such software, you agree to the terms and conditions of that EULA as so modified. 3

4

CONTENTS 1 DEPLOYING JSA IN AN IPV6 ENVIRONMENT Understanding IPv6................................................... 7 IPv6 Integration with JSA............................................... 7 Network Activity Tab................................................ 7 Log Activity Tab.................................................... 8 Searching, Grouping, and Reporting on IPv6 Felds........................ 8 Custom Rules..................................................... 8 Deployment Editor................................................. 8 IPv6 Configuration Considerations....................................... 8 Known Limitations.................................................... 9

1 DEPLOYING JSA IN AN IPV6 ENVIRONMENT IPv4 and IPv6 addressing is supported for network connectivity and management of Juniper Secure Analytics (JSA) software and appliances. When you install JSA, you are prompted to specify whether your Internet protocol is an IPv4 or IPv6 environment. Unless otherwise noted, all references to JSA refer to JSA and Log Analytics. References to flows do not apply to Log Analytics. Understanding IPv6 IPv6 is an Internet protocol for packet-switched networks. IPv6 has a larger address space than IPv4, thus allowing flexibility in allocating addresses and routing traffic. Event and flow records contain normalized fields for IPv6 addresses. Also, Device Support Modules (DSMs) can parse IPv6 source and destination address from event payloads. IPv6 Integration with JSA Network Activity Tab The following JSA components support IPv6: Network Activity Tab Log Activity Tab Searching, Grouping, and Reporting on IPv6 Felds Custom Rules Deployment Editor Depending on your deployment, the Network Activity tab can display four IP address fields: Source IP Address Destination IP Address IPv6 Source Address IPv6 Destination Address Deploying JSA in an IPV6 Environment

8 DEPLOYING JSA IN AN IPV6 ENVIRONMENT To save space and indexing in a native IPv4 or IPv6 source environment, additional IP address fields are not stored or displayed. IPv6 addresses are supported for both packet data, including sflow, and NetFlow V9 data. However, older versions of NetFlow may not support IPv6. Log Activity Tab Depending on your deployment, the Log Activity tab can display four IP address fields: Source IP Address Destination IP Address IPv6 Source Address IPv6 Destination Address When an address does not exist, template-based records are used to avoid wasted space. DSMs can parse IPv6 addresses from the event payload. If any DSM can not parse IPv6 addresses, a log source extension can parse the addresses. For more information about log source extensions, see the Log Sources Users Guide. Searching, Grouping, and Reporting on IPv6 Felds Custom Rules Deployment Editor In an IPv6 deployment, you can: Search events and flows using IPv6 parameters in the search criteria. Group and sort event and flow records based on IPv6 parameters. Base reports on data from IPv6-based searches. A custom rule has been added to support IPv6 addressing: SRC/DST IP = IPv6 Address IPv6-based building blocks have also been added for use in additional rules. The deployment editor supports IPv6 addresses. IPv6 Configuration Considerations When deploying JSA in an IPv6 environment, consider the following: To log in to JSA in an IPv6 environment, the IP address must be wrapped in square brackets as follows: https://[<ip Address>] Where <IP Address> is the IP address of the JSA system. Both IPv4 and IPv6 environments can use a hosts file for address translation. An IPv6 environment console requires that the client resolves the console address by its host name. We recommend that you add the IP address of the IPv6 console to the /etc/hosts file on the client. Deploying JSA in an IPV6 Environment

Known Limitations 9 Flow sources, such as NetFlow and sflow, can be accepted from IPv4 and IPv6 addresses. Event sources, such as syslog and SNMP, can be accepted from IPv4 and IPv6 addresses. Disable superflows and flow bundling in an IPv6 environment. See the Juniper Secure Analytics Administration Guide. Known Limitations When JSA is deployed in an IPv6 environment, the following limitations are known: The network hierarchy is not updated to support IPv6. Some aspects of the JSA deployment, including surveillance, searching, and analysis, do not take advantage of the network hierarchy. For example, within the Log Activity tab, you cannot search or aggregate events By Network. No IPv6-based asset profiles. Asset profiles are only created if JSA receives events, flows, and vulnerability data for IPv4 hosts. No host profile test in custom rules for IPv6 addresses. No specialized indexing or optimization of IPv6 addresses. No IPv6-based sources and destinations for offenses. Deploying JSA in an IPV6 Environment

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback