We help IT Professionals succeed at work.

Manager gone baby gone

jchri66
jchri66 asked
on
295 Views
Last Modified: 2013-11-29
I have a Juniper Netscreen IDP solution in place.  This was set up before I started working at my current job and no one is left that knows anything about it.  I know there is a sensor box in place on the network and that there is a management box that can connect to it.  My problem starts with the fact that my help desk guy took the manager box and reimaged it for another use.  So, I was able to install Red Hat on a VM and followed the directions to install the manager software and was able to connect to the Sensor but after that I'm lost.  There is some configuration documentation that previous guy left but not much.
This documentation shows a screen shot of the policy and that's it.  I am connected to the Sensor but I;m not seeing any policies available.  
So my questions are:
Is the sensor just normally picking up everything and the policy is on the manager only?
If so, then I suppose I just need to recreate a policy on the manager to examine and respond to the traffic the Sensor sees.  Nothing really needs to be done on the Sensor......  

 
Comment
Watch Question

Commented:
Have you tried contacting Juniper support?

http://www.juniper.net/support/requesting-support.html

Or checking their support docs?

http://www.juniper.net/techpubs/

Author

Commented:
I haven't only because the support came with a price from our rep.  Basically I'm looking to get this up and running again only to trouble shoot if it's actually causing others issues I'm seeing on the network and then possibilty take it down.  Support cost was high.

Commented:
I'm not familiar with Juniper's support pricing structure. Is there a cost for downloading their documentation too? If so, I expect they'll be sending me a bill for the .PDF files I downloaded from their support site. :-)

Author

Commented:
I do have the PDFs that came with the software and had browsed through the 340+ pages.  That seemed to lean towards the policy should still be running even though the manager was blown out.  

"After you install a Security Policy on your IDP Sensors, they immediately begin monitoring your network traffic."

  So again my question is I have the manger reinstalled and the Sensor(that was not blown out) was added as a network object.  I don't see any policies available to look at so I was curious where exactly the policy lives, on the sensor or management server.  I would have assumed that connecting to the Sensor would have shown the policy that is currently running if the quote from the documentation is a true statement.  So I just don't know now if the Sensor is just collecting generic data or actually running a policy I can't see.
CERTIFIED EXPERT
Top Expert 2007

Commented:
When you say manager are you referring to Netscreen Security Manager software; if yes (what version?), then I would like to tell you that when you add a IDP device to NSM then the policy is not imported.

If you are referring to the https page through which you access the IDP then it is different.

Please note if you are using NSM whatever policy you would configure and push it would take effect on the IDP.

Please let me know the details. I would try to provide additional information as needed.

Thank you.

Author

Commented:
Thanks for the promise of help.

The Netscreen product we are using has a server running the IDP sensor software, a server running the manager software and a GUI interface that you can install on a workstation to connect to the manager.  When using the GUI interface(kind of like a Microsoft MMC) to connect to the manger you can add network devices for the manager to management.  So you add the Sensor and then configure policies to push to the Sensor.  This is where I'm confused.

I don't know if the policies live on the manger and then it, the manager, determines what happens to the traffic that the Sensor picks up or if the policies actually get applied to the Sensor and then it, the Sensor, determines what it sniffs on the network traffic.  

Again, my problem is that the manger server got wiped out and I was able to rebuild a new manager server and connect to the Sensor, but I don't see any policies showing.  Hence the question on where the policies really live.  The GUI says V3.2.

 
CERTIFIED EXPERT
Top Expert 2007

Commented:
The policies are compiled on the device (sensor) and then stored on the device. It is the device which decides what to do with the traffic in real time.

The manager would only have the policy as it shows applied; you can make changes to the policy and decide not to push to the device. Also, if you have Netscreen Security Manager (NSM) then you cannot import IDP policies from the device.

As I said earlier, you can go ahead and create a policy on the new Manager and then push to the device; and then based on the new firewall policy the IDP would detect and then take action.

On the IDP itself, after SSH in do su; you can use scio policy list s0 command to list the current policy; also you can look at the policy at this path:
/usr/idp/device/state/s0/ in the file named policy.set

Please let me know if you need more details.

Thank you.

Author

Commented:
So I can assume based on the previous admins documentation that shows screen shots of policies that even though the manager was wiped the sensors is still using the those policies?  And all I have to recreate them and apply them again to see them in the manager?  Do any new policies completely overwrite what is currently in use or is there a filter of some sorts?
CERTIFIED EXPERT
Top Expert 2007
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.