[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1372
  • Last Modified:

Juniper Strm 2500 appliance

Hi Everyone i am implementing a juniper 2500 appliance strm with an sa 2500 device an nsm appliance an ssg550 cluster anisg2000 cluster with IDP blades i want to know if any one has design sugeestion or any step by step configuration guides ( i have already taken a look at the admin and user guide that are on the juniper website
0
mzhaim
Asked:
mzhaim
  • 7
  • 6
1 Solution
 
deimarkCommented:
Thats quite an inventory there bud.

Design suggestions will be heavily dependant on what you are looking to do, ie are all these boxes on one site?  Or are they over multiple sites?  Will you be using VPNs?  How much IDP scanning will you do? etc etc
0
 
mzhaimAuthor Commented:
these boxes will be on site and no vpn will be used and the design suggestion is for the strm appliance all that i am looking is to colerate the logs that are obtained from the different juniper devices.
0
 
deimarkCommented:
Oops, entered to quickly.

The basics are:

Have the firewalls protecting your perimeter or key resources.

Use the SA 2500 to control rmeote access into your network, these are normally placed behind a perimeter firewall, with only HTTPS traffic allowed to it.

Use the ISG with IDP blades, where you want to monitor the traffic for IDP stuff, ie choke points on core network, access points to key resources etc.

Have the STRM in a protected management network, and have all logs etc sent to it

As I said, the full design is very subjective to what you are looking for and will need to be fine tuned to your requirements.
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
mzhaimAuthor Commented:
thank you do you have any configuration documentation for the the strm appliance
0
 
mzhaimAuthor Commented:
also do i need to perform any additional configuration on the strm appliance other then sending logs to it
0
 
deimarkCommented:
0
 
mzhaimAuthor Commented:
i have already taking a look at these documents do you have any other resources.

0
 
deimarkCommented:
These are where I would start bud.

They give the process for installing the devices, configuring them and writing the custom reports etc.

In short though, you configure the devices to send logs to the STRM.

You then configure the STRM to accept the logs from the devices and can then provide whatever analysis you want to the logs to create reports, etc.

As the STRM is basically Q1 Labs software on a Juniper branded appliance, might be worth also looking for any "how tos" re the Q1 labs product.

I will defer to anyone else that has had more exposure to STRM
0
 
mzhaimAuthor Commented:
Hi deimark thank you for your assistance i need your assistance in the following queries:
when i configure the juniper equipment to send log data to the nsm do i still need to configure the strm appliance to accept the log data or does it already accept the log data

second since i will be only integrating the devices above ( i wouldnot integrate any routers or switches)
would i still be able to get data from the asset and surveilnce tabs in the strm or do i need to configure the jflow using data from routers or switches

third the asset profile  and Asset what is used for and is it automatically configured

0
 
deimarkCommented:
Answers inline:  I am not an STRM expert here, but have played a little bit with it and understand the basics.

when i configure the juniper equipment to send log data to the nsm do i still need to configure the strm appliance to accept the log data or does it already accept the log data

As far as I know, yes, you need to configure the STRM to accept logs from devices.  Mainly to ensure the correct parameters and checks etc are done.

Not sure of the NSM can be set to forward on the logs, but would be surprised if it can't do something to minimise duplication of logs around your network, ie having a firewall send logs to both NSM and STRM, that can add up to a lot of bandwidth.


second since i will be only integrating the devices above ( i wouldnot integrate any routers or switches)
would i still be able to get data from the asset and surveilnce tabs in the strm or do i need to configure the jflow using data from routers or switches

Adding assets and specifying what they are, ie web server, routers, switches etc, all assist in the analysis of the logs and traffic.  Ie no point in trying to analyse SMTP issues on a web server, however, seeing mail traffic from a web server can indicate an exploit and is quite handy.

I would suggest that you add routers and switches, as they can also give a good indication on traffic through your network, not just to "to" your network/hosts.



third the asset profile  and Asset what is used for and is it automatically configured

See top answer.  The asset tells the STRM what kind of node it is, and what to expect from it.
0
 
mzhaimAuthor Commented:
thank you
0
 
mzhaimAuthor Commented:
i forget to ask what about the surveilince tab and the flow viewer would i still be able to get data from even thoug that there are no router or switched integrated
0
 
deimarkCommented:
The flow viewer is there mainly to monitor the flows from network devices.  Either netflow from other vendors or J flow from Juniper.

I am not aware of any other reason for them bud, sorry.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 7
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now