Juniper Networks IDP250 - Manuals

Table of Contents Preface xi Objectives ......................................................................................................xiAudience ........................................................................................................xiDocumentation Conventions ..................

Part 2 Performing the Installation Chapter 3 Installation Overview 21 Before You Begin ...........................................................................................21Basic Steps ....................................................................................................22 Chapt...

Part 4 Upgrading Software and Installing Field Replaceable Units Chapter 8 Upgrading Software 49 Updating Software (NSM Procedure) .............................................................49Upgrading Software (CLI Procedure) ..............................................................51 Chapte...

Preface This preface includes the following topics: ■ Objectives on page xi ■ Audience on page xi ■ Documentation Conventions on page xi ■ Related Documentation on page xiii ■ Requesting Technical Support on page xiv Objectives This guide explains how to install, configure, update, and service an ID...

Table 2 on page xii defines text conventions used in this guide. Table 2: Text Conventions Examples Description Convention ■ Issue the clock source command. ■ Specify the keyword exp-msg . ■ Click User Objects ■ Represents commands and keywordsin text. ■ Represents keywords ■ Represents UI elements ...

Related Documentation Table 4 on page xiii lists related IDP documentation. Table 4: Related IDP Documentation Description Document Contains information about what is included in a specific product release:supported features, unsupported features, changed features, known problems,and resolved proble...

Table 5: Related NSM Documentation (continued) Description Document Describes how to configure and manage IDP devices using NSM. This guidealso helps in understanding of how to configure basic and advanced NSMfunctionality, including adding new devices, deploying new deviceconfigurations, updating d...

■ Find solutions and answer questions using our Knowledge Base: http://kb.juniper.net/ ■ Download the latest versions of software and review release notes: http://www.juniper.net/customers/csc/software/ ■ Search technical bulletins for relevant hardware and software notifications: https://www.junipe...

xvi ■ Requesting Technical Support IDP250 Installation Guide

Part 1 Hardware and Software Overview ■ Hardware Overview on page 3 ■ Software Overview on page 15 Hardware and Software Overview ■ 1

Chapter 1 Hardware Overview This chapter includes the following topics: ■ IDP250 Overview on page 3 ■ Power Supply on page 4 ■ Hard Drive on page 4 ■ Fans on page 4 ■ System Status LEDs on page 4 ■ USB Port on page 5 ■ Serial Console Port on page 5 ■ Management Interface Port on page 5 ■ High Availa...

■ Traffic Interface Ports on page 7 ■ IDP250 Technical Specifications on page 59 Power Supply The appliance has one power supply. It is a field replaceable unit (FRU). Related Topics ■ Replacing a Power Supply on page 53 Hard Drive The appliance has one 80 GB hard drive. It is not a field replaceabl...

USB Port The appliance has a USB port you can use to reimage the appliance, if necessary. Serial Console Port The console serial port provides access, using an RJ-45 connector, to thecommand-line interface (CLI). NOTE: Although both the console serial port and the management port use RJ-45 connector...

Table 7: Management Port LEDs (continued) Description State LED Connection is 1000 Mbps. Orange TX/RX Connection is 100 Mbps. Green If LINK indicates activity, TX/RX off indicates connectionis 10 Mbps. If LINK indicates no activity, TX/RX off indicates no activityas well. Off High Availability Inter...

Table 8: High Availability Port LEDs (continued) Description State LED Connection is 1000 Mbps. Orange TX/RX Connection is 100 Mbps. Green If LINK indicates activity, TX/RX off indicates connectionis 10 Mbps. If LINK indicates no activity, TX/RX off indicates no activityas well. Off Traffic Interfac...

Table 9: Copper Port LEDs Description State LED Link is present. Glows green LINK ACT Activity. Blinks green No link present. Off Connection is 100 Mbps. Green LINK SPD Connection is 1 Gbps. Yellow If LINK ACT is on, the connection is 10 Mbps. If LINK ACTis off, LINK SPD off indicates no link is pre...

Table 10: Fiber Port LEDs Description State LED Link is present. Glows green LINK ACT Activity. Flashes green No link present. Off Connection is 100 Mbps. Green LINK SPD Connection is 1 Gbps. Yellow Connection is 10 Gbps. Orange If LINK ACT is on, the connection is 10 Mbps. If LINK ACTis off, LINK S...

Deployment Mode For each virtual router, you select the deployment mode: ■ Sniffer–In an out-of-path, sniffer mode deployment, the IDP appliance can detectattacks but can take only limited action. You connect the IDP traffic interfacesto a mirrored port of a network hub or switch. ■ Transparent–In a...

Figure 6: Internal Bypass When the IDP operating system resumes healthy operations, it sends a reset signalto the traffic interfaces, and the interfaces resume normal operation. NOTE: All copper port traffic interfaces support internal bypass. Some, but not all, fiber port traffic interfaces support...

External Bypass The External Bypass setting supports third-party external bypass units. When theIDP appliance is turned on and available, it sends NetScreen Redundancy Protocol(NSRP) heartbeats to the external bypass unit. When the NSRP packets flow, theexternal bypass unit allows connections to pro...

When PPM is enabled, a PPM daemon monitors the health of IDP traffic interfacesbelonging to the same virtual router. If a traffic interface loses link, the PPM processturns off any associated network interfaces in the same virtual router so that othernetwork devices detect that the virtual router is...

Chapter 2 Software Overview This chapter includes the following topics: ■ On-Box Software Overview on page 15 ■ Centralized Management with NSM Overview on page 16 ■ J-Security Center Updates Overview on page 17 On-Box Software Overview You use on-box software to get the appliance up and running in ...

For IDP deployments, centralized management provides the following benefits: ■ Centralized management for IDP appliances and other network devices ■ Consolidated logs from different devices in a single repository ■ Centralized management of enterprise security policies ■ Simplified management for at...

Part 2 Performing the Installation ■ Installation Overview on page 21 ■ Installing the Appliance to Your Equipment Rack and ConnectingPower on page 23 ■ Performing the Initial Network Configuration and Licensing Tasks on page 27 ■ Connecting the IDP Traffic Interfaces to Your Network and Verifying T...

Chapter 3 Installation Overview This chapter includes the following topics: ■ Before You Begin on page 21 ■ Basic Steps on page 22 Before You Begin The location of the device, the layout of the mounting equipment, and the securityof your wiring room are crucial for proper system operation. CAUTION: ...

Related Topics ■ Common Criteria EAL2 Compliance on page 63 Basic Steps Take the following basic steps to install the appliance and connect it to your network: 1. Read the release notes for your release. Release notes make you aware ofsupported and unsupported features, known issues, and fixed issue...

Chapter 4 Installing the Appliance to YourEquipment Rack and Connecting Power This chapter includes the following topics: ■ Rack Mounting Kits and Required Tools on page 23 ■ Mounting to Midmount Brackets on page 24 ■ Mounting to Rack Rails on page 25 ■ Connecting Power on page 25 Rack Mounting Kits...

Mounting to Midmount Brackets To mount the appliance using the midmount brackets: 1. Attach one rack-mounting bracket to each side of the chassis with the bracketscrews. Figure 10: 1-RU Midmount Bracket 2. With another person, place the chassis into position between rack posts in theequipment rack a...

Related Topics ■ Rack Mounting Kits and Required Tools on page 23 Mounting to Rack Rails To mount the device to equipment rack rails: 1. Attach the rails to each side of the chassis with the bracket screws. Make surethe hinged brackets are at the back of the device. Make sure the rails arepositioned...

2. Connect the other end of the power cable to the electrical outlet. 26 ■ Connecting Power IDP250 Installation Guide

Chapter 5 Performing the Initial NetworkConfiguration and Licensing Tasks This chapter includes the following topics: ■ Performing the Initial Configuration on page 27 ■ Getting Started with the EasyConfig Wizard (Serial Console Port) on page 29 ■ Getting Started with the QuickStart Wizard (Manageme...

Table 13: Getting Started Configuration Tools Defaults Applied: You Specify: Getting Started Tool ■ Root password: abc123 ■ Fully qualified domain name: Blank ■ RADIUS support: Disabled ■ Network interfaces: Auto-negotiatespeed/duplex ■ Virtual routers: ■ Sniffer mode: One virtual router (vr0) ■ Tra...

To get started with the QuickStart wizard: 1. Connect one end of an Ethernet cable to the management interface port and theother end to the Ethernet port of your laptop. 2. On your laptop, open a Web browser. 3. In the browser Address or Location box, enter https://192.168.1.1 . NOTE: ACM access use...

[root@localhost ~] scio lic add lic.txt 9. Run the following scio command to verify you have successfully added the licensekey: [root@localhost ~] scio lic list [root@localhost ~]# scio lic listID Machine ID Issue Date Expiration OK Feature-- ---------------- ------------------------ ---------------...

Chapter 6 Connecting the IDP Traffic Interfaces toYour Network and Verifying Traffic Flow This chapter includes the following topics: ■ Guidelines for Connecting IDP Interfaces to Your Network Devices on page 35 ■ Choosing Cables for Traffic Interfaces (Copper Ports) on page 36 ■ Connecting and Disc...

NOTE: IDP75, IDP250, IDP800, and IDP8200 support auto-MDIX. Connecting Devices That Do Not Support Auto-MDIX For connections to a firewall or server, use a crossover cable. For connections to a switch or hub, use a straight-through cable. NOTE: Conventionally, crossover cables have an orange outer j...

3. Slide the clip into the transceiver port until it clicks into place. Because the fit isclose, you may have to apply some pressure to seat the clip. Apply pressureevenly and gently to avoid clip breakage. To remove a Gigabit Ethernet cable from a transceiver: 1. Hold the cable clip firmly but gent...

Part 3 Adding the IDP Appliance to NSM ■ Adding the IDP Appliance to NSM on page 41 Adding the IDP Appliance to NSM ■ 39

Chapter 7 Adding the IDP Appliance to NSM This chapter includes the following topics: ■ Reviewing Compatibility with NSM on page 41 ■ Adding a Reachable IDP Device to NSM on page 41 Reviewing Compatibility with NSM Review the release notes for information regarding compatibility between your IDPSeri...

To import an IDP device with a known IP address: 1. In the NSM navigation tree, select Device Manager > Devices . Figure 12: NSM Add Device Wizard: Add Device 2. Click the + icon and select Device to display the Add Device wizard. 3. Select Device Is Reachable (default) and click Next to display ...

■ Enter the password for the device admin user. You set the password foradmin when you ran the ACM Wizard. ■ Enter the password for the device root user. You set the password for rootwhen you ran the ACM Wizard. NOTE: In NSM, passwords are case-sensitive. ■ Select SSH Version 2 and port 22. Click Ne...

5. Log into the IDP command-line interface and verify the SSH key fingerprint.Comparing the SSH key fingerprint information enables you to detectman-in-the-middle attacks: a. Connect to the IDP command-line interface: ■ Use SSH to connect to the IP address or hostname for the managementinterface. Lo...

Figure 16: NSM Add Device Wizard: Add Device Confirmation 8. Click Next to import the configuration from the IDP device. Upon success, NSM displays the following message: Figure 17: NSM Add Device Wizard: Configuration Import Confirmation 9. Click Finish . For IDP 4.1 and later devices, NSM next run...

Figure 18: NSM Device Manager: Viewing Device Status Related Topics ■ Reviewing Compatibility with NSM on page 41 ■ Basic Steps on page 22 46 ■ Adding a Reachable IDP Device to NSM IDP250 Installation Guide

Chapter 8 Upgrading Software This chapter includes the following topics: ■ Updating Software (NSM Procedure) on page 49 ■ Upgrading Software (CLI Procedure) on page 51 Updating Software (NSM Procedure) To update IDP software: 1. Add the IDP software to the NSM GUI server. 2. Push the IDP software fr...

3. Push a security policy update job to update attack objects in use in your securitypolicy: a. In NSM, select Devices > Configuration > Update Device Config . b. Select devices to which to push the updates and set update job options. c. Click OK . Related Topics ■ Upgrading Software (CLI Proc...

Chapter 9 Installing Field Replaceable Units This chapter includes the following topics: ■ Replacing a Power Supply on page 53 Replacing a Power Supply The following procedure applies to models for which the power supply is a fieldreplaceable unit (FRU). For information on obtaining spares, contact ...

Chapter 10 Reimaging the Appliance This chapter includes the following topic: ■ Reimaging and Relicensing an Appliance on page 55 Reimaging and Relicensing an Appliance The appliance comes with software preinstalled. If needed, you can reinstall thefactory image. This process is known as reimaging t...

Chapter 11 Technical Specifications This chapter includes the following topics: ■ IDP250 Technical Specifications on page 59 IDP250 Technical Specifications Table 15 on page 59 lists physical specifications. Table 15: Physical Specifications Value Specification 1 RU Form Factor 1.69 in. (4.3 cm) Hei...

Table 17: Power Cord Specifications Specifications Country ■ UL-approved and CSA-certified ■ Flexible cord minimum spec: No. 18 (1.5 mm2SVTor SJT, 3-conductor ■ Current capacity of 10A minimum ■ Earth-grounding attachment plug with NEMA 5-15P(10A, 125V) configuration United States and Canada Table 1...

Chapter 12 Compliance Statements This chapter includes the following topic: ■ Standards Compliance on page 61 Standards Compliance Table 20: Standards Compliance Category ■ UL 60950, Third Edition — Safety of Information Technology Equipment ■ CSA C2.22 No. 60950, Third Edition — Safety of Informati...

Chapter 13 Common Criteria EAL2 Compliance This chapter includes the following topics: ■ Common Criteria EAL2 Compliance on page 63 Common Criteria EAL2 Compliance Table 21 on page 63Table 21 on page 63 provides guidelines you must observe todeploy and use the IDP appliance in compliance with the Co...

Index Symbols 1998 Class A compliance.............................................61 A ACM ......................................................................15, 31ACM Online Help.........................................................xiiiadding a device to NSM......................................

LEDs fault........................................................................4HA port...................................................................6hard drive...............................................................4IDP250.................................................................