Öryggisstjóri Juniper NETWORKS SRX Series eldveggja

Onboard Srx Series Firewalls To Juniper Security Director

Í ÞESSARI LEIÐBEININGAR

	Skref 1: Byrja | 1
	Skref 2: Upp og gang | 9
	Skref 3: Áfram | 13

Skref 1: Byrjaðu

Í ÞESSUM KAFLI

	Prepare to Install Juniper Security Director | 2
	Download the OVA and Software Bundle | 3
	Deploy the VM | 4

You can install Juniper Security Director on-premises and manage SRX Series Firewalls and vSRX Virtual Firewalls through a centralized web interface. This guide walks you through installing Juniper Security Director, onboarding your devices, and configuring Juniper Security Director to manage your devices.

Here’s the high-level order of installation and device onboarding workflow.

Prepare To Install Juniper Security Director

Kröfur um vélbúnað

Tafla 1: Hardware Requirements for ESXi Server

VM stillingar	Tækjastjórnunargeta	Log Analytics og geymslugeta
VM Configuration 1 16 vCPU 80 GB vinnsluminni 2.1 TB geymsla	Allt að 1000 tæki Up to 10000 policy rules per device Up to 6000 NAT rules per device Up to 1000 VPNs per device/system	Up to 17000 logs per second Out of the total 2.1 TB storage, 1.5 TB is dedicated for log analytics.
VM Configuration 2 40 vCPU 208 GB vinnsluminni 4.2 TB geymsla	Allt að 3000 tæki Up to 20000 policy rules per device Up to 10000 NAT rules per device Up to 1500 VPNs per device/system	Up to 40000 logs per second Out of the total 4.2 TB storage, 3.5 TB is dedicated for log analytics.
ATH: We do not recommend hyperthreading on VMware hypervisor (ESXi) Server. You must use dedicated resources for CPU, RAM, and storage. We do not recommend sharing resources. You can switch from VM configuration 1 to VM configuration 2, if necessary. However, once you switch to VM configuration 2, you cannot revert to VM configuration 1.

Hugbúnaðarkröfur

• Juniper Security Director runs on a VMware hypervisor (ESXi) Server. Use vCenter and vSphere version 7.0 and later.
  You must deploy the OVA through vCenter Server only. We do not support OVA deployment on ESXi directly.
• Þú verður að hafa eftirfarandi sérstakar IP tölur í sama undirneti:
  • ManagementIPaddress— IP address for the VM that provides access to the Juniper Security Director CLI.
  • UI virtual IP address— Virtual IP address to access the Juniper Security Director GUI.
  • DeviceconnectionvirtualIPaddress— Virtual IP address to establish connection between the managed devices and Juniper Security Director.
  • Log collector virtual IP address—Virtual IP address to receive logs from devices.
    To ensure a smooth deployment of the OVA, you must make sure that the UI virtual IP address, device connection virtual IP address, and log collector virtual IP address are accessible through the default gateway. Additionally, verify that the Fully Qualified Domain Names (FQDN) associated with these IP addresses can be resolved before you start the OVA deployment process.
• Gakktu úr skugga um að þú hafir aðgang að SMTP, NTP og DNS netþjónum frá VM netinu (Juniper Security Director).

ATH: We support NTP server with IPv4 address only.

Download The Ova And Software Bundle

1. Sæktu Juniper Security Director OVA (.ova file) frá https://support.juniper.net/support/downloads/?p=security-director-on-prem til a webserver or your local machine. To avoid connectivity issues, download the OVA directly to your local machine.
2. Sæktu Juniper Security Director hugbúnaðarpakkann (.tgz file) á staðbundna vélina þína frá https://support.juniper.net/support/downloads/?p=security-director-on-prem og flytja síðan file til þínstaging miðlara.

A staging server er milliþjónn þar sem hugbúnaðarbúnturinn er hlaðinn niður og er aðgengilegur frá VM.

Staging þjónn verður að styðja niðurhal hugbúnaðarbúnta frá Juniper Security Director VM í gegnum Secure Copy Protocol (SCP). Áður en þú setur upp VM verður þú að hafa upplýsingar um staging server, þar á meðal SCP notandanafn og lykilorð.

Deploy The Vm

1. Opnaðu vSphere Client.
2. Hægrismelltu á birgðahlutinn sem er gildur yfirhlutur VM og veldu Deploy OVF Template.
   Mynd 1: Dreifa OVF sniðmáti
   
3. Á síðunni Veldu OVF sniðmát:
   • Sláðu inn webþjónn OVA URL, þar sem þú hefur hlaðið niður OVA. Kerfið gæti varað þig við upprunastaðfestingu. Smelltu á Já.
     ATH: Ensure that firewall rules do not block image access from the vSphere cluster.
   • Veldu Local file valkostinn og smelltu á UPLOAD FILES til að velja OVA file frá staðbundinni vél.
     Mynd 2: Select or Upload OVF File
     
4. On the Select a name and folder page, enter the VM name and select the location for the VM.
5. Á síðunni Velja reiknitilföng skal velja reiknitilföng fyrir hýsilinn sem VM verður settur á.
6. Á Review upplýsingasíða, umview upplýsingar um auðlindir sem á að útvega.
7. On the License agreements page, select the check box to accept the license agreements.
8. On the Select storage page, select the storage for the configuration and the virtual disk format. We recommend you to use virtual disk format as Thick provision and select storage with at least 1.5 TB of capacity.
   ATH: We do not recommend thin provisioning. If you choose thin provisioning and the actual disk space available is low, the system might encounter problems once the disk is full.
9. On the Select networks page, select the network to configure IP allocation for static addressing.
10. Á síðunni Sérsníða sniðmát skaltu stilla Juniper Security Director á staðnum OVA færibreytur.
    ATH: Prepare all details for the Custom template page in advance. The OVF template will time out after 6 to 7 minutes.
    Mynd 3: Customize OVF Template
    
    ATH:
    • The cliadmin user password field does not strictly validate password requirements. However, during the installation process, the system enforces strict validations and rejects the password that does not meet the specified requirements, causing installation failure. To avoid issues during installation, ensure that the password meets these criteria:
      • Verður að vera að minnsta kosti 8 stafir að lengd og ekki meira en 32 stafir.
      • Má ekki vera orðabókarorð.
      • Verður að innihalda að minnsta kosti þrjú af eftirfarandi:
        • Tölur (0-9)
        • Stórir stafir (AZ)
        • Lítil stafir (az)
        • Sérstafir (~!@#$%^&*()_-+={}[];:”'<,>.?/|\)
    • UI FQDN, Device Connection FQDN, and Log Collector FQDN fields are optional. However, we highly recommend you to use Fully Qualified Domain Name (FQDN). Ensure that the FQDN is:
      • Valid and follows the domain naming conventions.
      • Complete, including the domain and subdomain details.
      • Resolvable, that is, DNS can correctly map the FQDN to an IP address.
        An incorrect FQDN results in issues that require re-installation of the VM.
        If the IP addresses are incorrect, you won’t be able to start an SSH connection to the VM. You can only access the VM through the web gátt.
    • The Software bundle SCP path refers to the location of the Juniper Security Director software bundle (.tgz file) on your staging server. Make sure you have downloaded the Juniper Security Director Software Bundle (.tgz file) á staðbundna vélina þína frá Juniper Software Downloads page and transferred it to your staging server. The staging server serves as an intermediary to store and make the software bundle accessible to the VM. The staging server must support software bundle download from the Juniper Security Director VM through SCP. Before deploying the VM, ensure you have the details of the staging server, þar á meðal SCP notandanafn og lykilorð.
11. On the Ready to complete page, review allar upplýsingar og ef þörf krefur, farðu til baka og breyttu VM breytum. Ekki er hægt að breyta þessum netbreytum úr VM stillingum eftir vel heppnaða uppsetningu. Hins vegar er hægt að breyta netbreytum frá CLI. Smelltu á Ljúka til að hefja OVA dreifinguna.
    Þú getur fylgst með framvindu OVA dreifingar í glugganum Nýleg verkefni neðst á skjánum þínum þar til henni er 100% lokið. Staða dálkurinn sýnir heildarhlutfall dreifingartage.
    Til hamingju! Now the OVA deployment is complete.
12. Click the triangle icon () next to the VM name to power on the VM.

ATH: By default, the VM will be deployed with the smallest resource configuration as mentioned in “Hardware Requirements” on page 2. Adjust the resources to match other resource configurations using the VMware Edit VM settings.
For a successful installation, the resource allocation must match “Hardware Requirements” on page 2.

Þegar kveikt er á VM, farðu í Yfirlitsflipann og smelltu á LAUNCH WEB CONSOLE til að fylgjast með uppsetningarstöðu hugbúnaðarbúntsins.

ATH: Forðastu að framkvæma allar aðgerðir á stjórnborðinu fyrr en uppsetningunni er lokið.

Vel heppnuð uppsetning þarf um það bil 30 mínútur. Ef uppsetningin varir lengur, athugaðu Web console for potential errors. You can ssh to the VM IP using the cliadmin user and the password you configured during the OVA deployment. Then, use the show bundle install status command to check the installation status.

Þú getur view the installation progress on the console. After the installation is complete, the console displays Successfully installed software bundle on the cluster and the VM reboots.

Til hamingju! Uppsetningu hugbúnaðarbúntsins er nú lokið.

Step 2: Up And Running

Í ÞESSUM KAFLI

	Create Organization Account and Add Devices | 10
	Associate Devices with Your Juniper Security Director Subscription | 12
	Verify Configuration on Adopted Devices | 12

Create Organization Account And Add Devices

Áður en þú byrjar

Eftirfarandi höfn verður að vera opnuð:

• Inbound port 443 for users’ connection to Web is associated to the UI virtual IP address.
• Outbound port 25 for outbound to configured mail server is associated to the Management IP address.
• Inbound port 7804 from all managed devices is associated to the device connection virtual IP address.
• Útleið höfn 443 til að hlaða niður undirskrift URL is associated to the Management IP address.
• Inbound port 6514 for inbound connection for traffic log is associated to the log collector virtual IP address.

1. Enter the UI virtual IP address or FQDN (domain name) in a browser to access the Juniper Security Director login page. Follow on-screen instructions to create and activate your account. For details, see Log In to the Juniper Security Director Web UI.
2. Login to Juniper Security Director, click Add Subscriptions. You can also use a 60-day trial subscription that is available by default.
   
3. Enter a name for the subscription and select either of the following options:
   a. Copy-and-paste license details—Copy license key and paste in the License field.
   b. Hlaða upp leyfi file—Click Browse and navigate to the license.txt file. Click Open. Please note you can upload only .txt file.
4. Click OK. You can view your added subscriptions from Subscriptions > SRX Management Subscriptions. If you do not see your subscriptions, go to Administration > Jobs page to view stöðuna.
5. Select SRX > Device Management > Devices, and click the + icon to add your devices.
   ATH: To know about supported devices, see Juniper Security Director Supported Firewalls.
6. Smelltu á Adopt SRX Devices og veldu eitt af eftirfarandi:
   • SRX tæki
   • SRX klasar
   • SRX Multinode High Availability (MNHA) pör
     
     Follow the on-screen instructions to continue. For details, see Bæta við tækjum.
7. Copy and paste commands from the devices page to the SRX Series Firewall or the primary cluster device console.
   Then commit the changes. It will take few seconds for device discovery. After device discovery is successful, verify the following fields on the Devices page:
   • Stjórnunarstaða breytist úr Uppgötvun í gangi í Upp.
   • Staða birgða og stillingar tækis breytist úr ekki samstillt í samstillt.

ATH: In case of discovery failure, go to the Administration > Jobs page and view stöðuna.

Associate Devices With Your Juniper Security Director Subscription

1. Go to SRX > Device Management > Devices select the device, and click Manage Subscriptions. Follow the on-screen instructions.
   
2. Verify that Subscriptions column displays the subscription name for your device. Congratulations! You have successfully associated your device to Juniper Security Director.
   

Verify Configuration On Adopted Devices

Verify your device configurations in Juniper Security Director.

• Go to SRX > Security Policy > SRX Policy and verify the imported security policies.
• Go to SRX > NAT Policy > NAT and verify the imported NAT policies.
• Go to SRX > Device Management > Devices, click Security Logs Configuration, and verify the security log configurations.

If you’ve set up security policy, NAT, IPSec VPN, and logs on the device, these configurations will be imported into Juniper Security Director.

Skref 3: Haltu áfram

Í ÞESSUM KAFLI

	Hvað er næst? | 13
	Almennar upplýsingar | 13

Hvað er næst?

Ef þú vilt	Þá
Create or import a security policy, add a rule to the security policy, and deploy the security policy on the devices.	Sjá Öryggisstefnu lokiðview
Create a NAT policy, add a rule to the NAT policy, and deploy the NAT policy on the devices.	Sjá NAT Policies Overview
Settu upp Content Security profiles to secure your network from multiple security threat types.	Sjá Content Security Overview
View the traffic logs and network events including viruses found, interfaces that are down, number of attacks, and sessions.	Sjá Um þingsíðuna og Um síðuna Allir öryggisviðburðir
Monitor the status of the CPU, disk space, storage database, and services running on the Juniper Security Director VM.	Kerfi lokiðview
Configure log level settings, generate and download system logs to troubleshoot the issues related to Juniper Security Director.	Sjá About System Logs Page

Almennar upplýsingar

Ef þú vilt	Þá
See all the available documentation for Juniper Security Director.	Heimsókn Juniper öryggisstjóri

Þjónustudeild

Juniper Networks, Juniper Networks lógóið, Juniper og Junos eru skráð vörumerki Juniper Networks, Inc. í Bandaríkjunum og öðrum löndum. Öll önnur vörumerki, þjónustumerki, skráð merki eða skráð þjónustumerki eru eign viðkomandi eigenda. Juniper Networks tekur enga ábyrgð á ónákvæmni í þessu skjali.
Juniper Networks áskilur sér rétt til að breyta, breyta, flytja eða á annan hátt endurskoða þessa útgáfu án fyrirvara.
Höfundarréttur © 2025 Juniper Networks, Inc. Allur réttur áskilinn.

Skjöl / auðlindir

Juniper NETWORKS SRX Series Firewalls Security Director [pdfNotendahandbók SRX Series Firewalls, vSRX Virtual Firewalls, SRX Series Firewalls Security Director, SRX Series, Firewalls Security Director, Security Director

Heimildir

• Notendahandbók