The NetScreen Rapid Deployment (NSRD) feature enables you to quickly configure a new security device or a security device that is reset to factory defaults. This feature helps you to rapidly deploy multiple security devices in a large networked environment with minimal user involvement.
To use the NSRD feature, you must have an encrypted configuration script, called a configlet, that your NSM administrator will have created using Juniper Networks Network and Security Manager (NSM). Such a configlet file contains the settings that enable a security device to communicate with the NSM server. The NSRD feature uses the Rapid Deployment Wizard to guide you through the configuration steps by which you can select and install a configlet file from a local host or USB device.
To configure a security device using the NSRD feature, you access the security device through a browser. When you enter the IP address of the security device in the address field of the browser, the Rapid Deployment Wizard appears. This page contains the following options that let you choose the configuration steps:
Do you have a Rapid Deployment Configlet File? Select Yes, use the following Rapid Deployment Configlet file, and perform the appropriate actions:
Load Configlet from local host: Select this option and click Browse if you have the configlet files available on the local host. Locate the configlet file and click Next. Enter the network connectivity information in the Network Connectivity Information window. For more information, see Network Connectivity information.
Load Configlet from device USB slot: Select this option if you have the configlet files available on a USB device that you have attached to the security device, and click Browse. The Rapid Deployment Wizard opens a new window and lists the configlet files available on the USB device.
Configlets in USB: Displays all the configlet files available on the USB device. The USB device can hold a maximum of 300 configlet files.
Check serial number: Click this button to verify the configlet file that you can load onto the security device based on the serial number.
Serial number: Your NSM administrator can bind a configlet file to the serial number of a particular security device. If this restriction exists, the configlet file works only with the security device with the specified serial number. When you verify the configlet files using the Check Serial number option, the security device checks the available configlet files that match your current security device’s serial number and displays the matching configlet file in the Matched Configlet list.
Note: If no configlet file matches the serial number of the security device, select a configlet file from Configlets in USB list, and click OK. Click Next. If the NSM administrator has encrypted the configlet with a password, the Rapid Deployment Wizard opens a new window and prompts you to enter the password. Enter the password and click Next. Enter the network connectivity information in the Network Connectivity Information window.
Matched configlet: Displays all the configlet files that match the serial number of the security device.
If the security device identifies more than one matching configlet file, select the first configlet file in the list, and click OK. Enter the network connectivity details for your security device in the Network Connectivity Information window.
If your security device uses the Dynamic Host Configuration Protocol (DHCP) to obtain an IP address, select Using cable modem (Dynamic IP via DHCP).
If your security device uses a Point-to-Point Protocol over Ethernet (PPPoE) connection to the Internet, select Using DSL modem (Dynamic IP via PPPoE). This option enables your security device to act as a PPPoE client that receives an IP address for the Untrust interface from an ISP. Enter the following:
The username for your PPPoE account
The password for your PPPoE account
If your security device uses a static IP address, select Using ISP-supplied settings (Static IP). This option enables your security device to use a unique and fixed IP address for the Untrust interface. Enter the following:
The IP address and netmask of the interface connected to the external router, cable modem, or DSL modem
The gateway address (the IP address of the router port connected to the device)
Select the appropriate network connectivity option and parameters, and click Next. The Rapid Deployment Wizard displays a success message if the network connectivity succeeds.