NetScreen-Security Manager is an enterprise-level management application that configures multiple devices over a LAN or WAN environment. The Security Manager User Interface (UI) enables administrators to configure many devices from central locations.
NetScreen-Security Manager uses two components to allow remote communication with security devices.
The Management System, a set of services that reside on an external device server. These services process, track, and store device management information exchanged between the device and the Security Manager UI.
The Agent, a service that resides on each managed NetScreen device. The Agent receives configuration parameters from the external Management System and pushes it to ScreenOS. The Agent also monitors the device and transmits reports back to the Management System.
Information is currently available in the Concepts & Examples ScreenOS Reference Guide and the ScreenOS CLI Reference Guide.
There are two methods by which a security device can establish a connection with NetScreen-Security Manager. The device configuration method determines how it connects to the NetScreen-Security Manager server.
If the interface has a static IP address that the NetScreen-Security Manager administrator knows, then the administrator can configure the server so that it can contact that address and prompt the NetScreen device to initiate a connection with NetScreen-Security Manager. In this case, the local administrator does not need to configure any of the NetScreen-Security Manager settings on the security device.
If the interface has a dynamically assigned IP address, then the local administrator must enter NetScreen-Security Manager settings on the NetScreen device so that it can initiate connection to the NetScreen-Security Manager server.
Enable Communication with Device Server: Permits the device to communicate with the device server. Disabling this setting prevents the device from receiving management from the device server and prevents transmission of reports to the server.
Connection Status: Indicates if the device ever connected with a device server.
Device Server Settings: The parameters the device uses to connect with the device server.
Primary IP Address/Name: The IP address (or object name) of the primary device server. The Port value specifies the primary management server port. The Source Interface value specifies which device interface connects to the device server.
Secondary IP Address/Names: The IP address (or object name) of any secondary device servers. The Port value specifies a management server port. The Source Interface value specifies which device interface connects to the device server.
Report Settings: Enable or disable transmission of generated event messages to the device server.
Attack Statistics: Enables transmission of messages containing attack statistics.
Policy Statistics: Enables transmission of messages containing policy statistics.
Attack Alarms: Enables transmission of attack alarms such as syn-flag or syn-flood.
Traffic Alarms: Enables transmission of alarms generated while the device monitors and records the traffic permitted by policies.
Configuration Logs: Enables transmission of log messages for events triggered by changes in device configuration.
Traffic Logs: Enables transmission of log messages generated while the device monitors and records the traffic permitted by policies.
Protocol Distribution: Enables transmission of generated protocol distribution parameters.
Flow Statistics: Enables transmission of messages containing traffic flow statistics.
Ethernet Statistics: Enables transmission of messages containing ethernet statistics.
Deep Inspection Alarms: Enables transmission of attack alarms generated during Deep Inspection.
Event Alarms: Enables transmission of alarms other than attack, Deep Inspection, or traffic alarms.
Information Logs: Enables transmission of low-level notification log messages about non-severe changes that occur on the device, as when an authentication procedure fails.
Self Logs: Enables transmission of log messages concerning dropped packets (such as those denied by a policy) and traffic that terminates at the NetScreen device (such as administrative traffic). The self log displays the date, time, source address/port, destination address/port, duration, and service for each dropped packet or session terminating at the NetScreen device.