netscreen-global pro express realtime monitor ... · netscreen-global pro express product, or any...

��

��

��

Licenses, Copyrights, and Trademarks

THE SPECIFICATIONS REGARDING THE NETSCREEN PRODUCTS IN THIS DOCUMENTATION ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS DOCUMENTATION ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR USE AND APPLICATION OF ANY NETSCREEN PRODUCTS. NO PART OF THIS DOCUMENTATION MAY BE REPRODUCED OR TRANSMITTED IN ANY FORM OR BY ANY MEANS, ELECTRONIC OR MECHANICAL, FOR ANY PURPOSE, WITHOUT RECEIVING WRITTEN PERMISSION FROM NETSCREEN TECHNOLOGIES, INC.

NETSCREEN-GLOBAL PRO EXPRESS LICENSE AGREEMENT

PLEASE READ THIS LICENSE AGREEMENT ("AGREEMENT") CAREFULLY BEFORE USING THIS PRODUCT. BY INSTALLING AND OPERATING THE NETSCREEN-GLOBAL PRO EXPRESS PRODUCT ACCOMPANYING THIS AGREEMENT, YOU INDICATE YOUR ACCEPTANCE OF THE TERMS OF THIS AGREEMENT, ARE CONSENTING TO BE BOUND BY ITS TERMS, AND ARE BECOMING A PARTY TO THIS AGREEMENT. THIS AGREEMENT IS A VALID AND BINDING OBLIGATION ON YOU. IF YOU DO NOT AGREE TO ALL OF THE TERMS OF THIS AGREEMENT, DO NOT START THE INSTALLATION PROCESS.

This is a license, not a sales agreement, between you, as an end user, and NetScreen Technologies, Inc. ("NetScreen"), as the owner and provider of the "NetScreen-Global PRO Express Product". The NetScreen-Global PRO Express Product consists of NetScreen-Global PRO Realtime Monitor, NetScreen-Global PRO Data Collector, NetScreen-Global PRO Policy Manager, NetScreen-Global PRO Realtime Monitor Console, NetScreen-Global PRO Policy Manager Console, and third party software licensed or sublicensed, to you, as part of a single system for use within a single network. The NetScreen-Global PRO Express Product is pre-installed and delivered to you on a dedicated Sun Microsystems, Inc. Netra® server. For purposes of this Agreement, the term "security device" means NetScreen network security hardware devices purchased and used by you.

Any and all documentation and all software releases, corrections, updates, and enhancements that are or may be provided to you by NetScreen shall be considered part of the NetScreen-Global PRO Express Product and be subject to the terms of this Agreement.

1. License Grant. Subject to the terms of this Agreement, NetScreen grants you a limited, non-transferable, non-exclusive, revocable, license and right to the following:

a. Number of Security Devices. The NetScreen-Global PRO Express Product, and all components thereof, is licensed to you for use within a single network with up to 25 or 100 security devices, as indicated on the license certificate purchased by you from NetScreen.

b. Use of Components. To use, on the server provided, one (1) copy of NetScreen-Global PRO Realtime Monitor, NetScreen-Global PRO Data Collector, and NetScreen-Global PRO Policy Manager, to manage up to 25 or 100 security devices, as indicated on the license certificate provided to you by NetScreen. These components are provided on a single Sun Microsystems, Inc. Netra® server and cannot be used as separate products.

c. Use of Consoles. To use, for purposes of administration, monitoring, and reporting, the NetScreen-Global PRO Realtime Monitor Console and the NetScreen-Global PRO Policy Manager Console, which may be installed on an unlimited number of user desk-top machines.

d. Use Within a Single System and Network. The foregoing rights are granted only to you and your users engaged in the management and administration of network security of a single network. Each component of the NetScreen-Global PRO Express Product must be used in combination with one another (i.e., a single system), on a single network, and in the manner set forth in the applicable documentation. The NetScreen-Global PRO Express Product is considered "in use" when its software is loaded into permanent or temporary memory (i.e. RAM) or when the software preinstalled on the server is invoked. For purposes of this Agreement, the term "user" or "users" means your employees, contractors, and consultants performing services for you in connection with your networks. Other than the rights granted in this paragraph (d), no right to copy, distribute, or sell, and no other right to install and use the NetScreen-Global PRO Express Product, or any component thereof, is granted to you.

e. Create Backup. No backup copy of NetScreen-Global PRO Express Product is permitted.

2. Limitation on Use. You are only licensing the rights set forth above to the NetScreen-Global PRO Express Product. You may not engage in activity designed (or otherwise attempt), and if you are a corporation will use your best efforts to prevent your employees and contractors from engaging in activity designed (or otherwise attempting): (a) to modify, translate, reverse engineer, decompile, disassemble, create derivative works of, or distribute the NetScreen-Global PRO Express Product (or any component thereof) and the accompanying documentation; (b) to distribute, sell, transfer, sublicense, rent, or lease any rights in the NetScreen-Global PRO Express Product (or any component thereof) or accompanying documentation in any form to any person; or (c) to remove any proprietary notice, product identification, copyright notices, other notices or proprietary restrictions, labels, or trademarks on the NetScreen-Global PRO Express Product, documentation, and containers. The NetScreen-Global PRO Express Product is not designed or intended for use in online control of aircraft, air traffic, aircraft navigation or aircraft communications; or in the development, design, construction, operation or maintenance of nuclear, chemical, or biological weapons of mass destruction or any nuclear facility. You warrant that you will not use or redistribute the NetScreen-Global PRO

��

��

��!"��#��$��%��

Express Product (or any component thereof) for such purposes.

3. Procedure for Creating and Installing Unique Keys for NetScreen-Global PRO Express. NetScreen takes certain precautions such as the use of a "secure room", coded access and other procedures identified in the accompanying NetScreen-Global PRO Express Product documentation in delivering the NetScreen-Global PRO Express Product with a private key to authenticate NetScreen-Global PRO Express Product shipped to you during the setup of Transport Layer Security (TLS). It is recommended that you obtain a secure key or digital certificate from a separate third party or Certificate Authority for the protection of your network. NETSCREEN MAKES NO WARRANTIES, EXPRESS OR IMPLIED, WITH RESPECT TO THE PROCEEDURES USED TO CREATE OR THE VALIDITY OF THE SECURE KEY DELIVERED WITH THE NETSCREEN-GLOBAL PRO EXPRESS PRODUCT, OR WHETHER OR NOT THE SECURE KEY CAN OR CANNOT BE COMPRIMISED. NETSCREEN DISCLAIMES ALL WARRANTIES RELATED TO SUCH KEY, INCLUDING MECHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.

4. Proprietary Rights. All rights, title and interest in and to, and all intellectual property rights, including copyrights, in and to the NetScreen-Global PRO Express Product and documentation, remain with NetScreen. You acknowledge that no title or interest in and to the intellectual property associated with or included in the NetScreen-Global PRO Express Product and NetScreen products is transferred to you and you will not acquire any rights to the NetScreen-Global PRO Express Product except for the license as specifically set forth herein.

5. Term and Termination. The term of the license is for the duration of NetScreen’s copyright in the NetScreen-Global PRO Express Product. NetScreen may terminate this Agreement immediately without notice if you breach or fail to comply with any of the terms and conditions of this Agreement. You agree that, upon such termination, you will either destroy all copies of the documentation or return all materials to NetScreen. The provisions of this Agreement, other than the license granted in Section 1 ("License Grant") shall survive termination.

6. Limited Warranty. For a period of ninety (90) days after delivery to you, NetScreen will repair or replace any defective NetScreen-Global PRO Express Product (excluding the Sun Microsystems, Inc. Netra® server) shipped to you, provided it is returned to NetScreen at your expense within that period. NetScreen warrants to you that the NetScreen-Global PRO Express Product (excluding the Sun Microsystems, Inc. Netra® server) will substantially conform with NetScreen's published specifications for that product if properly used in accordance with the procedures described in documentation supplied by NetScreen. For a period of one year after delivery to you, NetScreen will replace any defective Sun Microsystems, Inc. Netra® server shipped to

you as a component of this Product, provided it is returned to NetScreen at your expense within that period.

NetScreen's exclusive obligation with respect to non-conforming product shall be, at NetScreen's option, to repair or replace the product or use commercially reasonable efforts to provide you with a correction of the defect, or to refund to you the purchase price paid for the unit. Defects in the product will be reported to NetScreen in a form and with supporting information reasonably requested by NetScreen to enable it to verify, diagnose, and correct the defect. For returned product, you shall notify NetScreen of any nonconforming product during the warranty period, obtain from NetScreen a return authorization for the nonconforming product, and return the nonconforming product to NetScreen's factory of origin with a statement describing the nonconformance.

The warranties set forth above shall not apply to any product which has been modified, repaired or altered, except by NetScreen, or which has not been maintained in accordance with any handling or operating instructions supplied by NetScreen, or which has been subjected to unusual physical or electrical stress, misuse, abuse, negligence or accidents.

THE FOREGOING WARRANTIES ARE THE SOLE AND EXCLUSIVE WARRANTIES EXPRESS OR IMPLIED GIVEN BY NETSCREEN IN CONNECTION WITH THE NETSCREEN-GLOBAL PRO EXPRESS PRODUCT, INCLUDING THE SUN MICROSYSTEMS, INC. NETRA® SERVER, AND NETSCREEN DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. NETSCREEN DOES NOT WARRANT THAT THE NETSCREEN-GLOBAL PRO EXPRESS PRODUCT, OR THE SUN MICROSYSTEMS, INC. NETRA® SERVER, IS ERROR-FREE OR WILL OPERATE WITHOUT INTERRUPTION.

7. Limitation of Liability. IN NO EVENT SHALL NETSCREEN OR ITS LICENSORS BE LIABLE UNDER ANY THEORY FOR ANY INDIRECT, INCIDENTAL, COLLATERAL, EXEMPLARY, CONSEQUENTIAL, SPECIAL, OR PUNITIVE DAMAGES OR LOSSES SUFFERED BY YOU OR ANY THIRD PARTY, INCLUDING WITHOUT LIMITATION LOSS OF USE, REVENUE, PROFITS, GOODWILL, SAVINGS, LOSS OF DATA, DATA FILES OR PROGRAMS THAT MAY HAVE BEEN STORED OR AFFECTED BY THE USE OF THE NETSCREEN-GLOBAL PRO EXPRESS PRODUCT OR THE SUN MICROSYSTEMS, INC. NETRA® SERVER.

IN NO EVENT WILL NETSCREEN'S OR ITS LICENSORS' AGGREGATE LIABILITY CLAIMED BY YOU, OR ANYONE CLAIMING THROUGH OR ON BEHALF OF YOU, EXCEED THE ACTUAL AMOUNT PAID BY YOU TO NETSCREEN FOR NETSCREEN-GLOBAL PRO EXPRESS PRODUCT AND THE SUN MICROSYSTEMS, INC. NETRA® SERVER. Some jurisdictions do not allow the exclusions and limitations of incidental, consequential or special damages, so the above exclusions and limitations may not apply to you.

��%��&��'��(�)��*��"�!� ��

��

NetScreen shall take reasonable efforts to follow your instructions with regard to any Information contained on a Sun Microsystems, Inc. Netra® server returned for repair replacement. HOWEVER, IN NO EVENT WILL NETSCREEN BE LIABLE TO YOU WITH REGARD TO ANY CLAIM ARISING FROM THE BREACH OF ANY INFORMATION CONTAINED ON A SUN MICROSYSTEMS, INC. NETRA® SERVER RETURNED TO NETSCREEN OR NETSCREEN MANUFACTURER.

8. Export Law Assurance. You understand that the NetScreen-Global PRO Express Product is subject to export control laws and regulations. YOU MAY NOT DOWNLOAD OR OTHERWISE EXPORT OR RE-EXPORT THE NETSCREEN-GLOBAL PRO EXPRESS PRODUCT OR ANY UNDERLYING INFORMATION OR TECHNOLOGY, EVEN IF TO DO SO WOULD BE ALLOWED UNDER THIS AGREEMENT, EXCEPT IN STRICT COMPLIANCE WITH ALL UNITED STATES AND OTHER APPLICABLE LAWS AND REGULATIONS. Specifically, you agree that you are responsible for obtaining licenses to export, re-export, or import NetScreen-Global PRO Express Product. The NetScreen-Global PRO Express Product may not be downloaded, or the NetScreen-Global PRO Express Product otherwise exported or re-exported (i) into, or to a national or resident of, Cuba, Iraq, Iran, North Korea, Libya, Sudan, Syria, or any country to which the U.S. has embargoed goods; or (ii) to anyone on the U.S. Treasury Department's lists of Specially Designated Nationals, Specially Designated Terrorists, or Specially Designated Narcotic Traffickers, or otherwise on the U.S. Commerce Department's Table of Denial Orders.

9. U.S. Government Restricted Rights. The NetScreen-Global PRO Express Product is "commercial computer software" and is provided with restricted rights. Use, duplication, or disclosure by the United States government is subject to restrictions set forth in this Agreement and as provided in DFARS 227.7202-1(a) and 227.7202-3(a) (1995), DFARS 252.227-7013(c)(1)(ii) (OCT 1988), FAR 12.212(a)(1995), FAR 52.227-19, or FAR 52.227-14(ALT III), as applicable.

10. Tax Liability. You agree to be responsible for the payment of any sales or use taxes imposed at any time whatsoever on this transaction.

11. General. If any provisions of this Agreement are held invalid, the remainder shall continue in full force and effect. The laws of the State of California, excluding the application of its conflicts of law rules shall govern this Agreement. This Agreement will not be governed by the United Nations Convention on the Contracts for the International Sale of Goods. This Agreement is the entire agreement between the parties as to the subject matter hereof and supersedes any other agreements, advertisements, or understandings with respect to the NetScreen-Global PRO Express Product and documentation. This Agreement may not be modified or altered, except by written amendment, which expressly refers to this Agreement and which, is duly executed by both parties.

You acknowledge that you have read this Agreement, understand it, and agree to be bound by its terms and conditions.

Copyright Notice

Copyright © 1998-2001 NetScreen Technologies, Inc.

All rights reserved. Printed in USA.

Trademarks

NetScreen Technologies, Inc., the NetScreen logo, NetScreen-5, NetScreen-5XP, NetScreen-10, NetScreen-25, NetScreen-50, NetScreen-100, NetScreen-500, NetScreen-1000, NetScreen-Global Manager, NetScreen-Global PRO, NetScreen-Global PRO Express, NetScreen-Remote, GigaScreen ASIC, and ScreenOS are trademarks and NetScreen is a registered trademark of NetScreen Technologies, Inc.

All other company and product names referenced in this documentation are the trademarks of their respective owners.

�+��,�-��

��

��

��

��

��

� ��

��

��!��

��"�� # �� "�"

$�� "�%��&��'�� "�%�� "�(

��)�� "�(�� "�(�� "�*

�� "�*)�� "�+�� "�+

��)�� "�,��)�� "�,)�� "�,

�'��-�� "�.�� "�.�� "�.�� "�.

��%��$�� %�"

�� $�� %�"

��$�� %�(/��$�� %�(

0��!��)��/��#�� %�,

��!��$�� %�,��#��1��!�� %�2

��%��&��'��(�)��*��"�!� �

��

��(��!�� (�"

��!��!�� 3��)�� (�"

4��!��)�� (�%)��$ �� (�(0�� #�� (�(

5��#�!��)�� (�+��)��)��6�� (�,

�� (�2�� (�7��6�� (�"8�� (�"84�� (�"8�� (�""

��9�!�� (�"%

��!��)�� (�"(

��*��)��!�!�� *�"

��!:�)��'�!:��!�� *�+��!�� *�+��!�!� �� !�� *�+

3��!�� *�,)��'�!�� *�.��!�� *�.

��'�$�� *�.

��!�!�0�� *�"8�� !�0�� *�"%�� !�)��0��3�� *�"%

5��#�!��)��$�� *�"(

��!�!�� *�"*��/��1�6�� *�"*

�� !��3�� *�",

��!�!�� *�"2��/��1�6�� *�"2

�� !�� 3�� *�"7

��!�!�� !�5��'��3�� *�%8

��+��)��!�!�0�� +�"

��!:�)��'�!��!�0�� +�(��!�0�� +�(

3��0��!�� +�+

��

��

�+��,�-��

)��'�!�0�� +�,��!�0�� +�2

��!�0��$�� +�.��!�0�� +�7

��!�0��/�� +�"8

��!�0��/�� +�"(

��!�0��#�� +�"+

��!�0��/��5��'�� +�"2

��,��)��!�!�� ,�"

��!:�)��'�!:��!�� ,�(��!�� ,�(

�� ,�+3�� !�� ,�+

)��'�!�� ,�,��!�� ,�,

;��!�� 4�� ,�2

$��!�� 4�� ,�.$��!�� 4�� '�)��!�� ,�.$��!�� 4��3�� ,�"8��!��$�� ,�"8

�� !�� ,�""/��0$ �� ,�""

��'�/��6��#�� ,�""�� 4�� ,�""

�� ,�"(

��!�� ,�"*

�� $�� ,�",

��!�!�� ,�"2

��!�!�� ,�"2

��2��)��!�!�� 2�"

��!��!�� 2�(��!�� 2�(

3��!�� 2�*��!�� 2�+

��!�� #�� 2�,�� ' �� 2�2

��%��&��'��(�)��*��"�!� ��

��

��!�5��'��#�� 2�.

��.��'��&�� .�"

&�� .�%

��7��)�� 7�"

��!��)�� 7�%

)�� 7�()��)��6�� 7�*

�� 7�*��<��=��'�� 7�"(

)�� 7�"(�� '� �� 7�"(

�� 7�"+5��'�� 7�",�� 7�",4�� 7�"2

�� 7�"7��'�3��4�� 7�"73��'� �� 7�%"

��"8��3�� "8�"

5��#�� 3�� "8�")��'�� 3�� "8�(�� 3�� "8�*

3��;�� "8�+3��;��)��6�� "8�,3��;�� "8�,3��;�� "8�.

3�� "8�.3�� #� �� "8�.3��'� �� "8�7

��!��3�� "8�""��!�� "8�"*��!�� "8�",�� !�3�� "8�",)��'�!�3�� "8�"2��!�3�� "8�".

)��3�� "8�"7��!��)��3�� "8�%8��'�!��)��3�� "8�%8

��'�3�� "8�%"

��

��

�+��,�-��

��!��'�3�� "8�%"��'�!��'�3�� "8�%"

=��1�3�� "8�%"

��""��; ��)�� ""�"

4��!��; ��)��5��#�� ""�%

; ��)��)��6�� ""�(; ��)��6�� ""�*��9�!��; ��)��5��# �� ""�*

�� ""�*��9�!�� ""�,

��!�� ""�,��!�� ""�,��9�!�� ""�,

�� !�; ��4�!�� ""�2 ��< ��' �� ""�2�� ""�2

; �� ""�.

=��1�3�� ""�7

��"%�� )�� "%�"

�� )��)��6�� "%�%�� )��6�� "%�%

��9�!�� )��5��#�� "%�(�� "%�(��9�!�� "%�*

��!�� "%�*��!�� "%�*��9�!�� "%�*

��< ��' �� "%�*

�� "%�+

��"(��5 ��)�� "(�"

5 ��)��)��6�� "(�"5 ��)��6�� "(�%

��6�� "(�%�� 6�� "(�(

��9�!��5 ��)��5��# �� "(�+�� "(�,

��9�!�� "(�,��!�� "(�2

��%��&��'��(�)��*��"�!� ��

��

��!�� "(�2��9�!�� "(�2

�� !��4�!� �� "(�2 ��< ��' �� "(�.

��"*�� "*�"

��/��#�� "*�%��)��6�� "*�(�� "*�*�� "*�*

��!�� "*�+��'�!�� "*�,

� �� '� �� "*�,��!�� "*�25��#�!��!�� "*�2��!��5��#�� "*�.��!��5��#�� "*�7�� !�� "*�7� ��!�� "*�"8

�� "*�"8��'�� "*�"8

�� "*�"%� ��'�� "*�"%

�� "*�"%�� "*�"(

� �� "*�",�� "*�",�� "*�".

�� "*�%8�� "*�%8�� 5 �� "*�%"��0�� "*�%(

�'�� "*�%*�;�� "*�%*

�� "*�%+�� "*�%,

�3��#�� "*�%2�� "*�%2�� "*�%.

��1�� "*�%7�� "*�%7�� "*�(8�� #�!��>�� "*�(8

; �� "*�(%

� ��

��

�+��,�-��

��4�!�� "*�(%��4�!� �� "*�(*��'�� "*�(+

��"+��!�� '�� "+�"

4$�� "+�"/��0$� �� "+�"�� '�)��!�� "+�"$��!�� 4��3�� '�)��!�� "+�%$��!�� 4��3��3�� "+�*

��!� �� "$��!� �� "

)�� "�� %��)�� %�� (��!�4�!� �� *

��$��$ ��!�� +

��6��?�'��'�� 6�"

��'� ��"

$�� $@�"

��%��&��'��(�)��*��"�!� ��

��

��

��

��

The NetScreen-Global PRO Express Realtime Monitor Configuration Guide is one of a suite of guides for NetScreen-Global PRO Express.

0� ��;��3��&$��0$�;This guide explains how to install, configure and use NetScreen-Global PRO Express Realtime Monitor. It does not describe each configuration parameter for the NetScreen devices. Refer to the following documents for an explanation of configuration parameters and for examples on how to configure NetScreen devices:

• NetScreen Concepts & Examples ScreenOS Reference GuideTM

• NetScreen WebUI Reference GuideTM

• NetScreen Command Line Interface Reference GuideTM

These publications provide detailed information about NetScreen devices, as well as complete coverage of how to use the WebUI and the command line interface for device configuration.

�0�$;�;The NetScreen-Global PRO Express Realtime Monitor Configuration Guide is for network and system administrators, as well as those who will be installing, configuring, or operating the system. Users should already familiar with the NetScreen product family.

��%��&��-��,�$"��"�!� ��

��

��,��

�;��;;��4�6�4� ��0);��0$�;NetScreen-Global PRO Policy Manager Installer & User GuideThis document contains procedures for installing and using the NetScreen-Global PRO Netra Server with the Policy Manager software.

NetScreen-Global PRO Express Realtime Monitor Configuration GuideA guide to installing and configuring the Express Realtime Monitor and the Netra Server for Realtime Reports.

NetScreen-Global PRO Express Realtime Monitor Installer & User’s GuideA guide to using the Netra Server and Express Realtime Monitor for Realtime Reports.

�;4��;�� 064$��$��Please refer to the following guides for more information about your NetScreen products.

NetScreen Concepts & Examples ScreenOS Reference Guide: A guide to the ScreenOS™ used to manage the NetScreen-5XP, -10, -100, -500, and -1000. This guide presents the concepts behind NetScreen product features, and provides examples to illustrate those concepts in practice.

NetScreen WebUI Reference Guide: A thorough examination of the NetScreen WebUI. This guide provides descriptions of all the features on the WebUI for the NetScreen-5XP, -10, -100, -500, and -1000.

NetScreen CLI Reference Guide: A compendium of all the command line interface (CLI) commands. For each command, the complete syntax is presented, its arguments explained, and examples provided. Also, the platforms that support each command are listed.

NetScreen-5XP, -10/100, -25, -50, -500, and -1000 Installer’s Guides: Instructions for connecting a NetScreen device to a network, and doing an initial configuration to set up the device in Transparent mode with an Access Policy permitting outbound traffic only. An overview of the hardware and software is also included.

Note: The Installer’s Guides are platform specific; that is, there is a different Installer’s Guide for each NetScreen device.

��

��

NetScreen-5XP, -10, -25, -50, and -100 Getting Started Guides: A full-color glossy card with instructions for connecting the NetScreen-5XP, -10, or -100 to the network, and doing an initial configuration to set the operational mode of the device and create an Access Policy to permit outbound traffic only.

NetScreen-Remote Administrator’s Guide: A manual for installing and using the NetScreen-Remote™ software. NetScreen-Remote allows a remote user to connect to a NetScreen device via a virtual private network (VPN) tunnel.

ScreenOS Release Notes : A set of notes containing an overview of new ScreenOS 2.6.0 features, lists of addressed issues and known issues, and suggested bug fixes and work-arounds.

Note: Like the Installer’s Guides, the Getting Started Guides are platform spe-cific, with a different card for each NetScreen device.

��%��&��'��(�)��*��"�!� ��

��,��

��5;��$��The following defines the notation conventions we have used throughout this guide and all other guides in the NetScreen-Global PRO suite.

• All command lines appear in courier font.

• Anything inside < > is a variable.

• IP addresses are represented by <a.b.c.d> and <w.x.y.z>.

• A subnet mask is represented by <A.B.C.D>.

064$��$��;��NetScreen-Global PRO Express Realtime Monitor software version: 3.0

Document version: A, October 5, 2001

Specifications subject to change.

��

��

��$��;&�$�4��0 ��Technical support is available to registered users of NetScreen Global PRO.

• Web site: http:// www.netscreen.com

• E-mail: [email protected]

• Fax: 1 (408) 730-6100

• Voice: 1-800-638-8296

When contacting NetScreen Technologies, Inc. for technical support, please provide us with the following information:

• Your Service Level Agreement ID number.

• Your Name, Company and Telephone Number.

• Your fax number and an e-mail address.

• Equipment Type and Serial Number.

• Detailed description of the problem or conditions of failure.

The Technical Assistance Center (TAC) is staffed with highly trained Customer Service Engineers ready to provide technical troubleshooting assistance for our integrated Internet security appliances and software products. NetScreen’s preferred partners and authorized partners support the entire product line and should be your first point of contact for addressing technical product information.

International customers are supported by NetScreen’s in-country partners.

Customers without telephone support contracts can purchase support by the hour on a major credit card over the phone from 6am to 6pm PT (Pacific Time) weekdays. To purchase, please specify part number NS-CS5-001.

�� !!"�� #��$��%

Standard Hours:6:00am to 6:00pm PT (Pacific Time) Monday through Friday

Premium Hours:24 hours per day, seven days a week

��%��&��'��(�)��*��"�!� ��

��,��

��

��

��

� �� #The overview describes the elements that make up NetScreen-Global PRO Express Realtime Monitor.

This chapter provides the following:

• Introduction to the Realtime Monitor

• Architectural Hierarchy

• Realtime Monitor Components

• System Platforms and Requirements

��%��&��'��(�)��*��"�!� .�.

��

-/� ��.��0

$��0�$��The Realtime Monitor provides realtime monitoring data for NetScreen-Global PRO Express. Realtime Monitor allows customized realtime reports for NetScreen devices over multiple local area networks (LANs) or a wide area networks (WANs).

Features include:

• Single installation of all components.

• Role-based monitoring.

• Server-side alerts and message filtering.

• Monitor and Display Filters.

• Auto-reconnect for all components.

• Reliable data transfer (TCP/IP based).

Using Express Realtime Monitor, you can:

• Monitor all NetScreen devices on the network.

• Receive alerts via e-mail or other configured methods.

• Receive realtime performance and log reports.

The NetScreen-Global PRO Express Realtime Monitor includes the following components:

• Realtime Monitor Console

• Express Server

The Realtime Monitor Server Server collects the data from the monitored devices. To get the realtime monitoring data, you must configure the devices for Global PRO. In addition, you must configure the Global PRO system for the devices you want it to monitor.

��&��'Realtime Monitor lets you monitor your NetScreen devices by associating the device group with the DC. You can then monitor network traffic and realtime device statistics and reports from a single network operations center (NOC).

.��

��

��%��&��-�% ��

Figure 1-1 Realtime Monitor Architecture

�� Realtime Monitor uses NSP/IPSec technology to provide reliable data transfer between the server and the client.

�;�4�$);�)��$��) ��;��This section provides a brief description of the components that constitute the Realtime Monitor system.

�� The NetScreen devices provide the data to the DC. Every NetScreen device in the hardware family contains a Realtime Monitor agent that forwards data to the DC.

Console

Server

Devices

DC/MC/PostgreSQL

NSP/IPSec

NSP/IPSec

��%��&��'��(�)��*��"�!� .�

��

-/� ��.��0

�� The Realtime Monitor server contains the following pre-configured components:

• Data Collector

• Master Controller

• PostgreSQL database

��A Data Collector (DC) collects performance and fault related statistics from NetScreen devices. The DC polls the devices periodically, based on an adjustable polling interval for the device statistics such as protocol distribution, policy statistics, and interface statistics.

In addition, the device also pushes log or alarm data to the DC as it collects them. The DC acts as a server, serving the Realtime Monitor Console with performance statistics and log data. The DC also communicates with the Master Controller to periodically send summarized performance data as well as push the events (log and alarms) to the Master Controller to be updated to the database. All of these communications are over a TCP/IP based protocol.

Start the Realtime Monitor by configuring several devices to the DC. When the DC starts, it contacts the MC and obtains a list of devices from which, it collects data. The DC sends summarized data to the central database through the MC.

Consoles access the realtime data for a device by communicating with the associated DC. The DC serves the Realtime Monitor Console with realtime performance statistics, log, and fault data, which is then used to present graphical realtime statistics.

�� "&�

Based on an adjustable polling interval, the DCs poll devices for the following statistics:

• Policy distribution

• Protocol distribution

• Ethernet statistics

• Flow statistics

• Attack statistics

.��

��

��%��&��-�% ��

The device pushes the data for these logs to the DC, which listens on a well known port:

• Configuration logs

• Traffic logs

• Information logs

• Self logs

'�� (��

The devices collect the following fault data and pushes it immediately to the DC:

• Traffic alarms

• Attack alarms

• Miscellaneous alarms

��#� ��

When requested by the DC, the devices also provide the following information:

• Active VPN sessions

• Active authenticated users

• Active administrators

)��The MC communicates with the DC, the database, and the Realtime Monitor Console.

When the DC starts, it contacts the MC and obtains a list of devices to manage. The MC retrieves this information from the PostgreSQL database. The MC collects all of the data from the DC and periodically updates the device performance tables in the database.

The MC communicates with the database to retrieve management information and updated tables. All database access, including requests to update and retrieve data, is through the MC.

��The database collects and stores configuration information, which it shares with the MC.

The MC periodically updates the device performance tables in the database by collecting relevant information from the DC.

��%��&��'��(�)��*��"�!� .�1

��

-/� ��.��0

��)��The Realtime Monitor Console has two consoles:

• Realtime Monitor Console

• Monitor Console.

��)��The Realtime Monitor Console lets you associate remote devices with the DC, identify the DC to the MC. The Realtime Monitor Console communicates with the database via the MC.

The Realtime Monitor Console allows you to:

• Add and manage Netscreen devices.

• Manage role-based administrators.

• Configure polling intervals between the DC and MC.

• Manage customers.

• Access to the System Health Window.

• Access to the Monitor Console.

Using role-based administration, you can assign each user to one or more groups, with each group granting the user certain privileges when accessing a particular device. For example, a user may have the privilege to read all of the configuration and performance logs from the same device.

)��The Monitor Console provides devices statistics, access to reports, and filtering capabilities. Using the Filter Editor you can create and apply filters to view only the data that is most meaningful to you.

The Monitor Console allows you to:

• View at a glance the devices that are up and those that are down.

• Access device statistics.

• Create and apply filters.

• View graphical summary displays of your data.

��!"��

The Realtime Monitor offers realtime monitoring and reporting capabilities for your NetScreen devices. Realtime Monitor provides Control Pane buttons for the following:

.�2 ��

��

��%��&��-�% ��

• Event Monitor

• Device Monitor

• VPN Monitor

Each button provides realtime statistics and reports. You can sort, filter, save, and print any of these reports.

Using the Filter Editor to create filters, you can view realtime statistics for any device on the system. The console displays device specific and multiple device statistics. The reports available include:

• Summary Reports

• Policy Distribution Reports

• Protocol Distribution Reports

• Active Statistics Reports

• Ethernet Statistics Reports

• Flow Statistics Reports

• Attack Statistics Reports

• Traffic Log Reports

• Self Log Reports

• System Alert Reports

��%��&��'��(�)��*��"�!� .�3

��

-/� ��.��0

�A��;)��;=0$�;);��Before beginning the installation, review the system requirements necessary to install Realtime Monitor.

With NetScreen-Global PRO Express, all the necessary server components for Realtime Monitor run on a single server.

�� The Netra server houses all the necessary server components:

• Data Collector

• Master Controller

• PostgreSQL

��The Realtime Monitor Console requires:

• IBM-compatible PC running one of these operating systems:

– Microsoft Windows 2000 with Service Pack 1

– Windows NT Server with Service Pack GA 6

– Windows NT Workstation

• 256 MB RAM, minimum

�� The NetScreen devices require:

NetScreen ScreenOS 2.6.0 or above.

.�4 ��

��

��

$��The NetScreen-Global PRO Express server is pre-configured and requires minimal installation. This document takes you through the steps necessary to get your NetScreen-Global PRO Express server up and running. The server must be installed before you can download and install the Realtime Monitor Console.

�;�5;��$��44��$��The Express server is pre-configured and requires minimal installation.

1. Place the server in the rack and connect the following:

– Power cord

– Network cable in the Net 0 port

– Serial cable in the A LOM port

2. Open your OS emulation software, for example HyperTerminal. Set the Port Setting bps to 9600 and leave the other fields set to the defaults. Hit return, if necessary, for the prompt.

3. Turn on the server. Server startup details will scroll down the screen..

4. At the netscreen.global.provisioner console login: prompt, enter the following:

– name: root

– password: netscreen

The prompt appears: / >

5. At the prompt, change the console root password by entering the passwd command. When instructed, enter the new password, and confirm.

Caution NetScreen recommends that the server be placed in an Uninterruptable Power Supply (UPS) in case of power failure.

��%��&��'��(�)��*��"�!� ��.

-/� ��'��

6. Run netsetup to change the server IP address and update the PostgreSQL database.To do this, enter the following using the new IP address, netmask, and gateway:

netsetup “cn=Directory Manager” netscreen <IP address> <netmask> <gateway>

7. Set the Customer Authentication ID. You can create any Customer Authentication ID you like, but you must consistently use the same Customer Authentication ID for all components.

Run setauthid. Enter the following command, supplying the relevant information:

setauthid <Customer Authentication ID>

8. Change the Directory Manager password. To do this run rdnpasswd. Enter the following command, supplying the relevant information:

rdnpasswd “cn=Directory Manager” netscreen <New Password>

9. At the prompt, turn off the server using the toggle switch on the back.

10. Once the fan has stopped, the front panel light is off, and the lom> prompt appears on the screen, it is safe to restart the server.

11. If you are accessing Policy Manager and/or Realtime Monitor through a firewall, it is necessary to open the following ports to the appliance on the firewall:

• RTM: TCP 15400/15404/15403

• PM: TCP 1099/11111/80 UDP 69

12. Using your web browser, navigate to your server IP address. This is the IP address you set in step 6. This starts the console installation process.

Caution Do not use IFCONFIG to change the IP address. It will not update all the necessary components.

Caution Do not hold the toggle switch down for more than seven seconds. Holding the switch down enables debugging mode, which shuts down the server improperly.

��

��

-��'��

4$;��$��44��$��Use your web browser to install the Realtime Monitor client software on a Microsoft® Windows® platform.

This section provides information on installing the NetScreen-Global PRO Express Realtime Monitor. Be sure you have your server up and running before installing this component.

/��$��You must download the client software from the server.

From the console:

1. Using your web browser, enter the server IP address. For example:

http://172.16.10.33

The splash screen appears, as shown in Figure 2-1 on page 2-4.

2. Click on the Installer for Windows button under the NetScreen-Global PRO Realtime Monitor Console.

Note: See “System Requirements” on page 1-8 for specific requirements.

��%��&��'��(�)��*��"�!� ��

-/� ��'��

Figure 2-1 NetScreen-Global PRO Express Web Installation

3. After downloading, double-click rtms-client-setup.exe

Depending on your browser, one or two Security Warning screens appear.

4. Click Yes to both to proceed.

The NetScreen installer guides you through the installation process.

As with all the installation screens, you have the option of returning to the previous screen, exiting the installation or proceeding.

The following screens display the licensing agreement as well as important information regarding installation components and requirements. Please scroll through and read before continuing.

��

��

-��'��

A window opens so that you can specify the install folder.

Accept the default location or click Choose to select another location. You can use Restore Default Location to restore the installation directory default.

5. Select the desired installation folder and click Install.

A series of splash screens with a task bar appears, so that you can monitor the installation.

6. When prompted, as shown in Figure 2-2, you need to enter the IP address of the Master Controller and the Customer Authentication ID.

Figure 2-2 Configure NetScreen-Global PRO Express Realtime Monitor

7. Click Next when done.

Upon successful installation, an Install Complete window opens.

8. Click Done to quit the installer.

��%��&��'��(�)��*��"�!� ��1��

-/� ��'��

0�$��44$��;�4�$);�)��$��3��)�/$��/�To remove the Realtime Monitor Console, do the following. This removes the components but leaves the configuration files.

1. Navigate to the Uninstalling Policy Manager Console in the NetScreen-Global PRO folder on your workstation.

2. Click Uninstall to remove the NetScreen-Global PRO console from the workstation.

You can also remove NetScreen-Global PRO Express Realtime Monitor by using Add/Remove Programs on the Control Panel.

&��;�0��);��0�&;��$��$��$�To change the cutomer authentication ID for Realtime Monitor, you must stop the server, run the change script, then restart the server.

3. Run setauthid from the /usr/netscreen/RealtimeMt/startup directory. Enter the following command, supplying the relevant information:

./setauthid <Customer Authentication ID>

4. Reboot the server.

If you have already installed the client software, you have two options:

• Reinstall the console

• Edit the pro.admin.init file

�� "��"��

To reinstall the console see “Client Installation” on page 2-3.

�� !�")��*��)�� +��

The server pro.admin.init file is located in the /usr/netscreen/RealtimeMt/startup directory. To edit the pro.admin.init file:

Caution For security reasons, you must change the customer authentication ID from the default: netscreen.

��2 ��

��

-/��$��-"��%��"�/��'5

1. Open the /usr/netscreen/RealtimeMt/startup/pro.mc.init file and copy the new encrypted customer authentication ID.

2. Open the /usr/netscreen/RealtimeMt/startup/pro.admin.init file and paste the new encrypted customer authentication ID, replacing the old customer authentication ID.

3. Restart the program.

��#��1��!�Both the Netra servers are configured with these default settings:

Settings Default

IP Address 192.0.0.1

Netmask 255.255.255.0

Appliance root name root

Appliance root password netscreen

LDAP server Super Directory user name

cn=Directory Manager

Customer Authentication ID netscreen

NetScreen Realtime Monitor root directory

/usr.netscreen/RealtimeMt

��%��&��'��(�)��*��"�!� ��3��

-/� ��'��

��4 ��

��

��

��!��This chapter describes the following procedures:

• Configuring the NetScreen devices for Realtime Monitor

• Launching the Realtime Monitor Console

• Viewing the Realtime Monitor Console

• Accessing the Monitor Console

The following components should be started and configured in the order described below.

��3$�0�$��&;��;��;;��;5$;��3��;�4�$);�)��$��Refer to the individual NetScreen Installer’s Guides when installing the devices that will be part of the NetScreen-Global PRO Express system. After you install the NetScreen devices, you must configure them for NetScreen-Global PRO. If you are using the WebUI, follow these steps:

1. For a first-time configuration, you are directed to an IP Configuration dialog box.

– Enter the IP address and subnet mask for the device.

2. Click the Admin tab, and then the NS Global tab. Do the following, and then click Apply:

– Select Enable Global Manager/PRO VPN encryption.– Select Enable Global PRO.

– Enter the Global PRO server settings. (The secondary IP address is for failover support.)

3. Click Interface, then click Edit.

4. Select NS-GlobalPRO.

When you enable Global PRO, devices running ScreenOS 2.6 send extended logs and reports through the NetScreen-Global PRO system.

5. Click Save.

��%��&��'��(�)��*��"�!� �.

-/� ��$��!

S

4�0�&$��;�4�$);�)��$��Upon successful startup, launch the Realtime Monitor from the Windows platform.

To start the Console, double-click the desktop icon.

The NetScreen-Global PRO Express Realtime Monitor login screen appears.

Note: Although you can start the server before you have configured NetScreen-Global PRO Express, you must install the NetScreen-Global PRO Express Realtime Monitor Console.

In addition you must configure and administer the devices that NetScreen-Global PRO Realtime Monitor will be managing. See “Configuring the NetScreen Devices For Realtime Monitor” on page 3-1 for more information.

Note: The server must be installed and running before you can start this Console.

��

��

#�"��/��$��%��&��

)��$ ��The Master Controller (MC) works with the internal database. You must specify the Master Controller IP address so that NetScreen-Global PRO Realtime Monitor can establish communication with it. Specify the IP address or host name of the host server running the MC.

The setting you select for the Master Controller IP address appears on the login screen the next time you log in.

0�� #��A local configuration file stores the profile settings of all users who log into the Console.

The first time you log on, use the default user name (netscreen) and password (netscreen).

After the initial login, a message appears, prompting you to change the password.

For security purposes, you must change the password.

��%��&��'��(�)��*��"�!� ��

-/� ��$��!

When the Console opens, the login screen appears.

1. Enter your user name and password.

2. Enter the Master Controller IP address.

You have the option of saving your user name and IP address. Doing so will associate your name with that IP address next time.

3. Click Login.

You should now see the Realtime Monitor Console collecting the data from the Master Controller.

The Realtime Monitor Console appears, as shown in Figure 3-1.

��

��

��0��$��/��%��&��-��

5$;/$��&;��;�4�$);�)��$��4;Realtime Monitor opens to the Realtime Monitor Console. This is where you create associations between all of the components.

Figure 3-1 Realtime Monitor Console

The Realtime Monitor provides five categories of management, represented by the buttons in the Control pane:

– Groups

Note: The size of the Details Pane can be adjusted by moving the left border with your mouse.

Control Pane List Pane Details Pane

��%��&��'��(�)��*��"�!� �1��

-/� ��$��!

– Users

– Data Collectors

– Devices

– Customers

The default tab selection is the Groups tab, as shown in Figure 2-1 on page 2-3.

You must enter in the NetScreen devices and the server. As well as create groups of users, customers, etc. Finally, you will create associations between all these components.

��)��)��6��This section describes the menu commands available to you in the Realtime Monitor Console.

The Realtime Monitor Console menu bar provides the following commands:

File Import This feature allows you to conveniently import device configurations from NetScreen-Global PRO Express Policy Manager into Realtime Monitor.

Export Export Device List. Use to export a device list from Realtime Monitor.

Log out Logout or to allow another administrator to log in.

Exit Exit the program.

Edit Add The command is contextual. For example, if you are in the Groups Pane, Add will bring up the Add Group window.

Delete The command is contextual. For example, if you are in the Users Pane, Delete will bring up the Delete Users window

View Refresh Updates your view of the interface

Toolbar Names

Toggle switch that allows you to turn off and on the toolbar icon names.

Settings Web Browser Launches your web browser from within Adminis-trator Console.

Server Properties

Allows you to set up server email notification prop-erties.

Help Help Topics Provides context-sensitive help.

About Contains version, build and copyright information.

�2 ��

��

��0��$��/��%��&��-��

�� Click the Server Properties command on the Setting menu to configure your server email notification.

The Email Notification property sheets for the Data Collector. Use this to enable server-side email event notification.

Figure 3-2 Data Collector Properties Email Notification Tab

��%��&��'��(�)��*��"�!� �3��

-/� ��$��!

To enable email notification, check the Enable Email Notification box at the top of the pane and enter the following Email properties.

SMTP Server Name SMTP server address for sending email notifications. For example: 172.16.10.212

Sender’s Email Address

User email address for sending out email.

Receiver’s Email Address

User email address for receiving email.

Identical Event Resend Interval

The time interval, in seconds, for suppressing duplicated error messages. The default is 3600 seconds (one hour). This means that the same email message would not be resent within the specified time interval.

Email Flush Msg. Interval

The time interval, in seconds, for flushing out buffered email messages to the administrators. The default is five seconds. This specifies how often to check and send email messages.

Max. Messages Per Minute

Limits the maximum number of notification messages that can be sent out per minute.

Number of Events Per Email Message

How many events can be grouped together and sent in a single email. The default is one.

Enable Verbose Mode Enables detailed email messages. Verbose mode includes host name, event severity level, event summary, first and last occurrence of the event, and the repeat count.

Email Severity Level Use this drop-down menu to specify the message severity level at which email is generated.

Only the specified level of severity is selected.

Email These Events Traffic Alarms. Checkbox to enable/disable email notification of traffic alarms.

Attack Alarms. Checkbox to enable/disable email notification of attack alarms.

Misc. Alarms. Checkbox to enable/disable email notification of misc. alarms.

�4 ��

��

��0��$��/��%��&��-��

You can receive email notification based on severity levels or specific events. The Data Collector performs a logical “or” operation on these criteria. For example, if a message’s severity level is critical and you have specified critical or the message is an attack alarm message and you have specified attack alarm, then an email is sent.

�*�� #��% �#��

Use the drop down menu to specify the severity level of event you want sent as email notifications. This means that all events matching the severity level or the checked boxes would be sent as email. The severity level range is from clear to critical.

�*�� #��

Use the checkboxes to enable and disable email notification for the following alarms.

• Traffic Alarms

• Attack Alarms

• Miscellaneous Alarms

Make the desired changes and then click OK.

��The Realtime Monitor Console comes with a detachable toolbar. The toolbar contains the most commonly used menu commands. Using your mouse on the grip, you can drag the toolbar anywhere on your desktop. Return the toolbar by clicking the close button.

Note: Disabling retains the information last used for future enabling.

Note: When you detach the toolbar, a new icon appears on the status bar

��%��&��'��(�)��*��"�!� ��

-/� ��$��!

��6��The status bar at the bottom of the screen indicates your user name and IP address. Additionally, the status bar provides you with information on display filters, what messages are being processed, events received, and other information.

�� Navigate through the Realtime Monitor Console using the buttons in the Control Pane. The selected button in the Control Pane reflects the active component in the Details Pane. The other component buttons are dimmed but still available.

Figure 3-3 Control Pane

See the corresponding chapters for more information on each of the buttons in the Control Pane.

4�� The List Pane displays the list specified by the Control Pane. If you click the Groups button, then the Group Name List Pane is displayed. If you click the Users button then a Users Name List Pane is displayed, and so on.

You can right-click anywhere in the List Pane to access a context-sensitive popup menu bar, as shown in Figure 2-3.

�.� ��

��

��0��$��/��%��&��-��

Figure 3-4 List Pane, Right-Click Popup

You can sort the List Pane by clicking in the header. Clicking again reverses the sort.

�� Like the List Pane, the Details Pane is context sensitive. Use the buttons in the Control Pane to navigate through the other panes. The Details Pane displays the property sheets for elements within the Console. These are screens with multiple tabs. Click on the appropriate tab to access or provide information.

��%��&��'��(�)��*��"�!� �..��

-/� ��$��!

Figure 3-5 Details Pane

��9�!��Realtime Monitor Console contains many tables that you can customize to suit your needs.

A table can be customized in various ways:

Sort the items in a column by clicking on a table header.

Reorder the columns in tables by dragging the column headings left or right.

Resize columns by moving the table header borders either left or right.

Note: When you sort a column an arrow appears in the column header to indicate whether the sort is up or down. This column determines the sort order for the entire table.

�.� ��

��

��$��/��&��-��

�;��$��&;�)��$��4;Click the Monitor Console button in the Control Pane to launch the Monitor Console.

.

Figure 3-6 Monitor Console

��%��&��'��(�)��*��"�!� �.��

-/� ��$��!

�.� ��

��

��

)��!�!��You first create administrative groups using the Group Management Screen of the Realtime Monitor Console. You then assign role-based administrators, called users, to these groups, assign customers to groups, assign devices to groups and assign virtual systems to groups.

The Groups Management Window is divided into three panes. The left pane is the Control Pane. The middle pane shows the Group Name List Pane, which lists the managed groups. The right pane displays a Detailed View containing 5 tabs: General, Users, Customers, Devices, and Virtual Systems as shown in Figure 4-1 on page 4-2.

These screens allow configuration and supply information for the group selected in the Group Name List Pane.

This chapter explains how to:

• Navigate the Group Management Screen.

• Create, Modify, and Delete Groups.

• Define Group Privileges.

• Assign and Remove Users from Groups.

• View Group Member Information.

• Assign and Remove Customers from Groups.

• Assign and Remove Devices from Groups.

• Assign Virtual Systems to Groups.

��%��&��'��(�)��*��"�!� ��.

��

-/� ��&��$��$��" �

Selecting a specific group in the Group Name List Pane initially provides a description and the assigned privileges in the Details Pane about that group, as shown in Figure 4-1.

Figure 4-1 Group Management Screen

The NetScreen-Global PRO Express Realtime Monitor Console opens with a default group: admin_group. Selecting a specific group in the Group Name List Pane provides information in the Details Pane about that group.

Double-click the default admin_group in the Group Name List Pane, to see that the default user name automatically appears as a user assigned to the default admin_group.

��

��

Figure 4-2 Group List Pane, Expanded View

Double-clicking the group icon in the Group Name List Pane again nests the view back to groups only.

��%��&��'��(�)��*��"�!� ��

��

-/� ��&��$��$��" �

Once you have populated your groups with users, you can double-click on a group in the Group Name List Pane to see the assigned users of that group, as shown in Figure 4-2 on page 4-3.

Clicking on an individual user in the Group Name List Pane brings up a window of that user’s contact information in the Details Pane.

Double-click on the group in the Group Name List Pane again to collapse the list.

Figure 4-3 Group User Summary

��

��

-��$6�&�!�,7��$6��!�5��$��" �

�;��$��:�)��$3A$��:��;4;�$��0 �Select the General tab within the Details Pane to create new groups and assign or modify group privileges.

��!��To add or create a group you must be in the Group Management Screen of the Realtime Monitor Console.

1. With the General tab selected, click the Add button in the toolbar.

You can also use the following methods to do the same thing:

– Right-click in the Group Name List Pane. On the popup menu that appears, choose Add Group.

– Choose Add from the Edit menu.

2. Enter the new group’s name and an optional description of the group in the designated fields.

3. Assign the NetScreen-Global PRO privileges for this group.

��!�!� �� !��– Administer database: Not supported in this release

– Create user/group: Ability to create new users and groups

– Assign privileges: Ability to assign or modify privileges to groups and users

– Add/remove device/DC: Ability to create or delete devices, Data Collectors and customers. Additionally, it confers the ability to associate devices to Data Collectors.

4. Click Update when finished.

The new group appears in the list of groups in the Group Name List Pane, as shown in Figure 4-4.

��%��&��'��(�)��*��"�!� ��1

��

-/� ��&��$��$��" �

Figure 4-4 Group Management Screen with Newly Created Group

3��!��After creating new groups, you must add users. See “Managing Users” on page 5-1. You must enter all the components before populating the groups or creating associations between devices and customers.

Once you have entered all the components, you must create associations between them. Proceed through each chapter to set up each association, beginning with “Assigning Users to Groups” on page 4-10.

��2 ��

��

-��$6�&�!�,7��$6��!�5��$��" �

Figure 4-5 New Untitled Group

��%��&��'��(�)��*��"�!� ��3

��

-/� ��&��$��$��" �

)��'�!��An administrator with the proper privileges can modify a group name, the description, or the group privileges.

To modify a group you must be in the Group Management screen of the Realtime Monitor Console.

1. With the General tab selected, click the desired group in the Group Name List Pane.

2. Enter the new information.

3. Click the Update button.

��!��An administrator with the proper privileges can only delete an empty group. If you attempt to delete a group that is still populated with users, the following message appears. See “Removing Users from Groups” on page 4-12 for more information.


2. Click the Delete icon in the toolbar.


– Right-click in the tree topology panel. On the popup menu that appears, choose Delete Group.

– Choose Delete from the Edit menu.

�;0�$�A�$��0;�A user who is assigned to a group inherits all of the group’s privileges, customers, and devices. A user assigned to multiple groups inherits the highest access from all the assigned groups.

��4 ��

��

��"��7�'��"��

For example, Sasha is a member of Group A (privileges: administer database and create user) and Group B (privileges: create group and add/remove device/DC). Sasha inherits all four privileges from these two groups. If Libby is a member of Group C, and Group C has all privileges, Libby has the same privileges as Sasha.

Conversely, removing any user from a group could lower the user’s NetScreen-Global PRO privileges if that group provides additional privileges which the user does not otherwise have.

For more information on managing users, see “Managing Users” on page 5-1.

��%��&��'��(�)��*��"�!� ��

��

-/� ��&��$��$��" �

��$��$��0�;��0 �Once you have created and defined groups and created a list of available users, you must then assign users to the groups. You can assign any number of users to a group. You can also assign a user to multiple groups. You can also remove users from groups.

To assign users to the selected group:

1. While in the Group Management screen, select the desired group from the Group Name List Pane.

2. Click the Users tab in the Groups Details Pane, as shown in Figure 4-6.

Figure 4-6 Group Management Screen, Users Tab Selected

��.� ��

��

��$��$�)��" �

The available users appear in the top panel and the selected users appear in the bottom panel. All available users are listed together with phone number-1 and email address-1.

Refer to “Control Pane” on page 3-10 for instructions on rearranging columns.

3. Click a user in the Available Users list, then click Add.


Caution Remember to click Update after every entry for the changes to take effect.

Note: You can select multiple users by holding down the shift key for sequential users or the control key for out-of-sequence users.

��%��&��'��(�)��*��"�!� ��..

��

-/� ��&��$��$��" �

�� !�0��To remove a selected user from a group:


2. Select the Users tab in the Details Pane.

3. Select the user from the Selected Users list.

4. Click the Delete button.

The user moves from the Selected Users list back to the Available Users list.

A user who is assigned to a group inherits all of the group’s privileges, customers, and devices. A user assigned to multiple groups inherits the highest access from all the assigned groups.

Conversely, removing any user from a group may lower the user’s NetScreen-Global PRO privileges if that group provides extra privileges which the user does not have. See “Security Issues” on page 4-8 for more information.

5. Click Update.

�� !�)��0��3��1. With the General tab selected, click the desired group in the Group Name

List Pane.

2. Select the Users tab in the Details Pane.

3. To select multiple users, hold down the control key while clicking on the users in the Selected User list.

4. Click the Remove button.

5. When finished click Update.

Caution Assigning or removing a user to or from a group has security implications.

Note: You must click Update each time you delete a user or users from a group.

Note: To confirm that a group is empty, double-click on the group in Group Name List Pane.

��.� ��

��

��0��$��" �&�%��'�,��%��

5$;/$��0 �);)6;��$�3��)��$��To view information about each individual user in a particular group:

1. From the Group Name List Pane, double-click on the desired group to view the users assigned to that group.

2. Select the specific user in the Group Name List Pane.

The selected user, together with the contact information appears in the Details Pane, as shown in Figure 4-7.

Double-click on the group again to collapse the list.

Figure 4-7 Group Member Information Screen

��%��&��'��(�)��*��"�!� ��.

��

-/� ��&��$��$��" �

��$��$��0��);��0 �The Customers tab in the Details Pane provides a view of the Available Customers and the Selected Customers associated with a specific group. Both panes include the customer name, the contact person, phone number, and email address. The Selected Customers Pane includes two additional fields: Read and Write check boxes. These boxes can be checked or cleared by a privileged administrator.

��/��1�6��These check boxes are customer specific. Clearing the Read check box prevents customers from accessing or changing device information reports.

Clearing the Write check box prevents users from making changes to the configuration and all device polling attributes (see “Polling Attributes” on page 6-14 for details). A privileged administrator can check or clear these boxes.

With the proper privileges, you can assign a new customers to a group, or remove customers from a group.

To assign customers to the selected group:

1. Click the Groups button in the Control pane.

2. Select the desired group from the Group Name List Pane.

3. Click the Customer tab in Details Pane.

All available customers appear in the Available Customers panel.

Note: The default for the Read and Write check boxes is enabled.

��.� ��

��

��$��$�-"��%��" �

Figure 4-8 Groups Screen, Customer Tab Selected

4. Click a customer in the Available Customers list, then click Add.

The customer moves from the Available Customers List to the Selected Customers List.

5. Click Update.

Note: See “Control Pane” on page 3-10 for information on rearranging table columns.

��%��&��'��(�)��*��"�!� ��.1

��

-/� ��&��$��$��" �

�� !��3��To remove customers from a selected group:

1. Click the Groups button in the Control Pane if you are not already in the Group Management screen.


3. Click the Customer tab in Details Pane.

All available customers appear in the top panel and all selected customers appear in the bottom panel.

4. Click the customer in the Selected Customers list, as shown in Figure 4-9.

5. Click Remove.

The customer moves from the Selected list back to the Available list.


Figure 4-9 Groups Screen, Customer Selected

��.2 ��

��

��$��$�5��" �

��$��$��;5$;��0 �You can assign a NetScreen device to a group or remove it, with the proper privileges.

The Devices tab in the Details Pane provides a view of the Available Devices and the Selected Devices already associated with a specific group. Both panes include the device name, the serial number, type, and device IP address. The Selected Devices Pane includes two additional fields: Read and Write check boxes.

��/��1�6��These check boxes are device specific. Clearing the Read check box prevents group users from connecting to the DC and accessing device information reports.

Clearing the Write check box prevents users from making changes to the configuration and all device polling attributes (see “Polling Attributes” on page 6-14 for details). A privileged administrator can check or clear these boxes.

To assign devices to a selected group:

1. Click the Groups button in the Control Pane if you are not already in the Group Management screen of the Realtime Monitor Console.


3. Click the Devices tab in Details Pane.

All available devices appear in the top panel and all selected devices appear in the bottom panel. Use the scroll bar to see the entire list of devices.

4. Click a device in the Available Devices list, then click Add.

5. Click Update.

Note: The default for the Read and Write check boxes is enabled.

Caution Remember to click Update after every entry, otherwise the changes will not take effect.

��%��&��'��(�)��*��"�!� ��.3

��

-/� ��&��$��$��" �

Figure 4-10 Groups Screen, Device Tab Selected

Note: When you add Customers to a Group, the Group inherits all the devices associated with that Customer. A Grayed out device in the Selected Devices Pane indicates that the device is associated with a Customer in the Group.

��.4 ��

��

��$��$�5��" �

�� !�� 3��To remove a device or devices from a selected group:



3. Click the Devices tab in Details Pane.

All selected devices for the group are listed.

4. Click the device or devices you want to remove from the Selected Devices list, as shown in Figure 4-11.

Figure 4-11 Groups Screen, Device Selected

5. Click Remove.

The device moves from the Selected Devices list back to the Available Devices list.


��%��&��'��(�)��*��"�!� ��.�

��

-/� ��&��$��$��" �

��$��$��;)�5$��5$��0�4��A��;)��3��)��0 �Each NetScreen-500 and NetScreen-1000 device can provide multi-tenant services via virtual systems, each of which is a unique security domain with its own management.

To assign virtual systems to a selected group:



3. Click the Virtual Systems tab in Details Pane.

All available virtual systems for the group are listed.

Figure 4-12 Customers Screen, Virtual Systems Tab Selected

4. Click a virtual system in the Available Virtual Systems list, then click Add.

��

��

��$��$��%��$��"��7��%��8��%��" �

The virtual system moves down to the Selected Virtual Systems list.


To remove a virtual system from this group:

1. Select it from the list of selected virtual systems.

2. Click Remove.


��%��&��'��(�)��*��"�!� ��.

��

-/� ��&��$��$��" �

��

��

��

)��!�!�0��Role-based administrators, called users, govern their associated customers, devices, and virtual systems.

From the Users Management screen of the Realtime Monitor Console, the Console allows you to create new users, assign users to groups, assign users to customers, assign devices to users and assign virtual systems to users. You can also access contact information with ease.

This section explains how to:

• Add, Modify, and Delete Users.

• Add User Contact Information.

• Associate Users with Groups.

• Associate Users with Customers.

• Associate Users with Devices.

• Associate Users with Virtual Systems.

• Associate Devices with Customers.

• Associate Virtual Systems with Customers.

The final section provides an example of a new user and walks through the creation of associations for that user.

��%��&��'��(�)��*��"�!� 1�.

��

-/� ��1�&��$��$�)��

NetScreen-Global PRO Express Realtime Monitor Console provides role-based administration, meaning that depending upon the privileges, users can do the following:

• Administer the database.

• Create other users and groups.

• Assign privileges..

Figure 5-1 Users Management Screen

Click the Users button in the Control Pane brings up the User Management Screen.

The User Name List Pane now displays a complete list of users. Double-clicking the header sorts the items in a column in ascending or descending order.

1��

��

�!!��$6�&�!�,7��$��!�5��$�)��

The Details Pane displays six tabbed screens, which allow configuration and supply information for the user selected in the List Pane.

Initially, there is only the single default user. This user name appears in the List Pane and is automatically assigned to the default admin_group.

��$��:�)��$3A$��;4;�$�� 0�;��As long as a user has the privilege of creating new users and groups, that user can also modify and delete groups. For more on administrator privileges, see “Assigning Privileges” on page 4-5.

��!�0��To add new Users to the available user list:

1. Click the Users button in the Control Pane if you are not already in the Users Management Screen.

2. Click the Add button in the toolbar.

You can also use these methods to do the same thing:

– Right-click in the User Name List Pane. From the popup menu choose Add User.

– Choose Add from the Edit menu

“Untitled” appears in both the User Name List Pane and the Details Pane, as shown in Figure 5-2 on page 5-4.

��%��&��'��(�)��*��"�!� 1�

��

-/� ��1�&��$��$�)��

Figure 5-2 Users Configuration Screen

3. Replace “Untitled” with the user name.

4. Enter and confirm the password.

5. Select the desired “Global PRO Privileges” for that user.

• Administer database: Not supported in this release; reserved for future use.

• Create user/group: Ability to create new users and groups

• Assign privileges: Ability to assign or modify privileges to groups and users

• Add/remove device/DC: Ability to add or remove NetScreen devices or Data Collectors.

Note: For more user privileges, see “Security Issues” on page 4-8.

1��

��

�!!��$6�&�!�,7��$��!�5��$�)��

6. You have the option of entering Contact Information for each user at this time. To do this click the Contact Info tab in the Details Pane. See “Adding User Contact Information” on page 5-8 for more information.


The new user appears in the User Name List Pane. Continue adding your users in the same way. You have no limit to the number of users you can add.

3��0��!��After adding new users, go to “Managing Devices” on page 6-1.

Once you have added all the components you create links or associations between groups, users, devices, etc. Proceed through each chapter for instructions.

Note: As long as the user has the privilege of creating users and groups, that user can fill in the contact information later.

Note: You can sort the User Name List Pane in ascending or descending order by clicking on the Lists header.

��%��&��'��(�)��*��"�!� 1�1

��

-/� ��1�&��$��$�)��

Figure 5-3 New User, General Tab

)��'�!�0��To modify or make changes to information for a specific user, do the following:

1. Click the Users button in the Control Pane if you are not already in the Users Management screen.

2. Select the desired user from the User Name List Pane.

3. Make the necessary changes on the appropriate tabbed screen in the Details Pane.


Note: You can only edit one user at a time.

1�2 ��

��

�!!��$6�&�!�,7��$��!�5��$�)��

��!�0��To delete a specific user from the list:





After highlighting the user in the User Name List Pane,

– Right-click in the User Name List Pane. On the popup menu that appears, choose Delete User.


You must confirm your delete decision.


Note: If you make a mistake before clicking Update, use the Undo button.

��%��&��'��(�)��*��"�!� 1�3

��

-/� ��1�&��$��$�)��

��$��0�;��$�3��)��$��While not required, Contact Information is useful in case of problems or questions. For example, if a device is down at a remote site, you have quick access to the administrators telephone number and email.

With role-based administration, contact information may be role specific.

To enter the contact information for a selected user:



3. Select the Contact Info tab in the Details Pane.

4. Enter the contact information for this user.

If you make a mistake while editing, click the Undo button.

1�4 ��

��

�!!��$�)��-��'�,��%��

Figure 5-4 Users Configuration Screen, Contact Info Tab Selected


��!�0��You can sort the Users in the User Name List Pane by clicking on the header. Click again to reverse the sort.

��%��&��'��(�)��*��"�!� 1��

��

-/� ��1�&��$��$�)��

��$��$��0�;��/$�&��0 �A user can belong to more than one group. Remember that a user inherits the privileges of the groups that he or she belongs to.

For example, if Sasha belongs to Team A and already has full privileges and then is assigned to Team B with only Add/Remove Device or DC (Data Collector) privileges, Sasha brings full privileges with her to Team B.

To assign a group to a selected user:



3. Select the Groups tab in the User Management screen.

The following screen appears listing all the groups already associated with that user and the remaining groups available.

1�.� ��

��

��$�)��9��/��" �

Figure 5-5 Users Configuration Screen, Groups Tab Selected

4. Select the desired group from the Available Groups and click the Add button. The Group moves over to the Selected Groups list.

Notice that the user’s privileges change when adding or removing groups with differing privileges associated with them. See “Security Issues” on page 4-8 for more on how adding groups with different privileges can impact your security.


To assign multiple users to a group at once, see “Assigning Users to Groups” on page 4-10.

To remove a group from this user, do the following:

1. Select it in the list of Selected Groups.

��%��&��'��(�)��*��"�!� 1�..

��

-/� ��1�&��$��$�)��

2. Click Remove.


Assigning a group to a user is a convenient way for the user to inherit all of the assigned group’s privileges, customers, and devices.

Note: Assigning a group to a user or removing a user from a group has a security implication. Assigning a group to a user gives that user all the privileges of the group, which may give more privileges than the user should have. Removing a user from a group may lower the user’s privileges if that group provided extra privileges that the user does not otherwise have.

1�.� ��

��

��$�)��9��/�-"��%��

��$��$��0�;��/$�&�0��);��Groups or individual users manage your extranet or subscription customers. With Realtime Monitor Console role-based administration, you may create associations between customers and users or the groups the users belong to.

Depending upon the assigned user privileges, an administrator may have access to a list of all customers or only have access to assigned customers.

To assign customers to a selected user:



3. Select the Customers tab in the Details Pane.

Two panels appear; the Available Customers panel and the Selected Customers panel, as shown in Figure 5-6 on page 5-14. Each panel includes the following customer information:

• Customer Name

• Contact Person

• Phone Number

• Email Address

The Selected Customers list also contains check boxes for read and write privileges. For information on Read and Write check boxes, see “Read and Write Check Boxes” on page 4-14.

Note: The term “Customers” refers here to subscribers to a service.

��%��&��'��(�)��*��"�!� 1�.

��

-/� ��1�&��$��$�)��

Figure 5-6 Users Configuration Screen, Customers Tab Selected

4. Assign any customers that are the responsibility of this user.

Select a customer from the Available customers list, then click Add.

To remove a customer from this user, select it in the list of Selected customers, then click Remove.


Note: A user who is not a member of any group will only be able to work with the customers that you assign here. If the user is also assigned to one or more groups, the user inherits the management privileges for additional customers that belong to those groups.

1�.� ��

��

��$�)��0��/�5��

��$��$��0�;��/$�&��;5$;�Realtime Monitor Console lists the available NetScreen devices under the Devices Tab in the User Screen. This screen has the following device information:

• Serial Number

• Device Type

• Device IP Address

This screen also has selected devices and the associated read/write privileges.

To assign devices to the selected user:



3. Select the Devices tab in the Details Pane.

Figure 5-7 Users Configuration Screen, Devices Tab Selected

��%��&��'��(�)��*��"�!� 1�.1

��

-/� ��1�&��$��$�)��

4. Select a device from the Available Devices list, then click Add.

To remove a device from this user, select it from the list of Selected Devices, then click Remove.


1�.2 ��

��

��$�)��9��/��"��7��%�

��$��$��0�;��/$�&�5$��0�4��A��;)�Realtime Monitor Console lists the available virtual systems with device information under the Devices Tab in the Virtual Systems Screen. This screen has the following information:

• Serial Number

• Type

• IP Address

• Virtual System

This screen also has selected devices and the associated read/write privileges.

To assign a virtual system to a selected user:



3. Select the Virtual Systems tab in the Details Pane.

��%��&��'��(�)��*��"�!� 1�.3

��

-/� ��1�&��$��$�)��

Figure 5-8 Users Management Screen, Virtual Systems Tab

4. Choose from the Available Virtual Systems.

5. Click the Add button to assign the Virtual Systems to the user.

The Virtual Systems moves into the Selected Virtual Systems Pane.


1�.4 ��

��

��

)��!�!�� Realtime Monitor allows you to assign role-based administrators to manage NetScreen devices. You must first configure the devices for NetScreen-Global PRO so that the Realtime Monitor can access them.

To add and manage NetScreen devices, click the Devices button in the Control Pane.

This section explains:

• Add, Modify, and Delete Devices

• Import Device List from NetScreen-Global PRO Policy Manager

• Configure Devices for NetScreen-Global PRO

• Device Details

• Polling Attributes

• Device Contact Information

• Assigning Devices to a Group

��%��&��'��(�)��*��"�!� 2�.

��

-/� ��2�&��$��$�5��

Figure 6-1 Devices Management Screen

Click the Devices button in the Control Pane to open the Device Management screen.

The List Pane now displays a list of Devices. Double-click the header to sort the items. Click again to reverse the sort order.

The Details Pane displays four tabbed screens, which allow configuration and supply information for the Devices selected in the List Pane.

You must associate each device with the DC. Use the Realtime Monitor Realtime Monitor Console to do this.

Note: The DC checks every two minutes for a heartbeat from the device to make sure that the device is still responding.

2��

��

�!!��$6�&�!�,7��$6��!�5��$�5��

��$��:�)��$3A$��:��;4;�$��;5$;�The following section contains information about adding, modifying and deleting NetScreen devices from the Realtime Monitor.

��!�� To add a new NetScreen device:

1. Click the Devices button in the Control Pane if you are not already in the Device Management screen.

2. Click the Add button.


– Choose Add from the Edit menu.

– Right-click in the Device Name List Pane and choose Add Device from the popup menu.

Figure 6-2 Right-click in the Device Name List Pane

A screen with two tabs appears in the Details Pane, as shown in Figure 6-3.

��%��&��'��(�)��*��"�!� 2�

��

-/� ��2�&��$��$�5��

Figure 6-3 Device Configuration Screen, General Tab Selected

3. With the General tab selected, enter or select the requested information.

Serial number Enter the serial number of the NetScreen device. The serial number is located on the bottom of the device.

Login ID Enter the device login ID.

Login Password Enter the device password. It does not display.

Confirm Password

Enter the device password again to confirm it.

Contact Administrator

This is optional but useful in case of questions or problems.

Comments An optional field. Your comments are limited to 255 characters.

2��

��

�!!��$6�&�!�,7��$6��!�5��$�5��

�� You must supply the serial number and password so that Realtime Monitor Console can identify and authenticate the device.

You can find your device serial number in three locations. Your NetScreen device is shipped with a printed sheet that includes the serial number. The serial number is also printed on the bottom of your NetScreen device. Finally, you can find the serial number on the WebUI under the configure tab. It follows the Software Version number, as shown in Figure 6-4.

Figure 6-4 WebUI

4. When you have finished entering information on the General Tab, you have the option of entering polling attributes for each device at this time. To do this click the Polling Attributes Tab at the top of the Device Configuration screen. See “Polling Attributes” on page 6-14 for more information.

5. Click Update.

The new device appears in the Device Name List Pane.

For information on configuring the devices, see the individual Installer’s Guides or the NetScreen Concepts & Examples Guide.

3�� !��After adding new devices, go to “Managing Customers” on page 7-1. You need to enter the customers and then assign devices to groups and users.

Note: If you forget to click Update, Realtime Monitor Console asks you if you want to discard the new changes you have made.

��%��&��'��(�)��*��"�!� 2�1

��

-/� ��2�&��$��$�5��

Once you have added and configured your devices, you can then assign the devices to groups to be managed. You can assign a single device to multiple groups.

)��'�!�� To modify or edit a NetScreen device:

1. Click the Devices button in the Control Pane if you are not already in the Devices Management screen.

2. Select the desired device from the Device Name List Pane.

The Details Pane now displays four tabbed screens.

3. Make the necessary changes on the tabbed screens in the Details Pane.


��!�� To remove a specific device from the list:






– Right-click in the Device Name List Pane and choose Delete Device from the popup menu.

A message appears asking you to confirm your choice.

4. Confirm your selection, then click Yes.

Note: You can only edit one device at a time.

Note: Deleting devices from Realtime Monitor does not remove the devices or delete the configuration from NetScreen-Global PRO Policy Manager.

Caution Realtime Monitor Console allows you to delete multiple devices at once. Be careful to select only the device or devices you wish to remove.

2�2 ��

��

�� $�5��#��

;@ ��$��;5$;�4$��You can export device lists. This allows you to keep a copy of your current device list.

The Device List contains information such as:

• Serial Number

• Host Name

• IP Address

• Data Collector

• Administrator Name

• Administrator Password

When you select the Export command, you see a Save dialog box where you specify the files to import, as shown in Figure 6-5.

Figure 6-5 Export Save Dialog Box

1. Select the Export command from the File menu.

2. Browse to the desired file and click Save.

��%��&��'��(�)��*��"�!� 2�3

��

-/� ��2�&��$��$�5��

$) ��$��;5$;�4$��The Importing Device List command allows you to import device lists from either Policy Manager or a text file so that you do not have to add device information a second time.

$��!�� 4�� '�)��!��If you are using NetScreen-Global PRO Express Realtime Monitor together with NetScreen-Global PRO Policy Manager, you can import the device list.

Once you have entered a device or devices into Policy Manager, you can import the device list using the Import command from the File menu. The Device List contains information such as:

• Serial Number

• Host Name

• IP Address

• Data Collector

• Administrator Name


1. Select the Import command from the File menu.

An Open Dialog Box appears.

Figure 6-6 Import Open Dialog Box

Note: See your Policy Manager documentation for instructions on Exporting Device Lists.

2�4 ��

��

'% ��$�5��#��

2. Select the desired file and click Open. The Import Device List Dialog box opens, as shown in Figure 6-7.

3. You have two options, you can click the Start button to begin or choose to map IP addresses.

��$�� ! ��

You have the option of mapping the IP addresses. The mapped IP file uses the following format:

Mapped IP Address = Original IP Address

For example: 192.111.23.25 = 10.150.12.24

To automatically map you IP addresses:

1. Enable the Use Map IP check box.

2. Click the Load Map File button. Another dialog box appears.

3. Select the Map file and click Open. The Import Device List reappears.

4. Click Start Import to import the file.

Upon importation, the Realtime Monitor replaces the original IP address with the mapped IP address and communicates with the device to import the data needed from it.

Figure 6-7 Import Device List

��%��&��'��(�)��*��"�!� 2��

��

-/� ��2�&��$��$�5��

Once it reads the information, it adds the device to the Realtime Monitor system.

The status of the operation, for each device imported, is shown in a status screen. You receive a result for each device in the list.

Any errors that occur during the importation are described in the Error Description Pane.

$��!�� 4��3��You can also import device lists from a text file.

• SN = Serial Number

• HN = Host Name

• PDC = Primary Data Collector

• IP = IP Address

• User = Administrator Name

• Password = Administrator Password

This information should be entered on a single line for each device. For example,

SN=03000203,HN=ns100,PDC=10.150.41.233,IP=10.150.41.232,User=netscreen,Password=netscreen

While it is not necessary to populate every field, you must follow one of the following formats:

• IP=10.150.41.232,User=netscreen,Password=netscreen

• SN=03000203,HN=,PDC=10.150.41.233,IP=,User=,Password=

• SN=03000203,HN=ns100,PDC=10.150.41.233,IP=10.150.41.232,User=netscreen,Password=netscreen

��!��$��If you abort the Device List Import before it has completed, you receive a warning and the program closes.

You are prompted to log on to the system again.

Note: Since Policy Manager accepts NetScreen-Global Manager configuration files, you can import all of your NetScreen-Global Manager devices into the Realtime Monitor system.

2�.� ��

��

5��-��,�$"��

�;5$;��3$�0��$��You can configure individual NetScreen devices from Console via the WebUI.

/��0$Realtime Monitor allows you to select and launch your Web browser from within the program.

��'�/��6��#��You can specify the desired browser by choosing the Web Browser command from the Settings menu.

Once you have added a device, you can launch the WebUI from the popup menu the Device Name List Pane.

�� 4�� To launch the WebUI from the Device Name List Pane, first select a device from the Device Name List Pane, then right-click on that device to bring up the popup Configure button.

Click on the popup Configure button to launch the WebUI for that device.

Note: For more on device configuration, see the NetScreen Concepts & Examples Guide, or the Installer’s Guide for your particular NetScreen device.

��%��&��'��(�)��*��"�!� 2�..

��

-/� ��2�&��$��$�5��

Caution If you are using Policy Manager, any changes you make in Realtime Monitor will be overwritten when you update Policy Manager.

See your Policy Manager documentation for further details.

2�.� ��

��

5��5��

�;5$;��;��$4�An administrator can view details for a each NetScreen device:



3. Click the Details Tab in the Details Pane.

Figure 6-8 Devices Management Screen, Details Tab Selected

��%��&��'��(�)��*��"�!� 2�.

��

-/� ��2�&��$��$�5��

The Details Tab provides the following information. This is a read-only window.

�44$��$60�;�Realtime Monitor Console allows you to specify the protocol distribution polling interval and the policy table polling interval. The Console further allows you to select and customize the polling intervals to individual tables.

To specify the polling intervals for a selected device and enable specific tables:



3. Select the Polling Attributes tab in the Details Pane.

A screen with two panes appears, as shown in Figure 6-9 on page 6-15.

Device type The type of NetScreen device, for example: NetScreen-500.

Firmware version The NetScreen operating system that the device is running.

Description The device description, for example: Firewall + VPN.

Operation mode For example, NAT or Transparent mode.

Host name The name assigned to the device.

Domain This is present if a domain name is used, for example, netscreen.com.

IP address The IP address of the NetScreen device.

Startup time 7.

Note: For more information on setting report periods, alarm levels, etc. see the NetScreen Concepts & Examples Guide or the NetScreen ScreenOS Reference Guide.

2�.� ��

��

��$��"��

Figure 6-9 Device Configuration Screen, Polling Attributes Tab Selected

4. Enter the desired device polling intervals for the protocol distribution and policy table. The default is the minimum 60 seconds.

5. Select which tables you want to enable.


��%��&��'��(�)��*��"�!� 2�.1

��

-/� ��2�&��$��$�5��

�;5$;��$�3��)��$��The Contact information tab is a read-only screen, specific to that device.

To view the contact information for the selected device:



3. Select the Contact tab in the Details Pane.

The contact information includes:

• Contact Name

• Phone Numbers and Email addresses

• Physical Address

See “Adding User Contact Information” on page 5-8 for more information.

Figure 6-10 Device Configuration Screen, Contact Tab Selected

2�.2 ��

��

��$��$�5��"

��$��$��;5$;��0 You can assign a NetScreen device to a new group or remove it, with the proper privileges.

Refer back to “Assigning Devices to Groups” on page 4-17 for information on associating devices with specific groups.

��$��$��;5$;��&;��When you add a device to the system, you are prompted to assign it to the DC, so that the device can send all performance and fault related data to the DC.

Refer back to “Adding, Modifying, and Deleting Devices” on page 6-3 for information on associating devices with the DC.

Note: When your device connects to the DC the following message is generated in the Event Monitor: Device connected to Data Collector.

��%��&��'��(�)��*��"�!� 2�.3

��

-/� ��2�&��$��$�5��

2�.4 ��

��

��

)��!�!��The term Customer refers to a logical grouping of devices. You create and name customers to reflect device groups, or entities. These can be grouped by region, device types, separate NOCs, functions, and so on.

To manage customers, click the Customers button in the Control Pane.

This section explains how to:

• Add, Modify, and Delete Customers

• Associate Devices with Customers

• Associate Virtual Systems with Customers

��%��&��'��(�)��*��"�!� 3�.

��

-/� ��3�&��$��$�-"��%��

Click the Customers button in the Control Pane to open the Customer Management Screen.

The Customer Name List Pane now displays a list of customers. You can adjust the width of the Customer Name List Pane by moving the right border with the mouse. Until you create at least one customer, the Details Pane remains blank.

The Details Pane displays three tabbed screens: General, Devices, and Virtual Systems, which allow configuration and supply information for the customers selected in the List Pane.

For initial configuration, you must add the Devices before adding your Customers. See “Adding and Deleting Customers” on page 7-3.

Figure 7-1 Customers Management Screen

3��

��

�!!��$��!�5��$�-"��%��

Based on assigned privilege level, different users have access to different customer information:

• A user with administrator access sees a list of all customers.

• Regular users see only the customers that have been assigned to them.

��$��;4;�$��0��);��Adding or deleting a customers actually refers to creating or removing associations between customers and the Realtime Monitor Console.

��!��To add a new customer:

1. Click the Customers button in the Control Pane if you are not already in the Users Management screen.

2. Click the Add button in the toolbar.


– Choose Add from the Edit menu

– Right-click in the Customers Name List Pane, and select the Add Customer button from the popup menu.

Untitled appears in both the Customers Name List Pane and the details Pane, as shown in Figure 7-2 on page 7-4.

Note: In a service provider environment, the term “Customers” refers to subscribers to a service.

Note: Only an Administrator with privileges can modify customer information.

��%��&��'��(�)��*��"�!� 3�

��

-/� ��3�&��$��$�-"��%��

Figure 7-2 Customer Management Screen, General Tab Selected

3. With the General tab selected in the Details Pane, enter the requested customer information.


The new customer appears in the Customers Name List Pane.

3��!��

After adding customers, you must create associations between the components. See “Assigning Users to Groups” on page 4-10 for more details.

3��

��

�!!��$��!�5��$�-"��%��

��!��To delete a customer:

1. Click the Customers button in the Control Pane.

2. Click the Delete button in the toolbar.


– Choose Delete from the Edit menu

– Right-click in the Customers Name List Pane, and select the Delete Customer button from the popup menu.

You will be asked to confirm the deletion.

3. Click Update when done.

Note: Only an Administrator with privileges can modify customer information.

��%��&��'��(�)��*��"�!� 3�1

��

-/� ��3�&��$��$�-"��%��

��$��$��;5$;��/$�&�0��);��To assign devices to the selected customer:

1. Click the Customers button in the Control Pane if you are not already in the Customers Management screen.

2. Select the desired Customer from the Customers Name List Pane.

3. Click the Device tab in the Details Pane.

A list of Available Devices appears in the top panel.

Figure 7-3 Customers Management Screen, Device Tab Selected

4. Select one or more devices in the Available Devices list, then click Add.

Note: To add several devices at one time, either hold down the shift key while selecting sequential devices, or hold down the control key while selecting non-sequential devices.

3�2 ��

��

��$�5��0��/�-"��%��

To remove a device from this customer, select it in the list of Selected Devices, then click Remove.


�� 'To view information about a particular device associated with a customer:

1. Click the desired Customer in the Customer Name List Pane.

2. Click on the selected device. The Details Pane provides the following read-only summary, as shown in Figure 7-4 on page 7-8:

– Serial Number

– Firmware

– Host Name

– IP Address

– Domain Name

– Description

– Comments

Caution Beware that you cannot delete device history from a customer in the database.

��%��&��'��(�)��*��"�!� 3�3

��

-/� ��3�&��$��$�-"��%��

Figure 7-4 Customer Device Summary

��$��$��5$��0�4��A��;)��/$�&�0��);��To assign virtual systems to the selected customer:

1. Click the Customers button in the Control Pane if you are not already in the Customers Management screen.

2. Select the desired Customer from the Customers Name List Pane.

3. Click the Virtual Systems tab in the Details Pane.

3�4 ��

��

��$��"��7��%��0��/�-"��%��

Figure 7-5 Customers Screen, Virtual Systems Tab Selected

Click the desired virtual system in the Available Virtual Systems list, then click Add.

To remove a virtual system from this customer, select it from the list of Selected Virtual Systems, then click Remove.


��%��&��'��(�)��*��"�!� 3��

��

-/� ��3�&��$��$�-"��%��

3�.� ��

��

��

�'��&��This chapter provides a description of the System Health Viewer and explains the information it provides.

The System Health Viewer provides the following information on your Data Collector and Master Controller:

• Name

• IP Address

• Type

• CPU Load

• JVM Free Memory

• Heartbeat Interval

• Last Heartbeat

��%��&��'��(�)��*��"�!� 4�.

-/� ��4��7��%�:��/

The System Health button is located on the Control Pane of the Realtime Monitor Console.

Figure 8-1 System Health Button

Click this button to view read-only information about the DC and MC.

Figure 8-2 System Health Screen

&;�4�&��;��$4�The following table provides a quick overview to the information contained in the columns.

Name Refers to the names entered during configuration. When adding the Data Collector, the name specified in the Realtime Monitor Console is the DC name that appears in the System Health console.

IP Address The IP Address of the Server.

Type Function of the Server- DC or Master Controller.

CPU Load This is a percentage of the CPU load.

JVM Free Mem.

(Java Virtual Machine) Remaining percentage of allotted memory still free.

Interval Displayed in seconds. If the (current time and last heartbeat) is greater than the specified interval, it displays the server as down.

Last Heart-beat

The most recently recorded heartbeat.

Note: Like all tables in Realtime Monitor, you can customize the columns. See “Customizing Tables” on page 3-12 for details.

4��

��

��

)��The NetScreen-Global PRO Express Realtime Monitor Console is where you will spend much of your time. This is the main console for viewing realtime statistics for every device and virtual system configured for Realtime Monitor.

At-a-glance features include:

• A visual and printed display of how many devices and virtual systems are currently up and how many are down.

• Device annotation, which allows you to detect and address instantly, any device that has exceeded the configurable limit of events.

• A color-based histogram which provides a filtered event summary.

Use the Realtime Monitor Console to:

• Create and apply filters to your realtime data.

• Access the Control Pane buttons:

– Event Monitor Viewer

– Device Monitor Viewer

– VPN Device Monitor Viewer

• View active filters

• Access the Filter Editor for creating and applying both Monitor and Display filters.

• Access detailed realtime reports for each device.

• View summary statistics.

��%��&��'��(�)��*��"�!� ��.

-/� ��&��-��

�;��$��&;�)��$��4;The Monitor Console provides real-time data about your NetScreen devices. Click the Monitor Console button on the Control Pane of the Realtime Monitor Console to open the Monitor Console.

Click the Monitor Console button in the Control Pane to launch the Monitor Console..


��

��

&��-��

)��$��4;�There are four panes in the Monitor Console, as shown in Figure 9-2 on page 9-3:

• Device Summary Pane

• Control Pane

• Display Filter List Pane

• Filter Summary Pane.


As with the Realtime Monitor Console, you can manually adjust the pane sizes narrower or wider.

You can also use the border arrows between the Display Filter Pane and the Filter Summary Pane. Click the top arrow to enlarge the Display Filter Pane to full screen. Click the lower arrow to expand the Display Filter Pane.

Device Summary Pane

Control Pane

Display Filter Pane Filter Summary Pane Filter Summary

��%��&��'��(�)��*��"�!� ��

-/� ��&��-��

)��)��6��The Monitor Console Menu Bar contains the following commands:

��The Monitor Console provides you with additional configurable options. Click the Options command on the Tools menu to open the options window. The Options window contains three tabbed screens.

• General

• Color Mapping

• Event

• Quick Filters

��

From the General Tab, you configure the polling interval and monitor buffer (maximum number of events or maximum memory usage).

The General Tab also contains the “timestamp” setting, used to query the server when the system connects for the first time.

Note: You can have multiple event monitoring views, but only one per filter.

File Exit Exit the Realtime Monitor.

View Event Monitor Opens the Event Monitor.

Device Monitor Opens the Device Monitor.

VPN Monitor Opens the VPN Monitor.

Toolbar Names This toggle switch allows you to turn the toolbar icon names off and on.

Tools Abort Query This allows you to abort a query.

Monitor Filter Opens the Monitor filter.

Display Filter Opens the Display Filter Editor.

Options Opens option window for changing configuration of polling interval, event viewer cache, color mapping, summary views, and device annotation.

Help About Version and copyright information.

Help Topics Launches the table of contents for the Help system.

��

��

&��-��

Figure 9-3 Options General Window

Device Statistics Polling Interval

You can configure the polling interval in seconds. This refers to how often the DC polls the device. The default interval is 120 seconds.

Event Viewer Cache

The Event Viewer cache refers to the size of the monitor buffer. You have the option of setting this either to the maximum number of records (events) or the maximum memory usage. The default for the maximum number of records is 65,000 records. The default for the maximum memory usage is 15 megabytes (MB).

�"�"� ��!!��&

Realtime Monitor assigns colors to the severity levels of events for quick recognition.

Use the color mapping screen to customize the color associations for different severity levels.

The default colors are shown below. There are 6 severity levels in the system, ranging from critical to clear.

��%��&��'��(�)��*��"�!� ��1��

-/� ��&��-��

Figure 9-4 Options Color Mapping Screen

To change the color of a particular message severity level, click the desired drop-down list box. A color selection screen opens with three tabbed screens. Use these screens to fine-tune your color customization.

Swatches

The swatches screen of the color selection screen allows you to choose different colors for your severity level indicators.

You can view your colors choices in the Preview Panel. You can also select recent color choices. Click Reset to return to the last color saved.

��2 ��

��

&��-��

Figure 9-5 Swatches Screen

View your colors choices in the Preview Panel. The last color saved is presented in the upper half of the color bar sample, as shown in Figure 9-6. Click Reset to return to the color shown in the color bar sample.

Figure 9-6 Preview Panel

HSB

This screen allows you to adjust the hue, saturation, and brightness of the color.

You can view your colors choices in the Preview Panel. Click Reset to return to the last color saved.

��%��&��'��(�)��*��"�!� ��3��

-/� ��&��-��

Figure 9-7 HSB Screen

RGB

This screen allows you to adjust the amounts of red, green, and blue in the color.

You can view your colors choices in the Preview Panel. Click Reset to return to the last color saved.

Figure 9-8 RGB Screen

��4 ��

��

&��-��

�#��

This screen allows you to configure the maximum number of summary views the Details Pane displays at one time. You can also configure the device annotation features.

Figure 9-9 Options Event Screen

Maximum Number of Summary Views

Using the Event Settings tab, you can configure the maximum number of event summary views the Details Pane displays at one time.

The default number is set to four, as shown in Figure 9-11 on page 9-11. To view more summary histograms, change the maximum number.

��%��&��'��(�)��*��"�!� ��

-/� ��&��-��

Figure 9-10 Summary Views

If you exceed the specified number, you receive an error message.

�� *�

You can specify that all events display the time in GMT zone for consistency. This is the default position. If you would

Device Annotation

The Event settings tab allows you to specify when to annotate devices. You set the severity level and the maximum count. When an event of the specified severity occurs the set number of times, an annotation, in the form of a red exclamation point, appears on the device icon in the Device Summary Pane, as shown in Figure 9-11 on page 9-11.

For example, an event is critical, and the threshold is set to four, the device is annotated after four unacknowledged critical events.

��.� ��

��

&��-��

Figure 9-11 Devices with Annotation

Acknowledgement

To acknowledge an event, right-click on the device icon. Select the Acknowledge command from the Popup menu.

You can also acknowledge by clicking on the device to bring up the device summary report.

Figure 9-12 Device Summary Popup Menu

The default settings are as follows:

• Annotation Severity level: Critical

��%��&��'��(�)��*��"�!� ��..��

-/� ��&��-��

• Annotation Event maximum count: One

,��- '��

This screen allows you to create filters on the fly while in the Event Monitor. Configure the Quick Filter perimeters using this options tab.

Figure 9-13 Options Quick Filter Screen

Device

Choose either Selected Device or All Devices to include in your Quick Filters.

Events

Specify only the Selected Event or All Events be included.

And/Or Severity Level

Use the drop down menu to specify And or Or. This allows you to expand or restrain the severity level as a condition.

��.� ��

��

&��-��

��<��=��'The Abort/Start Query command in the tools menu, is a mechanism you can use to override the default Monitor Filter. This is useful for troubleshooting.

When you first open the Realtime Monitor Console, the program automatically starts to get the recent history from the realtime buffer as well as the current timestamp for all devices. The Abort Query command stops the sending of data to the console.

If, for example, you open the Monitor Console but would like to change the default Monitor Filter, rather than waiting for the default Monitor Filter to initialize all the devices, you can stop the query, You can then define a new Monitor Filter. Select the Start Query to start when you apply the new Monitor Filter.

The status bar displays the query progress. You cannot begin a new query until the aborted query is completed.

)��The toolbar is detachable. Using your mouse on the grip, you can drag the toolbar to your desktop. Return the toolbar by clicking the close button.

The toolbar contains an Exit tool, a Display Filter tool, and the Help icon. Click Display Filter to open the Display Filter Editor.

Figure 9-14 Monitor Console Toolbar

See “Display Filters” on page 10-21 for more information on using the Display Filter toolbar button.

�� '� ��The Device Summary Pane appears in the upper left corner of the Monitor Console.

��%��&��'��(�)��*��"�!� ��.��

-/� ��&��-��

Figure 9-15 Device Summary Pane

The Pane header provides a quick status of all devices. In Figure 9-15, the header indicates that six devices are up and none are down.

��.� ��

��

&��-��

The Device Summary Pane displays the following at-a-glace device information:

• Device Status

• Virtual Systems

• Device Annotation

• Launch Device Statistics

�� The Pane header provides a quick status of all devices. In Figure 9-15 on page 9-14, the Pane header indicates that seven devices are up and one is down. The devices themselves are color-coded; green device icons indicate up and running status while red device icons indicate down status.

If a device is down, only the serial number is displayed.

.�� (�#��

You can hide or collapse the list of devices. Click the NetScreen toggle switch to the left of the Netscreen icon to expand and collapse the list of devices.

Figure 9-16 Device Summary Pane Collapsed

Click the toggle switch again to expand the list.

��%��&��'��(�)��*��"�!� ��.1��

-/� ��&��-��

Figure 9-17 Device Summary Pane

5��'��Virtual Systems (vsys) appear as indented lavender devices in the Device Summary Pane.

�� When an event of a specified frequency occurs a set number of times, an annotation, in the form of a red exclamation point, appears on the device icon in the Device Summary Pane, as shown in Figure 9-17.

To remove the annotation, you must acknowledge it. To acknowledge an event, right-click on the device icon. Select the Acknowledge command from the Popup menu.

��.2 ��

��

&��-��

4�� To view individual device statistic reports, double-click on an individual device in the Device Summary Pane.

– You can also select the device in the Device Summary Pane and right-click. Select Statistics from the popup menu.

Figure 9-18 Device Summary Pane Popup

The Device Statistics Screen opens, as shown in Figure 9-19 on page 9-18.

See “Realtime Reports” on page 14-1, for more information.

Note: For more on Device annotation information, see “Device Annotation” on page 9-10.

��%��&��'��(�)��*��"�!� ��.3��

-/� ��&��-��

Figure 9-19 Device Statistics Screen

Note: For more information on device statistics see, “Obtaining Statistic Reports” on page 14-5.

��.4 ��

��

&��-��

�� Use the buttons in the Control Pane to access the Event Monitor Viewer, Device Monitor Viewer, and the VPN Monitor Viewer.

Figure 9-20 Control Pane

See the individual chapters; “Event Monitor” on page 11-1, “Device Monitor” on page 12-1, and “VPN Monitor” on page 13-1 for details.

��'�3��4�� The Display Filter List Pane appears in the middle of the Monitor Console.

Figure 9-21 Display Filter List Pane

The Display Filter List Pane displays the names of the currently applied display filters for the selected device.

You can right-click on a filter to evoke a popup menu, as shown in Figure 9-22 on page 9-20.

��%��&��'��(�)��*��"�!� ��.��

-/� ��&��-��

Figure 9-22 Display Filter List Pane, Right-Click popup

It displays the filters you are currently applying. From this pane you can:

• View Active Filters

• Modify Active Filters

• Delete Active Filters

• Launch the Event Monitor Viewer

See “Filters” on page 10-1 for more information on viewing, modifying, deleting, and launching filters.

��

��

&��-��

3��'� ��The Display Filter List Pane displays realtime filter summaries. The color-based histograms, provide at-a-glace information on the events for each filter.

Each histogram displays a legend or key defining the elements within the histogram.

The active summary is highlighted.

Figure 9-23 Filter Summary Pane

For more information of filters, see “Display Filters” on page 10-21.

Note: The status bar at the bottom of the screen displays the active filter.

��%��&��'��(�)��*��"�!� ��.��

-/� ��&��-��

��

��

��

3��A filter is defined as a set of one or more conditions. Filters provide you control over your data. Without filtering, you receive an enormous amount of data, which is cumbersome and inefficient to work with.

Using a powerful Filter Editor, the Realtime Monitor lets you create and apply filters to your device data. Filters allow you to specify the information and time period that you are interested in and omit information that is not relevant to your query.

The Realtime Monitor provides Three types of filters:

• Monitor Filters

• Display Filters

• Quick Filters

The Monitor Filter query the server for information that meets your criteria. Display filters allow you to filter a sub-set of the data. Quick filters allow you to view all similar events while in the Event Monitor Viewer.

Monitor filters and Display filters are further explained later in this chapter. For information on Quick filters, see “Quick Filters” on page 11-9.

5$;/��$5;�3$4�;��Filter names are displayed in the Filter List Pane while the Filter Summaries are displayed as histograms in the Filter Summary Pane.

From the Filter List Pane you can right-click to open a popup menu.

Click to select a filter from the Filter List Pane. The selected filter becomes highlighted in both the Filter List Pane and in the Filter Summary Pane.

��%��&��'��(�)��*��"�!� .��.

-/� ��.��8��

Figure 10-1 Monitor Console with Four Filters

��#� '�� *��

You configure the maximum number of Filters that you want to view. The default is set to four. To change the configuration, see the Events tab on page 9-9.

Once you have reached your filter limit, you cannot create new filters, including Quick Filters. If you try to add additional filters, you receive an error message, as shown in Figure 10-2 on page 10-3.

.��

��

��0��8��

Figure 10-2 Exceeds Maximum Allowable Filters

Solutions to this problem include:

• Go back to the Options command in the Tools menu of the Realtime Monitor. Here you can change the Summary limit.

• Delete unused filters from the Filter List Pane. See “Delete Active Filters” on page 10-4 for instructions.

)��'�� 3��You can modify a filter from the Filter List Pane.

Figure 10-3 Filter List Pane Popup

1. Right-click on the desired filter from the Filter List Pane.

2. Select the Modify command from the popup menu, as shown in Figure 10-3. This opens the Filter Editor.

3. Make the desired changes to the Filter Editor.

– See “Filter Editor” on page 10-5 for details.

4. Click Update.

5. To apply the modified filter click the Apply Filter button.

6. If you want to save your modifications, click the Save Filter button.

��%��&��'��(�)��*��"�!� .��

-/� ��.��8��

�� 3��To delete a filter:

1. Right-click on the filter from the Filter List Pane.

2. Select the Delete command from the popup menu.

3. You are asked to confirm your deletion, as shown in Figure 10-4.

Figure 10-4 Filter Deletion Confirmation

4. Click Yes to confirm. The filter disappears from the Filter List Pane and the Filter Summary Pane.

.��

��

8��!��

3$4�;��;�$��Use the Filter Editor to create, save, and apply filters, based on conditions. The Filter Editor also provides a Timestamp feature so that you can extract very specific data.

Open the Filter Editor by clicking the filter commands on the Tool menu.

Figure 10-5 Filter Editor

��%��&��'��(�)��*��"�!� .��1��

-/� ��.��8��

3��;��)��6��The Filter Editor Menu Bar contains the following commands:

3��;��The Filter Editor comes with a detachable toolbar. Using your mouse on the grip, you can drag the toolbar anywhere on your desktop. Return the toolbar by clicking the close button. The Filter Editor Toolbar contains the following commands:

Figure 10-6 Filter Editor Toolbar

File Add Filter Create a new filter.

Open Filter Open an existing filter.

Save Filter Save the filter you have created or modified.

Delete Filter Delete the specified filter. You must confirm your deletion.

Exit Exit the Event Monitor.

Edit Add Condition Allows you to add additional conditions to a filter.

Delete Condition Allows you to delete conditions from a filter.


Note: When you detach the toolbar, a new icon appears on the status bar.

.��2 ��

��

8��!��

The seven buttons in the Filter Editor toolbar are defined below.

Button Function

Save Filter Save the filter you have created or modified.

Open Filter Open an existing filter.

Modify Filter Modify an existing filter.

Add Condition Allows you to add conditions to a filter.

Delete Condition Allows you to delete conditions from a filter.

Help Click to get more information.

Update Click to update changes.

��%��&��'��(�)��*��"�!� .��3��

-/� ��.��8��

3��;�� The Filter Editor consists of three main panes:

• Filter Pane

• Filter Preview Pane

• Filter Summary Pane

3�� The Filter Pane displays the condition name. When you add conditions they appear as “OR” clauses in the Filter Pane.

Figure 10-7 Filter Pane

3�� #� ��The Filter Preview Pane provides a description of the filter, including the filter name, filter conditions, and the parameters selected.

Figure 10-8 Filter Preview Pane

Note: Like many windows in NetScreen-Global PRO Express, the individual panes can be resized by grabbing and dragging the borders.

.��4 ��

��

8��!��

3��'� ��Use the Filter Summary Pane to specify the condition names and define the filter parameters. Using a timestamp and and/or Boolean logic, you apply conditions to the devices, the events, and the severity levels of those events.

Figure 10-9 Filter Summary Pane

��*��*!

You can use the timestamp feature to include only events after a specified date and time. To enable the timestamp feature, select Include only events with last occurrence after: and use the drop down calendar to specify the date.

��%��&��'��(�)��*��"�!� .��

-/� ��.��8��

Figure 10-10 Drop Down Calendar

You can define a condition using the following:

• Devices

• Virtual System

• Event Group

• Event Type

• Severity Level

Use Boolean operators and and or to configure the conditions.

(�#�� "� /�%�

Double-click the All Devices icon to expand the view. You can select single or multiple device, using the Control key with the mouse.

�#�� &�"�! �� #�� %!�

Double-click the All Events icon to expand the view. Click the toggle buttons to expand the event types. You can select single events or multiple events using the Control key and the mouse.

��#��% �#��

Choose an operator, and/or and select the severity level from the drop down text box. There are six degrees of severity, ranging from “Clear” to “Critical.” See “Device Summary Pane” on page 9-13.

Using and/or you string conditions together. Use or in the filter if you don’t want to specify a severity level.

.��.� ��

��

8��!��

��!��3��To add a new filter to either the Monitor Filter or the Display Filter:

1. From the appropriate Filter Editor Screen, select the Add Filter command from the File menu.

2. Enter a Filter Name and a descriptive Condition Name in the Filter Summary Pane.

Figure 10-11 Defining A Filter

The condition name appears in the Filter Pane.

3. Specify the device, devices, and virtual systems.

Note: By default there is no monitor filter when you first start the system. The result is that the server sends all events for all devices, event types, and severity levels.

��%��&��'��(�)��*��"�!� .��..��

-/� ��.��8��

Double-click the All Devices icon expand the device list. Click the toggle buttons to view virtual systems, as shown in Figure 10-12 on page 10-12.

Figure 10-12 Filter Devices Field

4. Specify the Events, or Event types.

Select All Events or double-click the All Events icon to view the event groups. Click the toggle buttons to access individual event types, as shown in Figure 10-13.

Figure 10-13 Filter Event Field

5. Choose between and and or to include event severity level.

Figure 10-14 Drop-Down Conjunction Box

Use the drop-down menus to select the severity levels.

Note: The “And” conjunction between devices and events or severity levels is not optional.

.��.� ��

��

8��!��

Figure 10-15 Severity Levels Text Box

6. Click Update when done.

The Filter Pane displays the Condition name while the Filter Preview Pane displays text description of the filter.

You can choose to apply the filter at this point. It is not necessary to save a filter to use it only once.

7. Click the Save Filter button on the Toolbar to save the filter. At the prompt enter a descriptive filter name.

Saving a filter does not automatically apply the filter to the data.

8. To apply the active filter to the device data, click the Apply button.

9. Exit the Filter Editor to return to the Realtime Monitor screen.

The new filter name appears in the List Pane of the Realtime Monitor and the filter view appears in the Details Pane, as shown in Figure 10-16 on page 10-14.

��%��&��'��(�)��*��"�!� .��.��

-/� ��.��8��

Figure 10-16 Realtime Monitor Screen, Added Filters

��!��You can add conditions to existing filters to omit unnecessary data. To add a condition, do the following:

1. Open an existing filter, either by clicking the Open Filter button.

– You can also select the Open Filter command from the File menu.

2. Click the Add Condition button.

– You can also select the Add Condition command from the File menu.

.��.� ��

��

8��!��

3. Enter the new Condition Name in the Filter Summary Pane and specify the condition.


The added condition appears in the Filter Pane under the last condition. The Filter Preview displays the added condition at the bottom, as shown in Figure 10-17 on page 10-15.

Figure 10-17 Added VPN-Down Condition

You have the option of saving the new filter, in which case you click the Save button. It is not necessary to save the filter to use it immediately, however. What’s more, saving the filter does not automatically apply the filter.

You must click the Apply button to apply the filter.

��%��&��'��(�)��*��"�!� .��.1��

-/� ��.��8��

��!��You can delete conditions from existing filters to broaden the filter. To delete a condition, do the following:

1. Open an existing filter, either by clicking the Open Filter button.

– You can also select the Open Filter command from the File menu.

2. Highlight the condition that you want to delete.

3. Click the Delete Condition button.

– You can also select the Delete Condition command from the File menu.


The deleted condition disappears from the Filter Pane. The Filter Preview displays the modified condition.



�� !�3��To save a filter you must click the Save button or select the Save command from the File menu.

See “Display Filters” on page 10-21 and “Monitor Filters” on page 10-19 for further definitions.

Caution The last selected condition is deleted when you click the Delete Condition button. If you accidently delete the wrong condition, do not save. Close and begin again.

.��.2 ��

��

8��!��

Figure 10-18 Save Display Filter

)��'�!�3��Select and open an existing filter to modify it. You can select specific devices or Vsys. You can add, modify, or delete parameters.

1. Open and make the desired changes to the Filter Editor.

2. Click Update.



Caution You must use the save command to save filters. Update sends the information to the database but does not save your condition. Apply allows you to use the new filter but also does not save it.

Note: You can modify a filter by right-clicking on it in the Filter List Pane.

��%��&��'��(�)��*��"�!� .��.3��

-/� ��.��8��

��!�3��To remove a filter:

1. Select the Delete Filter command from the File menu.

2. Choose the unwanted filter from the dialog box, and click Delete.

3. You must confirm your deletion.

Figure 10-19 Deletion Confirmation Dialog Box

.��.4 ��

��

&��8��

)��$��3$4�;��Use the Monitor Filter to filter information from the devices to the DC. Use the Monitor Filter Editor to create, save, and apply monitor filters. Configure conditions for the devices, event types, and severity level using the Monitor Filter Editor. This insures that you get only the information that you need.

Figure 10-20 Monitor Filter Editor

Note: By default, when the system starts for a given profile, there is no monitor filter. Therefore, events for all devices, event types, and severity levels are sent from the server.

��%��&��'��(�)��*��"�!� .��.��

-/� ��.��8��

Double-click the All Devices icon expand the device list. Click the toggle buttons to view virtual systems, as shown in Figure 10-12 on page 10-12.

��!��)��3��Define a monitor filter using the Monitor Filter Editor. Monitor Filters are saved as .nmf (NetScreen Monitor Filter) files.

You can load a saved filter into the Filter Editor for further editing. Use the filter name to identify the currently active filter.

Apply a filter by resetting the Monitor Console or by saving the new filter as the default for next use.

��'�!��)��3��Click the Apply Filter button on the toolbar to make the new filter the default.

You can have only one Monitor Filter per system. The last monitor filter you apply becomes the default for that profile.

.��

��

5�� 7�8��

�$� 4�A�3$4�;��The display filter provides a subset, or further filtering, of the data that the monitor filter collects.

When you create, name or apply a display filter, it appears in the Filter List Pane of the Monitor Console. Depending on the configuration, the filter might be automatically added to the event summary view.

��!��'�3��Define a Display filter using the Display Filter Editor. Display Filters are saved as .ndf (NetScreen Display Filter) files.

You can load a saved filter into the Filter Editor for further editing. Use the filter name to identify the currently active filter.

��'�!��'�3��Clicking the Apply Filter button adds the new filter to your list of display filters. You should see the name of the filter and a summary view appear on your monitor console.

=0$?�3$4�;��While in the Event Monitor you can create a filter on the fly. A Quick Filter creates an instant filtered view of all related events. You configure the Quick Filter via the Options command on the Tool menu of the Monitor Console. See “Options Command” on page 9-4 for configuration details.

Use the Quick Filter by right-clicking in the Event Monitor. See “Quick Filters” on page 11-9, for more information.

��%��&��'��(�)��*��"�!� .��.��

-/� ��.��8��

.��

��

��

; ��)��The Event Monitor displays a realtime view of faults and logs. Events for all devices governed by the administrator are displayed. This allows you to view all device events in one screen. These events are color-coded by severity, for quick recognition and access.

Additional Realtime Event Monitor features include:

• Column Customization

• Save and Print Capabilities

• Event Details

• Quick Filter

Figure 11-1 Event Monitor Screen

��%��&��'��(�)��*��"�!� ..�.

-/� ��..��&��

4�0�&$��&;�;5;��)��$��5$;/;�You can launch the Event Monitor Viewer for a specific filter from the Filter List Pane.

1. Select the desired Filter Summary Histogram from the Filter Summary Pane of the Monitor Console.

2. Click the Event Monitor button in the Control Pane. The Event Monitor Viewer opens to the events in that filter.

– You can also double-click on a Filter Summary Histogram to launch the Event Monitor Viewer or use the Event Monitor command from the View menu.

Figure 11-2 Event Monitor Viewer

Note: You can have multiple event monitoring views, but only one per filter.

..��

��

��&��&��"�;��

The Event Monitor provides the following details in a columnar format:

Figure 11-3 Sample Event Log

;5;��)��$��);�0�6��The Event Monitor Menu Bar contains the following commands:

• Host Name/IP Address •Last Occurrence

• Event Type • Severity

• Event Sub Type •Count

• First Occurrence • Summary

•Virtual Systems

File Save Save event log files in a Microsoft® Excel .csv format. NetScreen-Global PRO saves to a Reports directory.

Print Print event log files.

Exit Exit the Event Monitor.

View Pause/Play Command toggles. The Pause command prevents the view from being refreshed when the data is sent to the client. The Play command resumes sending data. No data is lost during pause.

Refresh Contacts the Data Collector for the latest data.

Column Opens a submenu of column options. Select from the following column choices: serial number, type, host name, status, firmware version, operation mode, and heartbeat.



��%��&��'��(�)��*��"�!� ..��

-/� ��..��&��

; ��)��6��

Figure 11-4 Event Monitor Toolbar

The toolbar is detachable. Using your mouse on the grip, you can drag the toolbar to your desktop. Return the toolbar by clicking the close button.

��9�!��; ��)��5��#You can configure the following elements in the Event Monitor Viewer.

• Filter for specific types of events or devices.

• Reorder the columns using the drag and drop feature.

• Reverse the sort with a single click in the column header.

• Sort the devices by assigning a sort column.

• Resize columns to fit your screen.

�40)��))��You can filter the Event Monitor for specific types of events or devices using the Columns submenu in the View menu.

• Count

• Event

• First Occurrence

• Host name/IP

• Last Occurrence

Note: Clicking the Pause button does not cause any data to be lost. Click Play to resume.

Note: The buttons on the toolbar function like the menu commands. See the “Event Monitor Menu Bar” on page 11-3 for details.

..��

��

-��"%��-�%%��!

• Severity

• Summary

• Vsys

Figure 11-5 Configure Columns

The Configure Columns window displays two panels, the Available Columns and the Selected Columns.

To specify the columns to the Event Monitor view, select column names from the Available Columns panel and click Add.

To filter columns from the Event Monitor view, select column names from the Selected Columns panel and click Remove.

��%��&��'��(�)��*��"�!� ..�1��

-/� ��..��&��

��9�!��All customizable tables and viewers in Realtime Monitor are profile driven. This means that once an administrator customizes the columns of a Viewer, the program remembers the column configuration for that administrator.

Select the columns you want to view as well as the ordering of the columns within the view.

• Reordering Columns

• Sorting

• Resizing

��!��You can customize the way the columns are displayed by rearranging or changing the order in the tabular view. To move a column, drag and drop the column header left or right to the new position. The change is automatically saved.

��!You can sort any visible column in ascending or descending alphabetical order. The new data pushed from the DC is then visible, depending on the sorting parameters you have chosen. The default sorting is time based. Click on the column header to assigning a sort column. The selected sort column displays an upward or downward pointing arrow in the header. This arrow indicates either ascending or descending sort order.

Click again to sort the column. Repeating the process reverses the sort order.

��9�!��You can change the width of the columns. Select either edge of column header and move to the left or right.

..�2 ��

��

-��"%��-�%%��!

�� !�; ��4�!�You can save event log files in an Excel format. To capture a file:

1. Click the Pause button to stop the flow of data to the Event Monitor.

– You can also select the Pause command from the View menu.

2. Click the Save button or select Save from the File menu.

Realtime Monitor opens a default Reports directory. You have the option of selecting a different directory.

3. Title the file and click Save.

The file appears with the Excel extension,.csv.

��< ��'The Pause command toggles between pause and play. Click the Pause button to temporally stop the flow of data to the Realtime Event Monitor viewer. The button changes to the Play button.

Click the Play button to resume the flow of data. The button once again changes to the Pause button.

�� Specific device activity generates the following messages:

• Device connected to the DC

• Device disconnected from the DC

• No heartbeat received by DC

��%��&��'��(�)��*��"�!� ..�3��

-/� ��..��&��

;5;��;��$4�You can get more information about a particular event by double-clicking anywhere in that event. This opens an Event Details screen, as shown in Figure 11-6.

Figure 11-6 Event Details Screen

The Event Details screen provides the following information:

• Host name/IP Address

• Vsys

• Event

• Severity

• Count

• First Occurrence

• Last Occurrence

• Event Summary

Further, there is pane for Additional Information about the event.

..�4 ��

��

<"��=�8��

=0$?�3$4�;��While in the Realtime Event Monitor Viewer you can create a Quick Filter. A Quick Filter creates an instant filtered view of all related events.

Figure 11-7 Quick Filter Pop Up

To use the Quick Filter:

1. Select a specific event from the Event Monitor Viewer.

2. Right-click to bring up the Quick Filter Pop up.

3. Click the Quick Filter command. A new Event Monitor Viewer opens with the new event title in the title bar. All occurrences of this event are listed.

��%��&��'��(�)��*��"�!� ..��

-/� ��..��&��

Figure 11-8 Traffic Alarms Event Viewer Created with Quick Filter

When you return to the Monitor Console you see the new Quick Filter name. In this example Traffic Alarms is displayed in the Filter List Pane and the Filter Summary Histogram displayed in the Filter Summary Pane, as shown in Figure 11-9.

..�.� ��

��

<"��=�8��

Figure 11-9 Report Manager Realtime Monitor Console

The new filter behaves exactly as your other filters. You can modify it, delete it, save it, and so on. See on page 10-1 for details on working with filters.

��%��&��'��(�)��*��"�!� ..�..��

-/� ��..��&��

..�.� ��

��

��

�� )��The Device Monitor displays a Realtime device-monitoring viewer for all devices. This applies to all the devices in the device view or devices included in the monitor filter. The red and green status icons allow you can see at a glance which devices are up (green) or down (red).

Figure 12-1 Device Monitor Screen

The Device Monitor provides the following details:

• Device Serial Number • Firmware Version

• Host Name/IP Address • Operation Mode

• Status • Last Heartbeat

• Device Type

��%��&��'��(�)��*��"�!� .��.

-/� ��.��5��&��

�;5$;�)��$��);�0�6��The Device Monitor Menu Bar contains the following commands:

�� )��6��

Figure 12-2 Device Monitor Toolbar




Exit Exit the Device Monitor.

View Pause/Play Command toggles. The Pause command prevents the view from being refreshed when the data is sent to the client. The Play command resumes sending data. No data is lost during pause.

Column Opens a submenu of column options. From the follow-ing column choices, select which column choices to dis-play: Serial number, Type, Host name, Status, Firmware version, Operation mode, and Heartbeat.



Note: Clicking the Pause button does not cause any data to be lost. Click Play to resume.

Note: The buttons on the toolbar function like the menu commands. See the “Device Monitor Menu Bar” on page 12-2 for details.

.��

��

-"��%�>��$��/��5��&��0

0��)$B$��&;��;5$;�)��$��5$;/You can customize the Device Monitor view:

• Select the desired columns from the View menu.


• Sort the devices by assigning a sort column.



��You can filter the Device Monitor for specific types of events or devices using the Columns submenu in the View menu.

Figure 12-3 Device Monitor Configure Columns

The Configure Columns screen displays two panels, the Available Columns and the Selected Columns.

To specify the columns to the Device Monitor view, select column names from the Available Columns panel and click Add.

To filter columns from the Device Monitor view, select column names from the Selected Columns panel and click Remove.

��%��&��'��(�)��*��"�!� .��

-/� ��.��5��&��

��9�!��Select the columns you want to view as well as the ordering of the columns within the view.


• Sorting

• Resizing


��!Sort the devices by assigning a sort column. You can sort any visible column in ascending or descending alphabetical order. The new data pushed from the DC is then visible, depending on the sorting parameters you have chosen. The default sorting is time based. Click on the column header to assigning a sort column. Click again to sort the column. Repeating the process reverses the sort order.


��< ��'The Pause command toggles between pause and play. Click the Pause button to temporally stop the flow of data to the Device Monitor viewer. The button changes to the Play button.


.��

��

5��5��

�;5$;��;��$4�You can view details for any active device in the Device Monitor view. Access the Device Details screen by double-clicking on the desired device in the device Monitor.

Figure 12-4 Device Details

The device details screen provides the following information for the selected device.

Device The name, serial number and IP address of the device.

Version and Mode The version, type of device, and operation mode.

Data Collector IP Address The IP address of the Data Collector.

Severity chart The number and grade of alarms.

Attack Alarms The number of attack alarms.

Traffic Alarms The number of traffic alarms.

Misc. Alarms The number of miscellaneous alarms.

Configuration Logs The number of configuration logs.

Information Logs The number of information logs.

��%��&��'��(�)��*��"�!� .��1��

-/� ��.��5��&��

Traffic Logs The number of traffic logs.

Self Logs The number of self logs.

Interface Information The type of interface used.

Vsys Information The number of Vsys.

Date of Last Event The most recent event, including heartbeat.

Device Status The up or down status of the device.

.��2 ��

��

��

5 ��)��The VPN Monitor displays an up to the minute list of all VPN-related events. Further it shows the status; up or down, of all VPN tunnels, for all the monitored devices. This applies to all the devices in the device view or devices that included in the monitor filter. When a VPN tunnel is down it is because the Realtime Monitor does not detect an active heartbeat.

Figure 13-1 VPN Monitor Screen

The VPN Monitor lists the devices, together with the following information:

• Device Serial Number

• Vsys

• Status

5 ��)��)��6��The VPN Monitor Menu Bar contains the following commands:



Exit Exit the VPN Monitor.

��%��&��'��(�)��*��"�!� .�.

-/� ��.��&��

5 ��)��6��

Figure 13-2 VPN Monitor Toolbar


��6��Use the Details button or the Details command in the View menu to see additional information about a specific device or VPN. Select the desired VPN tunnel, and click the Details button.

This is useful for troubleshooting your VPN tunnels.

View Details Provides individual VPN details including: host name, severity, vsys, summary, time, and count.

Active VPN Displays information for currently active VPN tunnels.

Refresh Contacts the Data Collector for the latest data.



Note: The buttons on the toolbar function like the menu commands. See the VPN Monitor Menu Bar for details.

.��

��

Figure 13-3 VPN Events Screen

You can use the View menu to view the following details

�� 6��Use the Active button or the Active command in the View menu to view information about all VPNs for a specific device at the same time. Select the desired device, and click the Active button. The Active VPN Window opens, as shown in Figure 13-4 on page 4.

•Event • Severity

• First Occurrence • Summary

• Last Occurrence • Count

Note: For customizing columns, see “Customizing Columns” on page 13-6.

��%��&��'��(�)��*��"�!� .��

-/� ��.��&��

Figure 13-4 Active VPN Window

Use the View menu to view the following Active VPN details:

• VPN Tunnel Name • Authentication

• Policy ID In/Out • Key

• Local Gateway ID • VPN Type

• Peer Gateway ID • Lifetime P1

• Local Gateway IP • Lifetime P2

• Peer Gateway IP • Life Size

• Local Address • P1 Status

• Monitor • P2 Status

• Tunnel • P1 Auth

• SPI In/Out • Average Latency

.��

��

��9�!��5 ��)��5��#You can customize the VPN Monitor view:

• View at the device level or the VPN level.

• Select the desired columns from the View menu.


Realtime Monitor is profile driven. Therefore, the program remembers your custom configuration each time you log on.

• Sort the VPNs by assigning a sort column.



Figure 13-5 Customize the VPN Monitor View

• IPSec • Last Latency

• Peer Address • Availability

• Encryption

��%��&��'��(�)��*��"�!� .�1��

-/� ��.��&��

Double-click on an individual selection to launch the Details view for the selected device or VPN. See the “Active Button” for more information.

��You can filter the VPN Details for specific types of events or devices using the Column command in the View menu.

Figure 13-6 Configure Columns

The Configure Columns screen displays two panels, the Available Columns and the Selected Columns.

To specify the columns to the Event Monitor view, select column names from the Available Columns panel and click Add.

To filter columns from the Event Monitor view, select column names from the Selected Columns panel and click Remove.

After selecting the columns, you can customize the view. See “Customizing Columns” for details.

��9�!��Select the columns you want to view as well as the ordering of the columns within the view.


• Sorting

• Resizing

.�2 ��

��


��!Sort the devices by assigning a sort column. You can sort any visible column in ascending or descending alphabetical order. The new data pushed from the DC is then visible, depending on the sorting parameters you have chosen. The default sorting is time based. Click on the column header to assigning a sort column. Click again to sort the column. Repeating the process reverses the sort order.


�� !��4�!�You can save Detail log files in an Excel format. To capture a file:

1. Click the Pause button to stop the flow of data to the VPN Monitor.

– You can also select the Pause command from the View menu.

2. Click the Save button or select Save from the File menu.

Realtime Monitor opens a default Reports directory.

3. Title the file and click Save.

The file appears as an .csv Excel file.

��%��&��'��(�)��*��"�!� .�3��

-/� ��.��&��

��< ��'The Pause command toggles between pause and play. Click the Pause button to temporally stop the flow of data to the Event Monitor viewer. The button changes to the Play button.


.�4 ��

��

��

��This chapter describes the procedures for obtaining reports and describes the reports themselves.

The Realtime Monitor provides a summary report for each device. It also offers nine detailed device statistic reports, which are grouped into three general categories.

• Traffic Statistics

– Policy Distribution

– Protocol Distribution Report

– Active Statistics

• System statistics

– Ethernet Statistics Summary Report

– Flow Statistics Summary Report

– Attack Statistics

• Event Statistics

– Traffic Logs Reports

– Self Logs Reports

– System Alerts

��%��&��'��(�)��*��"�!� .��.

-/� ��.��%��

�&;��; ��/$��/This section defines the elements of the Reports window.

• Menu Bar

• Toolbar

• Control Pane

• Details Pane

By default, the Reports window opens to the Device Summary screen.

Figure 14-1 Realtime Reports Window

.��

��

+/�� 9��!�0

��)��6��The Realtime Reports Menu Bar contains the following commands:

File Save Saves the tables to Microsoft™ Excel™ format.

Print Prints the graphs using Excel format.

Exit Exits the viewer.

View Summary Opens the main Device Statistics view.

Policy Statistics Presents the Policy Table.

Protocol Distribution Presents the Protocol Distribution Table.

Active Statistics Presents a list of active devices.

Ethernet Statistics Presents the Ethernet Statistics.

Flow Statistics Presents the Flow Statistics.

Attack Statistics Presents the Attack Statistics.

Traffic Logs Presents the Traffic Logs.

Self Logs Presents the Self Logs.

System Alerts Presents the System Alerts.

Pause/Play Toggle button

The Pause button pauses prevents the view from being refreshed when the data is sent to the client. The Play button resumes sending data to the client. No data is lost during pause.

Refresh Contacts the DC for the latest data.

Column Visible when viewing tables. Opens a dialog box that allows you to configure columns.

Window Tile Tiles the windows across the screen.

Cascade Stacks the windows on the screen.

Close Closes the active report in the Details Pane.


Help Topics Launches the table of contents for entire Help system.

��%��&��'��(�)��*��"�!� .��

-/� ��.��%��

��The Reports Window provides a detachable toolbar. Using your mouse on the grip, you can drag the toolbar anywhere on your desktop. Return the toolbar by clicking the close button. The toolbar buttons provide convenient shortcuts to menu commands.

Figure 14-2 Reports Toolbar

�� The Reports window is divided into two panes, the Control Pane and the Details Pane. The window opens to the Device Summary Report. The Control Pane displays nine additional reports.


Control Pane Details Pane

.��

��

��$��

The Details Pane displays the reports. You can display reports in the Details Pane in a number of ways.

• Single Report View

• Multiple Reports Tiled View

• Multiple Reports Cascade View

See “Displaying Reports” on page 14-6 for more details.

�6��$�$��$��$��; ��Use the tools and procedures described to view, print, or save any of the reports.

1. If the console is not already open, click the Monitor Console button from the Control Pane of the Realtime Monitor Console.

2. When the Monitor Console appears, double-click on the desired NetScreen device in the Device Summary Pane.

You can also right-click on the device and select Statistics from the popup menu, as shown in Figure 14-4.

Figure 14-4 popup menu in Device Summary Pane

The Device Summary Window appears, as shown in Figure 14-5.

Note: You can enlarge either pane to fill the screen by clicking on the border arrows between panes. Click the reverse arrow to return to both panes. You can also adjust the borders manually using the vertical grip bar.

��%��&��'��(�)��*��"�!� .��1��

-/� ��.��%��

Figure 14-5 Device Statistics Summary

��'�!��To display reports:

From the Device Statistics Window, select the desired report or reports from the Control Pane on the left. The reports appear on the right.

� �� '�Click the Pause button to halt the flow of data when viewing reports. This is a toggle button. Click Play to restart the flow. You do not lose data during Pause.

.��2 ��

��

��$��

��!��The report viewer refreshes automatically at regular intervals. However, you can refresh your data between intervals to insure that you have the latest data. To update select the Refresh command from the View menu or click the Refresh button on the toolbar.

5��#�!��!��Click on a single report in the Control Pane. The report is displayed in the Details Pane as shown in Figure 14-6.

Figure 14-6 Protocol Distribution Chart

Use the icons in the upper right corner to minimize, reduce, and close the report.

��%��&��'��(�)��*��"�!� .��3��

-/� ��.��%��

��!��5��#�You can display multiple reports in the Details Pane. To provide quick access, use the Tile command on the Window menu. To view a report, click its header.

Figure 14-7 Tiled Display in Details Pane

.��4 ��

��

��$��

��!��5��#�You can display multiple reports in the Details Pane. To provide quick access, use the Cascade command on the Window menu. To view a report, click its header.

Figure 14-8 Cascade Display in Details Pane

�� !��You can save all of the reports in an Excel format. Click the Save button on the toolbar or select the save command from the File menu. NetScreen-Global PRO Express Realtime Monitor prompts you for a file name. Use the default Report directory or specify a new location.

��%��&��'��(�)��*��"�!� .��

-/� ��.��%��

� ��!��You can print all of the reports. Click the Print button on the toolbar or select the print command from the File menu.

�; ��The Realtime Monitor offers nine detailed reports, including the Summary report. The following section describes the details in each report.

��'��When you open the Reports window, it opens to the device Summary report. This report provides overview details for the selected device.


.��.� ��

��

��

This Summary report provides you with the following device information:

Device Device name, serial number, and IP Address.

Version This includes the device build, model, and operation mode.

DC IP The IP Address of the Data Collector.

Severity Chart The current tally for each severity level.

Attack Alarms The number of attack alarms for this device.

Traffic Alarms The number of traffic alarms for this device.

Misc. Alarms The number of Misc. alarms for this device.

Configuration Logs The number of configuration logs for this device.

Information Logs The number of information logs for this device.

Traffic Logs The number of traffic logs for this device.

Self Logs The number of self logs for this device.

Interface Informa-tion

Lists the interface names, for example, Trust, Untrust, and Self. Also lists the total number of inter-faces.

Vsys Information Lists the virtual systems by name. Includes the cur-rent number.

Last Heartbeat Displays the date and time of the last heartbeat.

Device Status Indicates whether the device is currently up or down.

��%��&��'��(�)��*��"�!� .��..��

-/� ��.��%��

��33$��$��$�The Traffic Statistics includes the following reports:

• Policy Distribution

• Protocol Distribution Report

• Active Statistics

� ��'��The Policy Distribution Report collects and displays the NetScreen device traffic that matches the Access Policies configured for every interface of the NetScreen device.

This information helps you determine which Access Policies are used the most, in addition to helping you to track patterns in policy traffic.

The Policy Distribution report is available as both a chart and a table.

��The chart view provides a quick visual of the data. The color-coded key on the right defines the number of policies.

.��.� ��

��

+��,,��

Figure 14-10 Policy Distribution Chart Screen

Right-click within the chart to select the following from the drop-down menu:

• Connections

• Bytes

• Packets

The chart displays the data in percentages. Holding the cursor over a color bar displays the percentage for that block.

��Click the Table tab to view the data in a tabular format. This view provides Policy Distribution details. Use the scroll bar at the bottom of the Details Pane to view all columns.

��%��&��'��(�)��*��"�!� .��.��

-/� ��.��%��

Figure 14-11 Policy Distribution Table Screen

Note: See “Customizing Columns” on page 11-6 for information on customizing and sorting your tabular view.

.��.� ��

��

+��,,��

This report provides the following information:

Policy ID The number assigned to the access policy when the policy was added to the NetScreen device.

Source IP Address The IP address of the host generating the connection.

Source NetMask The IP address mask for the host or network generat-ing the connection.

Destination IP Address

The IP address of the host receiving the connection.

Destination Net-Mask

The IP address mask for the host or network receiving the connection.

Application/Service The application or service associated with the policy. Examples include Mail, FTP, SNMP, AOL, Telnet, and LDAP.

Action The activity to be performed, such as Permit, Deny, Tunnel, and so on.

Total Connections The total number of data connections.

Connection Rel% The relative percentage of connections.

Total Bytes The total number of data bytes.

Bytes Rel% The relative percentage of bytes.

Total Packets The total number of data packets.

Packets Rel% The relative percentage of packets.

��%��&��'��(�)��*��"�!� .��.1��

-/� ��.��%��

� ��This report collects and displays the protocol usage. Protocols are predefined services (like HTTP, SNMP, or Telnet) that you can enable for the NetScreen device.

For each device, the report separates the statistics into all available interfaces (Trust, Untrust, Management, HA (High Availability), and Self. This information helps you determine which protocols are used the most, and which are used the least.

The protocol distribution report is available as both a chart and a table.

��The chart view provides a quick visual of the data. The color-coded key on the right lists the protocols and port numbers.

.��.2 ��

��

+��,,��

Figure 14-12 Protocol Distribution Chart Screen

Right-clicking within the chart allows you to select the data type and interface, as shown in Figure 14-12 on page 14-17. The data types are defined as the following:

• Bytes In

• Bytes Out

• Packets In

• Packets Out

The chart displays the protocol usage in percentages. Hold the cursor over a color bar to display the percentage for that protocol. The active interface is listed below the graph, as shown in Figure 14-12 on page 14-17.

��%��&��'��(�)��*��"�!� .��.3��

-/� ��.��%��

��Click the Table tab to view the data in a tabular format. This view provides Protocol Distribution details. Use the scroll bar at the bottom of the Details Pane to view all columns.

Figure 14-13 Protocol Distribution Table Screen

The Protocol Distribution Report provides the following information:

Protocol Name The name of the predefined service (like HTTP, SNMP, or Telnet) operating on the selected interface.

Interface Name The name of the interface.

Total Bytes In The number of incoming bytes handled by the protocol through the NetScreen device.

Total Bytes In Rel%

The relative percentage of all incoming bytes.

Total Bytes Out The number of outgoing bytes handled by the protocol through the NetScreen device.

.��.4 ��

��

+��,,��

Total Bytes Out Rel%

The relative percentage of all outgoing bytes.

Total Packets In The number of incoming packets handled by the proto-col through the NetScreen device.

Total Packets In Rel%

The relative percentage of all incoming packets.

Total Packets Out

The number of outgoing packets handled by the proto-col through the NetScreen device.

Total Packets Out Rel%

The relative percentage of all outgoing packets.

��%��&��'��(�)��*��"�!� .��.��

-/� ��.��%��

�� The Active Statistics Report collects and displays tabular information for the following:

• Administrators

• Active VPN

• Authenticated Users

��The Administrators Report displays information about the administrators; when, where and how they logged in to the system. To view the Administrators report, click the Administrators tab in the Details Pane.

Figure 14-14 Active Statistics, Administrator Screen

.��

��

+��,,��


�� 5 �To view the Active VPN report, click the Active VPN tab in the Details Pane. It displays information about recently active VPNs. This report is tabular only.

Figure 14-15 Active Statistics, Active VPN Screen

Administrator ID The administrator logon ID.

IP Address The administrator IP address.

Service Used The type of service, for example, Console, Web, or Telnet.

Time The time that the administrator logged on.

��%��&��'��(�)��*��"�!� .��.��

-/� ��.��%��

The Active VPN report provides the following information:

VPN Tunnel Name

The name of the VPN tunnel.

Policy ID In/Out The ID of the incoming or outgoing policy for which this tunnel is created.

Local Gateway ID

Specifies the name of the local gateway. This is a secu-rity device, for example a NetScreen-100 or a hub.

Peer Gateway ID Specifies the name or ID of the peer gateway.

Local Gateway IP

The IP address of the local gateway for which the device forwards packets that are destined for networks beyond the immediate subnet of the specified interface.

Peer Gateway IP Specifies the IP address of the peer gateway.

Local Address The fixed local IP address

Peer Address The fixed IP address of a remote gateway

Monitor The on/off status of the monitoring.

Tunnel The up/down status of the tunnel.

IP Sec The type of protocol used for the VPN tunnel.

SPI In The 32-bit SPI number coming from the Peer.

SPI Out The 32-bit SPI number going out to the Peer.

Encryption The type of encryption used for the tunnel.

Authentication The type of ESP authentication used for the tunnel.

Key The type of key exchange protocol.

VPN Type Specifies either dial-up or site-to site.

Lifetime P1 The life of the key for phase 1.The standard lifetime is 3600 seconds.

Lifetime P2 The life of the key for phase 2.

Life Size The lifetime of the encryption key in kilobytes

P1 Status The phase 1 active/inactive status.

P2 Status The phase 2 active/inactive status.

P1 Authentica-tion

The type of authentication. For example, Preshared key, RSA signatures, etc.

Average Latency A rolling average of latency, presented in milliseconds.

Last Latency The latency in the most recent sample.

Availability The percent over the thirty samples.

.��

��

+��,,��

��0��The Authenticated Users report displays information about the users; the time, User ID and the Source IP address from which they logged in to the system. To view this report, click the Authenticated Users tab in the Details Pane.

Figure 14-16 Active Statistics, Authenticated Users Screen


User ID The user log in ID.

Source IP Address The source IP address.

Time The time that the user logged on.

��%��&��'��(�)��*��"�!� .��

-/� ��.��%��

�A��;)��$��$��0 The System Statistics group includes the following reports:

• Ethernet Statistics Summary Report

• Flow Statistics Summary Report

• Attack Statistics

�;��The Ethernet Statistics Report collects and displays information about the physical interfaces on the NetScreen device:

• All NetScreen devices display information about the Trust and Untrust interfaces.

• The NetScreen-10, NetScreen-50, NetScreen-100 and NetScreen-500 devices display information about DMZ interface; the NetScreen-5, NetScreen-5XP, and NetScreen-1000 devices have no DMZ interface.

• The NetScreen-100, NetScreen-500, and NetScreen-1000 devices display information for the HA (high availability) interface and the management interface.

View the Ethernet Statistics Report as a chart or a table.

.��

��

�7��%��"

��The chart view provides a quick visual of the data. The color-coded key on the right define the flow counters.

Right-click within the chart to select the desired interface. The active interface is listed below the graph. The chart displays the data in units. Hold the cursor over a color bar to display the total units.

Figure 14-17 Ethernet Statistics Chart Screen

��%��&��'��(�)��*��"�!� .��1��

-/� ��.��%��

��Click the Table tab to view the data in a tabular format. This view provides Ethernet Statistics details. Use the scroll bar at the bottom of the Details Pane to view all columns.

The Ethernet Statistics Summary Report allows you to view the following information:

Interface Displays the data for each interface.

Bytes In The number of bytes of incoming traffic processed through the NetScreen device over the selected interface.

Bytes Out The number of bytes of outgoing traffic processed through the NetScreen device over the selected interface.

Packets In The number of incoming packets processed through the NetScreen device over the selected interface.

Packets Out The number of outgoing packets processed through the NetScreen device over the selected interface.

Broadcast The number of broadcast-type packets processed through the NetScreen device over the selected interface.

CRC Errors The number of packets generating a cyclic redundancy code error processed through the NetScreen device over the selected interface.

Alignment Errors

The number of Frame Checksum (FCS) errors.

Short Frames The number of frames which are not of the correct length.

RX Collisions The number of times that two packets collide, resulting in damage to both. This indicates that the network is over-loaded.

.��2 ��

��

�7��%��"

�3��#��The Flow Statistics Summary Report collects and provides information about flow counters for the device or virtual interface.

View the Flow Statistics Report as a chart or a table.

��The chart view provides a quick visual. The color-coded key on the right define the flow counters.

Figure 14-18 Flow Statistics Chart Screen

Right-click within the chart to select the desired interface. The active interface is listed below the graph.

��%��&��'��(�)��*��"�!� .��3��

-/� ��.��%��

The chart displays the data in units. Hold the cursor over a color bar to display the total units.

��Click the Table tab to view the data in a tabular format. This view provides Flow Statistics details. Use the scroll bar at the bottom of the Details Pane to view all columns.

This report provides the following information about the virtual interfaces:

Interface Name The name of the virtual interface.

Bytes In The number of bytes of incoming traffic processed through the NetScreen device over the selected inter-face.

Bytes Out The number of bytes of outgoing traffic processed through the NetScreen device over the selected inter-face.

Packets In The number of incoming packets processed through the NetScreen device over the selected interface.

Packets Out The number of outgoing packets processed through the NetScreen device over the selected interface.

Vlan In The number of VLAN packets received through the NetScreen device; applies to virtual systems.

Vlan Out The number of VLAN packets sent through the NetScreen device; applies to virtual systems.

Total Connec-tions

The number of connections that occurred for a given virtual interface.

Packet Dropped The number of incoming packets dropped by a given virtual interface.

Packets Denied The number of incoming packets denied on the virtual interface by the policy.

Authentication Failed

The number of packets dropped because of an authen-tication failure.

URL Blocking Dropped

The number of packets dropped because of URL block-ing.

IP Sec Dropped The number of packets dropped because of an IPSec encryption failure.

.��4 ��

��

�7��%��"

��1��The Attack Statistics Report collects and displays all attacks.

For each device, the report separates the statistics by all available interfaces.

The protocol distribution report is available as both a chart and a table.

��The chart view provides a quick visual of the data. The color-coded key on the right lists the different types of attacks.

Figure 14-19 Attack Statistics Chart Screen

Right-click within the chart to select the desired interface. The active interface is listed below the graph.

The chart displays the data in units. Hold the cursor over a color bar to display the total units.

��%��&��'��(�)��*��"�!� .��

-/� ��.��%��

��Click the Table tab to view the Attack Statistics in a tabular format. This view allows you to compare attack numbers per interface. Use the scroll bar at the bottom of the Details Pane to view all columns.


Interface Name The name of the interface.

Syn Attack SYN packets overwhelm a network by initiating so many connection attempts or information requests that the network can no longer process legitimate con-nection requests, resulting in a Denial of Service.

Tear Drop Attack

When the first and second parts of a fragmented packet overlap, the server attempting to reassemble the packet can crash. If the NetScreen device sees this discrepancy in a fragmented packet, it drops the packet.

Source Route The Source Route option applied in an IP header can allow an attacker to enter a network with a false IP address and have data sent back to the attacker’s real address.

Ping of Death Intentionally oversized or irregular ICMP packets can trigger a Denial of Service condition, freezing, or other adverse system reactions. You can configure a NetScreen device to detect and reject oversized or irregular packet sizes.

Address Spoof-ing

You can enable a NetScreen device to guard against spoofing attacks by checking its own route table. If the IP address is not in the route table, traffic through the NetScreen device is not allowed.

Land Attack Combining a SYN attack with IP spoofing, a Land attack occurs when an attacker sends spoofed SYN packets containing the IP address of the victim as both the destination and source IP address. This creates an empty connection. Flooding a system with such empty connections can overwhelm the system, causing a Denial of Service. The NetScreen device blocks any attempts of this nature and records such attempts as a Land attack.

.��

��

�7��%��"

ICMP Flood ICMP pings can be so numerous that they overload a system with so many echo requests that the system expends all its resources responding until it can no longer process valid network traffic. If you set a threshold to invoke ICMP flood attack protection when exceeded, ICMP flood attacks are recorded as statis-tics.

UDP Flood UDP packets are sent with the purpose of slowing down the system to the point that it can no longer han-dle valid connections. If you set a threshold to invoke UDP flood attack protection, when exceeded, UDP flood attacks are recorded as statistics.

WinNuke WinNuke can cause any computer on the Internet run-ning Windows to crash. WinNuke introduces a Net-BIOS anomaly that forces Windows to restart. The NetScreen device can scan any incoming Microsoft NetBIOS Session Service packets, modify them, and record the event as a WinNuke attack.

Port Scan A port scan attack occurs when packets are sent out to different port numbers, for the purpose of scanning the available services in hopes that one port will respond. If a remote host scans 10 ports in 0.3 seconds, the NetScreen device flags this as a port scan attack and drops the connection.

IP Sweep This is the same as an address sweep attack, and sim-ilar to a port scan attack. It occurs when an attacker sends ICMP echo requests (or pings) to different desti-nation addresses hoping that one will reply, thus uncovering an address to a target. If a remote host pings 10 addresses in 0.3 seconds, the NetScreen device flags this as an address sweep attack and drops the connection.

��%��&��'��(�)��*��"�!� .��.��

-/� ��.��%��

;5;��$��$��0 The Events Statistics group includes the following reports:

• Traffic Logs Reports

• Self Logs Reports

• System Alerts

��4�!�These reports contain logging traffic for policies.

You can enable logging for a defined policy. Whenever a connection is completed using that policy, a log message is generated.

The Traffic Logs Reports appear in a tabular format. Use the scroll bar at the bottom of the Details Pane to view all columns.

Figure 14-20 Traffic Logs Table Screen

.��

��

��"

Traffic Logs Reports collect the following information for policy traffic:

Note: For information on customizing tables, Figure 7-5 on page 7-9.

Date and Time The date and time the event occurred.

Source IP: Port

The IP address of the sending node of the connection being logged.

Destination IP: Port

The IP address of the receiving node of the connection being logged.

Duration Length in seconds, of the connection session.

Application The name of the application to which the traffic log belongs. The application is determined by the protocol, source port, and destination port.

Policy ID A unique identifier specified when the policy was configured. None means no name was specified during policy configura-tion.

Policy Service The types of service allowed by the policy. For example, FTP, HTTP, Telnet.

��%��&��'��(�)��*��"�!� .��

-/� ��.��%��

��4�!�Self logs contain NetScreen device specific logs.

Self Logs Reports contain information related to denied traffic to the device itself, for example, who logged in and from where. If necessary, use the scroll bar at the bottom of the Details Pane to view all columns.

Figure 14-21 Self Logs Table Screen

Self Logs Reports display the following device information:

Time The date and time the event occurred.

Source IP: Port The IP address of the device transmitting the traffic.

Destination IP: Port

The IP address of the device receiving the traffic.

Duration Length in seconds of the connection session.

Application The name of the application to which the traffic log belongs. The application is determined by the protocol, source port, and destination port.

.��

��

��"

��'��The System Alerts Report collects and displays the System Alerts for this device. This refers to low memory and high device CPU usage.

The System Alerts Report is available in a tabular format. If necessary, use the scroll bar at the bottom of the Details Pane to view all columns.

Figure 14-22 System Alerts Table Screen

System Alert Reports collect the following information:

Event The type of alert or system alarm.

First Occurrence The first occurrence of this event.

Last Occurrence The most recent occurrence of this event.

Summary A brief synopsis of the event.

Count The number of times this event has occurred.

Severity The severity of the event.

��%��&��'��(�)��*��"�!� .��1��

-/� ��.��%��

.��2 ��

��

��

��!�� '��

This chapter explains how to add a NetScreen device to Realtime Monitor.

To add a device to Realtime Monitor, follow the steps below.

1. Configure the device for Realtime Monitor.

You can do this via:

– WebUI

– CLI

– NetScreen-Global PRO Policy Manager

4$

Using the CLI, enter the following at the prompt:

set global-pro enable

You must then set configure the primary Data Collector IP address for the device.

set global-pro config primary <a.b.c.d>

If you are running a secondary DC enter the following:

set global-pro config secondary <a.b.c.d>

Remember to save your configuration changes.

/��0$1. To configure the device via the WebUI see “Configuring the NetScreen

Devices For Report Manager” on page 5-2.

�� '�)��!��

See your Policy Manager documentation for details.

��%��&��'��(�)��*��"�!� .1�.

-/� ��.1��!!��$��5��/��7��%

2. Launch the Realtime Monitor Console.

Refer to “Launching Report Manager Console” on page 5-4 for detailed instructions.

3. Log on as the user to monitor this device.

4. Associate the Data Collector to the System, if you have not already done so.

The DC acts as a server, serving the Realtime Monitor with performance statistics and log data. The DC also communicates with the MC to periodically send summarized data to the MC to be updated to the relational database.

5. Add your NetScreen Device to the System.

To add devices individually, you will need the serial number of the device. The serial number can be found on the bottom of the device itself, in the paperwork that accompanied your device, or on the WebUI. For more information, see “Device Serial Numbers” on page 6-5 in the NetScreen-Global PRO Realtime Monitor Console User’s Guide.

If you are running Realtime Monitor together with Policy Manager you have a second options for adding NetScreen devices to your NetScreen-Global PRO system. You can import the device list from Policy Manager so that you do not have to add device information a second time.

$��!�� 4��3�� '�)��!��Once you have entered a device or devices into NetScreen-Global PRO Policy Manager, you can import the device list using the Import command from the File menu. The Device List contains information such as:

• Device serial number

• Host name

• IP Address

• Administrator ID


• Primary DC

• Secondary DC

Only the device serial number and primary DC are required for import.

Note: See your NetScreen-Global PRO Policy Manager documentation for instructions on Exporting Device Lists.

.1��

��

1.Select the Import command from the File menu.

An Open Dialog Box appears.

Figure 15-1 Import Open Dialog Box

2.Select the desired file and click Open.

The Realtime Monitor reads this file and communicates with the device to import the data needed from it.

• Serial number

• Primary DC

Once it reads the information, it adds the device to the Realtime Monitor system.

The status of the operation, for each device imported, is shown in a status screen. You receive a result for each device in the list.

�$"��& � � �*!"��

If you abort the Device List Import before it has completed, you receive a warning before the program closes.

Realtime Monitor prompts you to log on to the system again.

Note: Since Policy Manager accepts NetScreen-Global Manager configuration files, you can import all of your NetScreen-Global Manager devices into the Realtime Monitor system.

��%��&��'��(�)��*��"�!� .1��

-/� ��.1��!!��$��5��/��7��%

For instructions on adding a device to the system, see “Adding, Modifying, and Deleting Devices” on page 6-3 also in the NetScreen-Global PRO Realtime Monitor Console User’s Guide.

$��!�� 4��3��3��You can import device lists from comma delineated text files. Use the Import command from the File menu.

Import data includes the following:


• Host name

• IP Address



• Primary DC

• Secondary DC

It is not necessary to populate every field. However the text file must contain at least the three following variables:

• IP address


• Administrator password

or both of the following:


• Primary DC IP address

If the minimum variables are not present, the device is not imported from the file.

6. Associate your Device with a Data Collector.

When you add a device to Realtime Monitor you assign the device to at least a primary DC. For details see “Managing Devices” on page 6-1.

Congratulations. Your device is configured for Realtime Monitor. You are ready to view your realtime reports.

.1��

��

��

��!This section provides troubleshooting help to possible installation and runtime problems. Use this chapter as a guide to help you fix Realtime Monitor problems before calling technical support. For information on how to contact technical support, see “Contacting Technical Support” on page x.

$��!Review this section to troubleshoot problems with individual Realtime Monitor component installation.

)��Use the -test option in the MC to test whether a connection can be established to the database, and whether the MC has some initialized schema/data.

<install_directory>/gloPROmc -test

You should receive a message indicating that the connection was established.

If the MC has connection problems with the database or the DC, review the following:

1. Has the pro.mc.init been set properly?

Check the pro.mc.init file to confirm that the following information is configured properly:

db.name Set this to your database name.

db.port Make sure this is the correct database server port number.

db.ip.addr Confirm the Database server IP address.

db.user.id Confirm Database user ID.

db.passwd Confirm the password is that of the authorized user.

pro.cus-tomer.authenticate

The system uses this to recongize the components. The cus-tomer ID must be the same for all components.

��%��&��'��(�)��*��"�!� ��.

��

� ��!��+��"��/��$

��To troubleshoot connection problems with the DC, verify these steps.

Use the -test option in the DC to verify whether a connection can be created to the MC, and also check if the MC can find the DC in the database:

<install_directory>/gloPROdc -test

You should receive a message indicating that the connection was established and authentication succeeded.

1. Has the pro.dc.init been set properly?

Check the pro.dc.init file to confirm that the following information is configured properly.

If the DC is not accepting connections from the NetScreen devices, review the following.

��)��1. Has the pro.admin.init been set properly?

Make sure you have the correct server IP address and Customer Authentication ID.

- pro.admin.mc.ip.addr

- pro.customer.authenticate

mc.ip.addr Should be set to MC server IP address or DNS name.

dc.smelogfile.path Accessible path for the device information. Note: This directory must be writable.

pro.cus-tomer.authenticate

The customer ID must be the same for all components.

Note: Note that pro.customer.authenticate is a field that is entered as a secret identification between the server components. It acts like a password between the components. The same value for pro.customer.authenticate must be entered in the installation of all components.

Note: All components must have the same customer authentication ID.

��

��

Make sure that you have the same customer authentication ID on both the server server and on the console. Copy the encrypted customer authentication ID from the pro.mc.init file to the pro.admin.init customer authentication ID line.

2. Can the Realtime Monitor Console ping the server (the same pro.admin.mc.ip.addr)?

You should be able to successfully ping the MC from the Realtime Monitor Console. Otherwise you will not be able to log on to the system.

�� For problems with the devices connecting to the DC verify the following:

1. Has the NetScreen device been set to enable NetScreen-Global Pro?

You must configure the NetScreen devices via the WebUI or NetScreen-Global PRO Policy Manager to enable NetScreen-Global PRO.

2. Has the host (of NetScreen-Global-Pro) been configured correctly?

These can be verified by using CLI at the device:

get global-pro config

Make sure the Global PRO status is enabled.

The Primary Host should point to the primary DC IP address. The Secondary Host is only available with NetScreen-Global PRO Realtime Monitor.

3. Has the NetScreen device been added to the database via the Realtime Monitor Console?

You must add the device via the Realtime Monitor Console. Further, make sure you have created the proper association between the device and the DC.

4. Are you using a VPN tunnel?

Make sure the Global PRO status is enabled for VPNs.

Note: See Chapter 15, “Adding a NetScreen Device to the System” on page 15-1 for instructions on adding devices.

��%��&��'��(�)��*��"�!� ��

��

� ��!��+��"��/��$

��!�4�!�Use the MC and DC log files to troubleshoot problems. Below are some errors that can be found in debug logs:

To view errors that the system has encountered, run the system command in the <INSTALL_DIR>/logStatus directory:

• grep ERROR pro.mc.log*

• grep ERROR pro.dc.log*

ERROR: ... Db Connection cre-ation failed:

- Run gloPROmc -test for diagnosis.

ERROR: ... writeExternal: ... - The server Realtime Monitor installation directory might be running out of disk space, check the remaining disk space left.

ERROR: ... write DCProps: ... - Make sure the Realtime Monitor is started by the same user that installed the application.

- Make sure the current user starting Realtime Monitor has write permission to the files:<INSTALL_DIR>/pro.mc.init<INSTALL_DIR>/pro.dc.init

ERROR: ... Unable to determine the ip address of the local host. Make sure the system hostname is correctly set

- Make sure the hostname defined in /etc/hosts has the same value as running the Solaris system command "hostname".

ERROR: ... insertDbRecord: - Check if the database diskfile used by Realtime Moni-tor is full- [there are many other possible causes of this error].

ERROR: Authentication to device failed

-The "Device Login ID"/"Device Login Password" in the database doesn’t match that in the device, please update that in the database (via the Realtime Monitor Console) accordingly.

ERROR: Re-connect to MC failed - Either the MC is not running, or that the network con-nection to it is dead. Run the following diagnosis for more information:<INSTALL_DIR>/gloPROdc -test

��

��

��$��$ ��!��To change the IP address for the server after the initial installation:

Run netsetup from /usr/netscreen/RealtimeMt/startup directory. Enter the following command, supplying the relevant information:

./netsetup <Directory Manager’s DN> <Password> <Customer Authentication ID> <New IP Address> [[<Netmask>] <Gateway>]

After running netsetup, you must reboot the server for the change to take effect.

ERROR: flushEmailNotification - The system has problems in connecting/communicating with the SMTP server. Please verify if the SMTP server IP address is correctly set in the database (via the Real-time Monitor Console). Also, verify that the SMTP server is running.

ERROR:Database version not match: please upgrade the db version

- The database schema version does not match that of the MC. Please make sure that Realtime Monitor data-base schema has been updated to the matching version of the MC

��%��&��'��(�)��*��"�!� ��1

��

� ��!��+��"��/��$

��2 ��

��

��

?�'��'Procedures for delivering a secure key with the NetScreen-Global PRO Product:

NetScreen takes to following precautions in delivering the NetScreen-Global PRO product with a secure key. However, it is recommended that you obtain a secure key or digital certificate from a separate third party or Certificate Authority for the protection of your network. NetScreen regularly evaluates its procedures and may alter or amend such procedures from time to time.

The NetScreen-Global PRO private key is protected in a "secure room" on NetScreen premises. The room is secured with a locked door; access is gained with a key. The room is secure from physical intrusion from the ceiling, floor, vents, or other access ports The room has no windows, a single door and a surveillance camera to monitor access. The tapes are time and date stamped and kept for a minimum of one week in a secure location. The locking system automatically logs as to who and when unlocks the room to gain access and egress.

Access to the Secure Room is limited to three NetScreen Employees and three Alternates. There is a two-person rule for access to the Secure Room. Parties with access privileges (Physical Key and either Image Signature Password or Root Password) must gain access simultaneously; one person may not access the room alone. The room is not used for any other purpose than the generation and securing of the public and private keys and the signing of approved images.

As needed, authorized personnel generate NetScreen-Global PRO Policy Manager server keys in the secure room. PKCS12 envelopes are created as <serial number>.pkcs12. The PKCS12 envelopes are loaded onto an ftp server. The keys are then transmitted to NetScreen’s manufacturer dually password protected. The manufacturer is contacted immediately and relayed the unlocking password and the PKCS12 envelope password. After manufacturer downloads the envelopes, they are removed from the ftp server.

Pursuant to work instructions and procedures provided by NetScreen, the manufacturer then copies the data to a discrete data storage medium (such as a floppy disk). Upon completion of copying the data, the manufacturer immediately removes the data from the ftp client and delivers the downloaded PKCS12 envelopes on the data storage medium to a locked secure cabinet where it remains until an envelope is needed. At the time of final configuration of a NetScreen-Global PRO Policy Manager server an envelope is removed from the secure cabinet and that particular PKCS12 envelope and is imported to a single NetScreen-Global PRO Policy Manager server. After successful import, the PKCS12 envelope is destroyed. Upon instructions from NetScreen, the manufacturer destroys unused PKCS12 envelopes.

��7�&��$��'��(�)��*��"�!� ;�.

��

� ��!��;�?�7��"��7

;��

��

��

��'Access Policies. Access Policies provide the initial protection mechanism for the firewall, allowing you to determine what traffic passes across it based on IP session details. They protect the Trusted network from outsider attacks, such as the scanning of Trusted servers. Access Policies create an environment in which you set up security Policies to monitor traffic attempting to cross your firewall.

Address Spoofing. You can enable a NetScreen device to guard against spoofing attacks by checking its own route table. If the IP address is not in the route table, traffic through the NetScreen device is not allowed.

Authentication Header (AH). See ESP/AH.

Authentication. Authentication ensures that digital data transmissions are delivered to the intended receiver. Authentication also assures the receiver of the integrity of the message and its source (where or whom it came from). The simplest form of authentication requires a user name and password to gain access to a particular account. Authentication protocols can also be based on secret-key encryption, such as DES, or on public-key systems using digital signatures.

Bastion Host. A hardened system taken one step further - configured with the minimal software to support a single network service.

Broadcast Out. The number of broadcast-type packets processed through the NetScreen device over the selected interface.

Bytes In. The number of bytes of incoming traffic processed through the NetScreen device over the selected interface.

Bytes Out. The number of bytes of outgoing traffic processed through the NetScreen device over the selected interface.

Circuit-level Proxy. Proxy or Proxy Server is a technique used to cache information on a Web server and acts as an intermediary between a Web client and that Web server. It basically holds the most commonly and recently used content from the World Wide Web for users in order to provide quicker access and to increase server security. This is common for an ISP especially if they have a slow link to the Internet. On the Web, a proxy first attempts to find data locally, and if it’s not there, fetches it from the remote server where the data resides permanently. Proxy servers are also constructs that allow direct Internet access from behind a firewall. They open a socket on the server, and allow communication via that socket to the Internet. For example, if your computer is

-�.

��

� ��!��-��7

inside a protected network, and you want to browse the Web using Netscape, you would set up a proxy server on a firewall. The proxy server would be configured to allow requests from your computer, trying for port 80, to connect to its port 1080, and it would then redirect all requests to the proper places.

CRC Errors. The number of packets generating a cyclic redundancy code error processed through the NetScreen device over the selected interface.

Customer Authentication ID. The inital customer authentication ID is arbitrarty but must be cosistent for all components. This should be a unique password, containing both letters and characters. You can create any Customer Authentication ID you like, but you must consistently use the same Customer Authentication ID for all components. The system permanently encrypts it.

Data Encryption Standard (DES). A 40- and 56-bit encryption algorithm that was developed by the National Institute of Standards and Technology (NIST). DES is a block encryption method originally developed by IBM. It has since been certified by the U.S. government for transmission of any data that is not classified top secret. DES uses an algorithm for private-key encryption. The key consists of 64 bits of data, which are transformed and combined with the first 64 bits of the message to be sent. To apply the encryption, the message is broken up into 64-bit blocks so that each can be combined with the key using a complex 16-step process. Although DES is fairly weak, with only one iteration, repeating it using slightly different keys can provide excellent security.

Data Encryption Standard-Cipher Block Chaining (DES-CBC). Until recently, the most significant use of triple-DES (3DES) was for the encryption of single DES keys, and there was really no need to consider how one might implement various block cipher modes when the block cipher in question is actually one derived from multiple encryption. However, as DES nears the end of its useful lifetime, more thought is being given to an increasingly widespread use of triple-DES. In particular, there are two obvious ways to implement the CBC mode for triple-DES. With single-DES in CBC mode, the ciphertext is exclusive-ored with the plaintext before encryption. With triple-DES however, we might use feedback around all three DES operations from the ciphertext to the plaintext, something which is called outer-CBC. Alternatively, we might run the feedback around each individual encryption component, thereby making, in effect, triple-(DES-CBC). This is referred to as inner-CBC, since there are internal feedbacks that are never seen by the crypto-analyst. Performance-wise, there can be some advantages to use the inner-CBC option, but research has established that outer-CBC is in fact more secure. Outer-CBC is the recommended way for using triple-DES in the CBC mode.

-�� &��$��

��

De-Militarized Zone (DMZ). From the military term for an area between two opponents where fighting is prevented. DMZ Ethernets connect networks and computers controlled by different bodies. They may be external or internal. External DMZ Ethernets link regional networks with routers.

Denial of Service (DoS) Attack. An attack designed to disrupt a network service. Typically in a DoS attack, a flood of information from the attacker will overwhelm a serving system’s resources, causing it to be unable to field valid network requests. Other DoS attacks can cause the serving process to crash, also denying the service.

Distributed Denial of Service (DDoS) Attack. A DoS attack (typically a flood) from multiple source points. This is more effective than a DoS attack, as it is no longer one computer against one server in an effort to overwhelm the server. Now, many low-bandwidth connections can be added together to attack a high-bandwidth site. Additionally, having random floods from multiple paths make backtracking extremely difficult, if not impossible.

ESP/AH. The IP level security headers, AH and ESP, were originally proposed by the Network Working Group focused on IP security mechanisms, IPSec. The term IPSec is used loosely here to refer to packets, keys, and routes that are associated with these headers. The IP Authentication Header (AH) is used to provide authentication. The IP Encapsulating Security Header (ESP) is used to provide confidentiality to IP datagrams.

Firewall. A device that protects and controls the connection of one network to another, for traffic both entering and leaving. Firewalls are used by companies that want to protect any network-connected server from damage (intentional or otherwise) by those who log in to it. This could be a dedicated computer equipped with security measures or it could be a software-based protection.

GBIC. A Gigabit Interface Connector (GBIC) is the kind of interface module card used on the NetScreen-500 for connecting to a fiber optic network.

GMT (Greenwich Mean Time). The Greenwich, England mean solar time. Also known as Universal Time, it is used for calculating time throughout most of the world.

Hardened System. A server with all appropriate security patches and bug fixes that has been configured securely. These systems are designed to resist penetration.

Histogram. A vertical graph in which different amounts are represented by thin, color-coded bands or bars. These bars represent a frequency distribution; heights of the bars represent observed frequencies.

�� &��$��'��(�)��*��"�!� -�

��

� ��!��-��7

ICMP Flood. ICMP pings can be so numerous that they overload a system with so many echo requests that the system expends all its resources responding until it can no longer process valid network traffic. If you set a threshold to invoke ICMP flood attack protection when exceeded, ICMP flood attacks are recorded as statistics.

Internet Control Message Protocol (ICMP). Occasionally a gateway or destination host will communicate with a source host, for example, to report an error in datagram processing. For such purposes the protocol, the Internet Control Message Protocol (ICMP), is used. ICMP uses the basic support of IP as if it were a higher level protocol, however, ICMP is actually an integral part of IP, and must be implemented by every IP module. ICMP messages are sent in several situations: for example, when a datagram cannot reach its destination, when the gateway does not have the buffering capacity to forward a datagram, and when the gateway can direct the host to send traffic on a shorter route. The Internet Protocol is not designed to be absolutely reliable. The purpose of these control messages is to provide feedback about problems in the communication environment, not to make IP reliable.

Internet Key Exchange (IKE). The method for exchanging keys for encryption and authentication over an unsecured medium, such as the Internet.

Internet Protocol (IP). An Internet standard protocol that defines a basic unit of data called a datagram. A datagram is used in a connectionless, best-effort, delivery system. The Internet protocol defines how information gets passed between systems across the Internet.

IP Address Spoofing. Depending on the circumstances, a spoofed IP can be used to perform difficult-to-trace DDoS attacks, hiding their true address in a clutter of bogus addresses, or in rare occasions taking advantage of IP address related trusted relationships between two hosts. The attacker sends Crafted Packets (Packets made from the ground up, and not created and processed normally through the IP Stack) that have source IP addresses other than what has been assigned to the interface. These IP addresses can be anything – they are typically completely random. IP address spoofing works best when the spoofed addresses used are not currently in use, as otherwise, the real host may reply and reset the session. The target system receives these packets, and responds as appropriate, with the return traffic being sent to the actual address’ owner, and not the attacker. In order for an attacker to receive return traffic from a spoofed address, the attacker must be in the path of transmission to the actual owner’s address.

IP Gateway. Also called a router, a gateway is a program or a special-purpose device that transfers IP datagrams from one network to another until the final destination is reached.

-�� &��$��

��

IP Security (IPSec). Security standard produced by the Internet Engineering Task Force (IETF). It is a protocol suite that provides everything you need for secure communications—authentication, integrity, and confidentiality—and makes key exchange practical even in larger networks. See also DES-CBC, ESP/AH.

IP Sweep. This is the same as an address sweep attack, and similar to a port scan attack. It occurs when an attacker sends ICMP echo requests (or pings) to different destination addresses hoping that one will reply, thus uncovering an address to a target. If a remote host pings 10 addresses in 0.3 seconds, the NetScreen device flags this as an address sweep attack and drops the connection.

ISAKMP. The Internet Security Association and Key Management Protocol (ISAKMP) provides a framework for Internet key management and provides the specific protocol support for negotiation of security attributes. By itself, it does not establish session keys, however it can be used with various session key establishment protocols to provide a complete solution to Internet key management.

Land Attack. Combining a SYN attack with IP spoofing, a Land attack occurs when an attacker sends spoofed SYN packets containing the IP address of the victim as both the destination and source IP address. This creates an empty connection. Flooding a system with such empty connections can overwhelm the system, causing a Denial of Service. The NetScreen device blocks any attempts of this nature and records such attempts as a Land attack.

Load balancing. Load balancing is the mapping (or re-mapping) of work to processors, with the intent of improving the efficiency of a concurrent computation.

MD5. Message Digest (version) 5, an algorithm that produces a 128-bit message digest (or hash) from a message of arbitrary length. The resulting hash is used, like a “fingerprint” of the input, to verify authenticity.

Packet Filtering. A router/firewall process that contains access control lists (ACL) that restrict flow of information through it based upon protocol characteristics such as source/destination IP address, protocol or port used. Generally, packet-filtering routers do not track sessions through them unless the router is also doing a NAT process, and the NAT process would track the session for NAT purposes.

Ping of Death. Intentionally oversized or irregular ICMP packets can trigger a Denial of Service condition, freezing, or other adverse system reactions. You can configure a NetScreen device to detect and reject oversized or irregular packet sizes.

Policies. See Access Policies.

�� &��$��'��(�)��*��"�!� -�1

��

� ��!��-��7

Port Scan. A port scan attack occurs when packets are sent out to different port numbers, for the purpose of scanning the available services in hopes that one port will respond. If a remote host scans 10 ports in 0.3 seconds, the NetScreen device flags this as a port scan attack and drops the connection.

Protocols. Protocols are pre-defined services (like HTTP, SNMP, or Telnet) that are enabled for the NetScreen device.

Receive Collisions. The number of collisions on the line detected by the Carrier Sense Multiple Access Collision Detection (CSMA/CD) protocol.

Security Association. The combination of a Security Parameters Index and a destination address. Required for both Authentication Header and Encapsulating Security Payload protocols. See also Security Parameters Index.

Security Parameters Index (SPI). is a hexadecimal value which uniquely identifies each tunnel. It also tells the NetScreen device which key to use to decrypt packets.

Server Farm. A server farm is a network where clients install their own computers to run Web servers, email, or any other TCP/IP based services they require, making use of leased permanent Internet connections with 24-hour worldwide access. Instead of expensive dedicated-line connections to various offices, servers can be placed on server farm networks to have them connected to the Internet at high-speed for a fraction of the cost of a leased line.

SHA-1. Secure Hash Algorithm-1, an algorithm that produces a 160-bit hash from a message of arbitrary length. (It is generally regarded as more secure than MD5 because of the larger hashes it produces.)

Short Frames. The number of frames containing less than 64 bytes of data.

Source Route. The Source Route option applied in an IP header can allow an attacker to enter a network with a false IP address and have data sent back to the attacker’s real address.

Stateful Inspection. A firewall process that checks the TCP header for information on the session’s state. The process checks whether it is initializing (SYN), ongoing (SYN/ACK), or terminating (FIN). A stateful inspector firewall will typically track each session flowing through it. Packets from unknown sessions that appear to be part of an ongoing or illegal session are dropped. All NetScreen network security devices are stateful inspectors.

SYN Attack. SYN packets overwhelm a network by initiating so many connection attempts or information requests that the network can no longer process legitimate connection requests, resulting in a Denial of Service.

-�2 �� &��$��

��

Tear Drop Attack. When the first and second parts of a fragmented packet overlap, the server attempting to reassemble the packet can crash. If the NetScreen device sees this discrepancy in a fragmented packet, it drops the packet.

Transmission Control Protocol/Internet Protocol (TCP/IP). A set of communications protocols that support peer-to-peer connectivity functions for both local and wide area networks. A communications protocol which allows computers with different operating systems to communicate with each other. Controls how data is transferred between computers on the Internet.

Trojan Horse. A program with functionality (typically malicious) not made known to an end-user. A common example of this would be a game received as an email attachment. This ‘Trojaned’ program might also secretly install a remote administration (known as a back door) program that allowed an attacker access to your computer.

Trunk Port. A trunk port allows a switch to bundle traffic from several VLANs through a single physical port, sorting the various packets by the VLAN identifier (VID) in their frame headers.

UDP Flood. UDP packets are sent with the purpose of slowing down the system to the point that it can no longer handle valid connections. If you set a threshold to invoke UDP flood attack protection, when exceeded, UDP flood attacks are recorded as statistics.

User Datagram Protocol (UDP). A protocol in the TCP/IP protocol suite, the User Datagram Protocol or UDP allows an application program to send datagrams to other application programs on a remote machine. Basically UDP is a protocol that provides an unreliable and connectionless datagram service where delivery and duplicate detection are not guaranteed. It does not use acknowledgments, or control the order of arrival.

Universal Resource Locator (URL). A standard way developed to specify the location of a resource available electronically.Also referred to as a location or address, URLs specify the location of files on servers. A general URL has the syntax protocol://address. For example, http://www.srl.rmit.edu.au/pd/index.html specifies that the protocol is http and the address is www.srl.rmit.edu.au/pd/index.html.

Virtual Local Area Network (VLAN). A logical rather than physical grouping of devices that constitute a single broadcast domain. VLAN members are not identified by their location on a physical subnetwork but through the use of tags in the frame headers of their transmitted data. VLANs are described in the IEEE 802.1Q standard.

�� &��$��'��(�)��*��"�!� -�3

��

� ��!��-��7

Virtual Private Network (VPN). A VPN is an easy, cost-effective and secure way for corporations to provide telecommuters and mobile professionals local dial-up access to their corporate network or to another Internet Service Provider (ISP). Secure private connections over the Internet are more cost-effective than dedicated private lines. VPNs are possible because of technologies and standards such as tunneling, screening, encryption, and IPSec.

Virtual System (Vsys). A feature unique to the NetScreen-1000, a Virtual System is a subdivision of the main system that appears to the user to be a stand-alone entity. Virtual Systems reside separately from each other in the same NetScreen-1000 device. Each one can be managed by its own Virtual System Administrator.

WinNuke Attack. WinNuke can cause any computer on the Internet running Windows to crash. WinNuke introduces a NetBIOS anomaly that forces Windows to restart. The NetScreen device can scan any incoming Microsoft NetBIOS Session Service packets, modify them, and record the event as a WinNuke attack.

Worm. A self-replicating attack program. Worms differ from typical viruses in that they are completely automatic – no interaction with a user is required. When a vulnerable target is found, it immediately and automatically infects the new host with the code. The newly infected host starts this process all over again. Each infected host will attempt to infect more hosts.

-�4 �� &��$��

��

�'�!��

$��

�abort

importing 15-3

query 9-4, 9-13

aborting the import 6-10, 15-3

access policies 14-12, 14-15

access to reports 1-6

accessing the monitor console 3-13

active administrators 1-5

active authenticated users 1-5

active button 13-3

active filter limits 10-2

active interface 14-25, 14-27

active statistics 1-5, 14-3, 14-12, 14-20

active administrators 1-5

active authenticated users 1-5

active VPN sessions 1-5

active statistics report 14-20

active statistics reports 1-7

active statistics, active VPN screen 14-21

active statistics, administrator screen 14-20

active statistics, authenticated users screen 14-23

active VPN 14-20, 14-21

report 14-21

tab 14-21

active VPN sessions 1-5

active VPN window 13-4

addcondition 10-6, 10-7

add/remove device/DC 4-5

added VPN-down condition 10-15

addinga filter 10-11

a netscreen device to Realtime Monitor 15-1

a netscreen device to the system 15-1

and deleting customers 7-3

condition button 10-14

conditions 10-14

contact information 5-8

customers 4-5, 7-3

device configuration 6-3

devices 1-6, 6-2, 6-3

devices to Realtime Monitor 15-2

filters 10-6, 10-11

group 5-2

groups 4-5

modifying and deleting users 5-3

user 5-2

user contact information 5-8

users 5-1, 5-3

virtual systems 4-20

adding, modifying, and deleting devices 6-3

address spoofingdefined 14-30

administer database 4-5, 5-2

administrationrole based 1-6

administrative groupssee groups 4-1

administratoraccess 7-3

ID 14-21

administrators 14-20

report 14-20

role-based 1-6

tab 14-20

alarmlevels 6-14

alarm data 1-4

alertsconfiguring 1-2

e-mail 1-2

receiving 1-2

��%��&��'��(�)��*��"�!� '@�.

��

�'�!��

all devicesicon 10-12

all events 10-12

icon 10-12

applybutton 10-13

filter button 10-17, 10-20

applyinga filter 10-19, 10-20, 10-21

applying a display filter 10-21

applying a monitor filter 10-20

architectural hierarchy 1-2

assign privileges 4-5, 5-2

assignedprivilege level 7-3

privileges 4-2

users 4-4

assigningcustomers to a group 4-14

customers to groups 4-14

devices to a group 4-17, 6-6, 6-17

devices to group 6-17

devices to selected users 5-15

devices to user 5-15

privileges 4-5

users to a group 4-10

users to groups 4-10


assigning customers to groups 4-14

assigning devices to a group 6-17

assigning devices to groups 4-17

assigning devices to the DC 6-17

assigning or removing virtual systems from groups 4-20

assigning privileges 4-5

assigning users to groups 4-10

associatinga virtual system with a device 5-17

DC 15-2

devices with customers 7-6

devices with DC 6-2

virtual systems with customers 7-8

virtual systems with users 5-17

associating devices with customers 7-6

associating users with customers 5-13

associating users with devices 5-15

associating users with groups 5-10

associating users with virtual systems 5-17

associating virtual systems with customers 7-8

associations 3-5

attack alarms 1-5, 3-9, 14-11

attack statistics 14-1, 14-3, 14-24, 14-29

chart 14-29

table 14-30

attack statistics chart screen 14-29

attack statistics report 14-29

attack statistics reports 1-7

authenticate devices 6-5

authenticated users 14-20, 14-23

tab 14-23

authentication 14-22

failed 14-28

availability 14-22

availablecustomers 4-14, 5-13

customers list 4-15, 5-14

devices 4-17, 7-6

devices list 4-19, 5-16

groups 5-11

users 4-11

virtual systems 4-20, 5-18

virtual systems list 7-9

average latency 14-22

6buttons

add condition 10-14

apply 10-13

apply filter 10-17, 10-20

customers 7-1

delete 10-7

details 13-2

'@��

��

�'�!��

device monitor 1-7

event monitor 1-7

logout 10-7

monitor console 3-13, 9-2

new 10-7

open filter 10-14, 10-16

pause 14-6

pause/play 13-8

play 14-6

refresh 10-7, 14-7

save 14-9

save filter 10-13

system health 1-6, 8-2

toggle 10-10, 10-12

undo 5-7

update 4-11

VPN monitor 1-7

bytes 14-13

bytes in 14-17

bytes out 14-17

bytes rel 14-15

cache size 9-5

calendar 10-9, 10-10

cascade 14-3

cascade command 14-9

cascade display in details pane 14-9

cascade reports 14-5

cascade view 14-5

cascading report views 14-9

chart 14-12, 14-16, 14-25, 14-27, 14-29

check boxes 4-14, 4-17

clausesand 10-9

or 10-8, 10-9

clear 9-5, 10-10

CLI A-3

enable Realtime Monitor 15-1

cli 15-1

enable global-pro 15-1

client 1-8, 2-3

close 14-3

collecting the data from server 3-4

color 9-6

bar sample 9-7

brightness 9-7

hue 9-7

saturation 9-7

color mapping 9-5

swatches 9-6

columns 14-3

command 12-3, 13-6

configuring 13-6

customizing 12-4, 13-7

reordering 12-4, 13-7

resizing 12-4, 13-7

sorting 12-4, 13-7

submenu 12-3, 13-6

columns command 11-4, 12-3, 13-6

commandadd condition 10-14

cascade 14-9

import 15-2, 15-4

open filter 10-16

refresh 14-7

tile 14-8

commandsabort query 9-4

communication protocol 1-3

compareattack numbers per interfaces 14-30

components 1-1, 1-3

conditions 10-8

name 10-8

names 10-9

configurationdevices 1-4

files 2-6

logs 1-5, 14-11

servers 1-4

��%��&��'��(�)��*��"�!� '@�

��

�'�!��

configureDC 15-1

primary DC 15-1

configure columns 11-5, 12-3, 13-6

configure netscreen-global pro express realtime monitor 2-5

configuringalert e-mail 1-2

secondary DC 15-1

configuring the netscreen devices for realtime moni-tor 3-1

connections 14-13

rel% 14-15

console 1-6, 1-8

contact infotab 5-5, 6-16


adding 5-8

devices 6-16

role-specific 5-8

user 4-4, 5-5, 5-8

contact person 4-14

control pane 1-6, 9-19

count 14-35

cpu load 8-1

create user/group 4-5, 5-2

creatingassociations 3-5, 7-3, 7-4

customer/console associations 7-3

customers 3-6

groups 3-6, 4-5

new groups 4-6

creating, modifying, and deleting groups 4-5

critical 9-5, 10-10

customermanagement window 7-4

customer authentication ID A-2

customer information 5-13

modifying 7-5

customer managementtab 4-14

customer management screen, general tab selected 7-4

customers 7-1

adding 7-3

additional 5-14

assigning to groups 4-14

associating 7-3

available 4-14

button 7-1

management window 7-2

name 4-14

removing from groups 4-14

selected 4-14

tab 7-2

customers management screen 7-2

customers management screen, device tab selected 7-6

customers screen, virtual systems tab selected 4-20, 7-9

customize the VPN monitor view 13-5

customizingcolumns 12-4, 13-6

device monitor view 12-3

VPN monitor view 13-5

customizing columns 11-6, 12-4, 13-6

customizing the device monitor view 12-3

customizing the event monitor view 11-4

customizing the VPN monitor view 13-5

�data

refresh 14-7

retrieving 1-5

data collector 1-4

database 1-5, 3-3

access 1-5

device history 7-7

relational 1-5

date 10-9

Dbpassword A-1

'@��

��

�'�!��

db 1-5

updating 1-5

DC 1-4, 1-6, 6-2, 15-1, 15-2

polling 1-4

DCsconfiguring secondary 15-1

email notification 3-7

mail notification window 3-7

primary 15-1

troubleshooting A-2

defaultadmin_group 4-2, 5-3

group 4-2

polling intervals time 6-15

report directory 14-9

user 5-3

default network settings 2-7

definingconditions 10-10

monitor filter 10-20

defining a display filter 10-21

defining a filter 10-11

defining a monitor filter 10-20

delete active filters 10-4

deletingcondition 10-6, 10-7

conditions 10-16

customers 4-5, 7-3, 7-5

DC 4-5

device 4-5


filter conditions 10-16

filters 10-6, 10-18

groups 4-8

multiple devices 6-6

users 5-1, 5-7

deleting a device 6-6

deleting conditions 10-16

deleting customers 7-5

deleting filters 10-18

deleting groups 4-8

deleting users 5-7

deletion confirmation dialog box 10-18

denied traffic 14-34

descriptionnew group 4-5

of filter 10-8

destinationIP address 14-15

netmask 14-15

detachable toolbar 10-6, 11-4

detailed view 4-1

detailsbutton 13-2

pane 14-7

details button 13-2

device 14-11

adding 15-1

details tab 6-13

history 7-7

information 5-15

performance tables 1-5

serial number 6-5, 15-2

statistics 14-6

summary 14-2

summary pane 9-3

tab 7-6

device annotation 9-16


device configuration screen, contact tab selected 6-

16

device configuration screen, general tab selected 6-4

device configuration screen, polling attributes tab selected 6-15

device contact information 6-16

device details 6-13

device listimporting 15-2

device list importaborting 15-3

��%��&��'��(�)��*��"�!� '@�1

��

�'�!��

device monitor 1-7, 9-4, 12-1

menu bar 12-2

toolbar 12-2

device monitor configure columns 12-3

device monitor menu bar 12-2

device monitor screen 12-1

device monitor tool bar 12-2

device monitor toolbar 12-2

device name list pane 6-11

device serial numberlocating 6-5

device serial numbers 6-5

device statistics 1-4

interface statistics 1-4

policy statistics 1-4

protocol distribution 1-4

device statistics reports 14-1

device statistics screen 9-18

device statistics window 14-6

device status 9-15, 14-11

device summary pane 9-13, 9-14, 9-16

device summary pane collapsed 9-15

device summary pane popup 9-17

device summary popup menu 9-11

devices 1-3, 1-8

adding 1-6, 6-2, 15-2

associated with DC 1-2

configuration 1-6, 6-11

contact information 6-1, 6-16

description 6-1, 6-13

details 6-13

group 1-2

IP address 4-17

management 1-6


monitoring 1-2

or vsys 10-10

requirements 1-8

serial number 4-17

statistics 1-6

tab 4-17, 4-19, 6-1, 6-2, 6-13, 7-6

troubleshooting A-3

type 4-17, 5-15

up/down 1-6

devices management screen 6-2

devices management screen, details tab selected 6-

13

devices or vsys 10-10

devices with annotation 9-11

displayfilter editor 10-21

display filter list pane 9-19

display filter list pane, right-click popup 9-20

display filters 9-4, 10-21

defined 10-1

displayingreports 14-6

displaying reports 14-6

dmz 14-24

document suite 0-xiv

drop downcalendar 10-10

drop down calendar 10-10

drop-down conjunction box 10-12

;editing


editordisplay filter 10-21

monitor filter 10-19

elements 1-1

e-mailalerts 1-2

emailattack alarms 3-8

disabling 3-9

events 3-9

misc. alarms 3-8

resend interval 3-8

retaining information 3-9

'@�2 ��

��

�'�!��

severity level 3-8, 3-9

traffic alarms 3-8

email event notification 3-7

email flush msg. interval 3-8

email notification 3-7

email notification tab 3-7

enablemap IP address 6-9

encryption 14-22

ethernet statistics 14-3, 14-24

chart 14-25

reports 1-7

table 14-26

ethernet statistics chart screen 14-25

ethernet statistics report dataalignment errors 14-26

broadcast out 14-26

bytes in 14-26, 14-28

bytes out 14-26, 14-28

crc errors 14-26

denied packets 14-28

dropped IP sec pkts 14-28

dropped packets 14-28

dropped url block 14-28

packets in 14-26, 14-28

packets out 14-26, 14-28

short frames 14-26

total connections 14-28

vlan in 14-28

vlan out 14-28

ethernet statistics summary report 14-1, 14-24

event 9-9, 14-35

event details 11-8

event details screen 11-8

event group 10-10

event group and event type 10-10

event monitor 1-7, 9-4, 11-1

event monitor menu bar 11-3

event monitor screen 11-1

event monitor tool bar 11-4

event monitor toolbar 11-4

event monitor viewer 11-2

event statistics 14-1

group 14-32

self logs 14-1

system alerts 14-1

traffic logs 14-1

event statistics group 14-32

event type 10-10

event typesexpand 10-10

event viewercache 9-5

events 1-4

events per email message 3-8

events per message 3-8

exceeds maximum allowable filters 10-3

expand/collapse user list 4-4, 4-13

export save dialog box 6-7

exportingdevice lists 15-2

reports 14-9

exporting device lists 6-7

3fault data 1-4, 1-5

attack alarms 1-5

miscellaneous alarms 1-5

traffic alarms 1-5

filter 1-7

conditions 10-8, 10-16

definition pane 10-9

description 10-13

name 10-8, 10-13

pane 10-8, 10-13

parameters 10-8, 10-9

toolbar 10-6

window 10-5

filter definition pane 10-8, 10-9

filter deletion confirmation 10-4

filter details pane 9-3

filter devices field 10-12

��%��&��'��(�)��*��"�!� '@�3

��

�'�!��

filter editor 1-6, 10-5, 10-11, 10-17

menu bar 10-6

toolbar 10-6

filter editor menu bar 10-6

filter editor panes 10-8

filter definition pane 10-8

filter pane 10-8

filter preview pane 10-8

filter editor toolbar 10-6

filter event field 10-12

filter list pane popup 10-3

filter pane 10-8

filter preview pane 10-8, 10-13

filter summary pane 9-21

filter tools 10-5

filtering capabilities 1-6

filters 1-6, 10-1

apply 1-6

applying 10-19, 10-20, 10-21

create 1-6

deleting 10-18

editor 1-6

modifying 10-17

parameters 10-17

firmware version 6-14

first occurrence 14-35

first-time configurationcustomers 7-2, 7-4

devices 6-5

groups 4-6

users 5-5

first-time customer configuration 7-4

first-time device configuration 6-5

first-time groups configuration 4-6

first-time users configuration 5-5

flow counters 14-25, 14-27

flow statistics 14-3, 14-27

chart 14-27

reports 1-7

summary report 14-1, 14-24, 14-27

table 14-28

flow statistics chart screen 14-27

ftp 14-33

�general 9-4

general tabgroups 4-1, 4-5

getting started 3-1

global managerrequirements 1-8

gmt time 9-10

graphical realtime reports 1-4

graphical summary displays 1-6

grip 10-6, 11-4

group list pane, expanded view 4-3

group management screen 4-2

group management screen with newly created group 4-6

group management screen, users tab selected 4-10

group member information 4-13

group member information screen 4-13

group name list pane 4-2

group user summary 4-4

groups 4-1

adding 4-5

assigning customers 4-1

assigning devices 4-1

creating 4-5

customer tab 4-14, 4-16

deleting 4-5

description 4-5

detailed view 4-2

details pane 4-2


modifying 4-5

nesting and expanding 4-3

privileges 4-12

groups screen, customer selected 4-16

groups screen, customer tab selected 4-15

groups screen, device selected 4-19

groups screen, device tab selected 4-18

'@�4 ��

��

�'�!��

&ha 14-16, 14-24

headers 14-8, 14-9

health details 8-2

hide device list 9-15

high availability 14-16, 14-24

high device cpu usage 14-35

hostname 3-3

server 3-3

hsb 9-7

hsb screen 9-8

http 14-16, 14-33

$icmp flood

defined 14-31

iconsall devices 10-12

all events 10-12

close 14-7

minimize 14-7


reduce 14-7

upper right corner 14-7

importcommand 15-2, 15-4

device list 15-2, 15-4

import open dialog box 6-8, 15-3

importingaborting 15-3

device data 15-3

device lists 15-2, 15-4

from global manager 15-3

from policy manager 15-2, 15-4

policy manager 15-3

importing device lists 6-8

importing device lists from a text file 15-4

importing device lists from policy manager 15-2

information logs 1-5, 14-11

information viewing 4-13

inheriting privileges 4-8, 5-12

initiallogin 3-3

user name 5-3

installation 2-1

components 2-4

process 2-4

requirements 2-4

restart ldap administration server A-5

installer 2-4

interface 14-26

interface information 14-11

interface name 14-28, 14-30

interfaces 14-16, 14-29

introduction 1-2

IP address 5-17

IP mapping 6-9

IP sec 14-22

IP sweepdefined 14-31

Cjvm free memory 8-1

?key 14-22

4land attack

defined 14-30

lans 1-2

lastevent 14-11

latency 14-22

occurrence 14-35

launch device statistics 9-17

launchingRealtime Monitor 15-2

launching realtime monitor 3-2

��%��&��'��(�)��*��"�!� '@��

��

�'�!��

launching the event monitor viewer 11-2

licenseagreement 2-4

life size 14-22

lifetime p1 14-22

lifetime p2 14-22

listavailable users 5-5

users 4-10

local address 14-22

local configuration file 3-3

local gateway ID 14-22

local gateway IP 14-22

locatingdevice serial number 6-5

log data 1-4

logging 14-32

traffic 14-32

login 3-4

screen 3-3

logs 1-5

configuration 14-11

configuration logs 1-5

information 14-11

information logs 1-5

self 1-7, 14-11

self logs 1-5

traffic 1-7, 14-11

traffic logs 1-5

low memory 14-35

)main screen 4-1

managed groups 4-1

management 14-16, 14-24

managingcustomers 1-6

devices 1-6

netscreen devices 1-6

role-based administrators 1-6

managing customers 7-1

managing devices 6-1

managing groups 4-1

managing users 5-1

mapped IP 6-9

master controller 1-5

see MCmaster controller IP address 3-3

max messages per minute 3-8

maximummemory usage 9-4, 9-5

number of events 9-4

number of records 9-5

MC 1-5, 1-6, 3-3, 15-2

host server 3-3

IP address 3-3

MCstroubleshooting A-1

menu bardevice monitor 12-2

misc. alarms 14-11

misc.alarms 3-9

miscellaneous alarms 1-5

modify active filters 10-3

modifyinga filter 10-17

customer information 7-3


filter 10-7

groups 4-8

users 5-1, 5-6

modifying a device 6-6

modifying filters 10-17

modifying groups 4-8

modifying users 5-6

monitor 14-22

buffer 9-4

console 9-1

console toolbar 9-13

monitor console 1-6, 9-3

monitor console button 3-13, 9-2

monitor console toolbar 9-13

'@�.� ��

��

�'�!��

monitor console with four filters 10-2

monitor filter 9-4, 10-19, 13-1

default definition 10-20

defined 10-1

editor 10-19

monitor filter editor 10-19

monitor filters 10-19

monitoringdevices 1-2

network 1-2

network traffic 1-2

role-based 1-2

views 1-6

more propertiesemail notification 3-7

multiple events 10-10

multiple reports 14-8, 14-9

cascade view 14-5

tiled view 14-5

�nest

users list 4-4, 4-13


netscreendevice requirements 1-8

devices 1-3

NetScreen devices A-3

netscreen devices 1-6, 1-8, 14-34

netscreen screenos 1-8

netscreen-global pro express suite 1-1

netscreen-global pro express web installation 2-4

netscreen-global pro policy manager 15-1

network operations centersee noc

network settingsdefaults on server 2-7

new groupdescription 4-5

new untitled group 4-7

new user, general tab 5-6

NOC 1-2

non-sequential devices 7-6

NS Global tab 3-1

number of events per email message 3-8

�obtaining

realtime reports 14-5

obtaining statistic reports 14-5

openfilter 10-6, 10-7

filter button 10-14, 10-16

operating system 1-8

operation mode 6-14

options 9-4

color mapping 9-4

event 9-4

general 9-4

options color mapping screen 9-6

options event screen 9-9

options general window 9-5

or clauses 10-8

other documents 0-xiv

out-of-sequence users 4-11

overview 1-1

p1 authentication 14-22

p1 status 14-22

p2 status 14-22

packets 14-13

in 14-17

out 14-17

rel % 14-15

panes 4-1

control 1-6

detailed view 4-1

group name list pane 4-2

��%��&��'��(�)��*��"�!� '@�..

��

�'�!��

password 5-4

changing 3-3

default 3-3

new 3-3

pauseno data lost 14-6

pause and play 14-6

pause button 14-6

pause/play 11-7, 12-4, 13-8

peer address 14-22

peer gateway ID 14-22

peer gateway IP 14-22

percentages 14-13

performance and fault related statistics 1-4

performance data 1-4

performance statistics and log data 1-4, 15-2

ping of deathdefined 14-30

play button 13-8, 14-6

policies 14-32

Policy 14-33

policy distribution 14-12

chart 14-12

table 14-13

policy distribution chart screen 14-13

policy distribution reports 1-7

policy distribution table screen 14-14

policy ID in/out 14-22

policy manager 15-1

importing device lists 15-2


policy statistics report 14-12

action 14-15

application/service 14-15

policy ID 14-15

total bytes 14-15

total connections 14-15

total packets 14-15

policy statistics tables 6-15

policy table polling interval 6-14

polling

attributes 6-5, 6-14

attributes tab 6-5, 6-14

polling attributes 6-14

polling interval 1-4

adjustable 1-4

polling intervals 1-6, 9-4

default 6-15

setting 6-14

pop-up menu 4-5, 5-3

deleting customers 7-5

popup menu in device summary pane 14-5

port number 14-16

port scandefined 14-31

preview panel 9-7

primary DC 15-1, 15-3, 15-4, A-3

primary DC IP addresses A-3

printbutton 14-10

command 14-10

printingreports 1-7, 14-9, 14-10

printing reports 14-10

privileges 1-6, 4-2, 4-12, 5-4, 5-13, 7-3

access 7-3

add/remove device/DC 4-5

add/remove device/DC/customers 5-4

administer database 4-5, 5-2, 5-4

assign 4-5

assign privileges 4-5, 5-2, 5-4

caveat 4-9

changing 5-11

create user/group 4-5, 5-2, 5-4

delete customers 5-4

delete DC 5-4

group 4-5, 4-8

inheriting 4-8, 4-9, 5-12

lowering 4-9

security issues 5-11

user 4-8

pro.admin.init A-2

'@�.� ��

��

�'�!��

pro.customer.authenticate A-2

pro.dc.init A-2

pro.mc.init A-1

profiles 3-3

property sheetsemail notification 3-7

protocol 1-4

protocol distribution 6-15, 14-3, 14-16

chart 14-7, 14-16

details 14-18

polling interval 6-14

table 14-18

protocol distribution chart 14-7

protocol distribution chart screen 14-17

protocol distribution report 14-12, 14-16

protocol name 14-18

total bytes in 14-18

total bytes out 14-18, 14-19

total packets in 14-19

total packets out 14-19

protocol distribution reports 1-7

protocol distribution table screen 14-18

protocol usage in percentages 14-17

protocols 14-16

=quick filter pop up 11-9

quick filters 10-1, 11-9

defined 10-1

�read and write check boxes 4-14, 4-17

read/write check boxes 4-14, 4-17, 5-13, 5-15, 5-17

defined 4-14, 4-17

read/write privileges 5-13, 5-15, 5-17

realtimemonitor console 1-8

reports 1-2

statistics 1-7

views 1-7

Realtime Monitorwindow 9-3

realtime monitoragent 1-3

realtime monitor architecture 1-3

realtime monitor components 1-3

realtime monitor console 1-6, 3-5, 9-1

realtime monitor menu bar 9-4

realtime monitor screen, added filters 10-14

realtime performance statistics 1-4

realtime reports 14-1

realtime reports menu bar 14-3

realtime reports toolbar 14-4

realtime reports window 14-2, 14-4, 14-10

receivinge-mail alert notification 1-2

refresh 14-3, 14-7

button 14-7

command 14-7

data 14-7

refreshing data 14-7

relational database 15-2

remote devices 1-6

removingall users from a group 4-12

customers from groups 4-14, 4-16

devices from group 6-17

devices from groups 4-19

users from groups 4-10

virtual system from this customer 7-9


removing customers from groups 4-16

removing devices from groups 4-19

removing multiple users from a group 4-12

removing users from groups 4-12

reorderingcolumns 12-4, 13-7

reordering columns 11-6, 12-4, 13-7

reportdirectory 14-9

formats 14-9

��%��&��'��(�)��*��"�!� '@�.

��

�'�!��

header 14-8, 14-9

periods 6-14

reports 1-6, 14-1, 14-10

active statistics 1-7

attack statistics 1-7

cascaded 14-5

displaying 14-6

ethernet statistics 1-7

event statistics 14-1

filter 1-7

flow statistics 1-7

obtaining 14-5


print 1-7

printing 14-10


realtime performance 1-2

saving 1-7, 14-9

self logs 1-7

sort 1-7

summary 1-7

system alert 1-7

system statistics group 14-1

tiled 14-5

toolbar 14-4

traffic logs 1-7

traffic statistics group 14-1

reports panes 14-4

reports toolbar 14-4

reports window 14-2, 14-10

requirements 2-4

system 1-8

resend interval 3-8

resizingcolumns 12-4, 13-7

resizing columns 11-6, 12-4, 13-7

restore default location 2-5

retrieving data 1-5

rgb 9-8

rgb screen 9-8

right-click in the device name list pane 6-3

role-basedadministration 1-6

administrators 1-6

monitoring 1-2

role-based administration 5-2, 5-8, 5-13

run netsetup script A-5

runtime troubleshooting A-4

rx collisions 14-26

�sample event log 11-3

savebutton 14-9

filter 10-6, 10-7

filter button 10-13

user name and IP address 3-4

save display filter 10-17

savingevent log files 13-7

filters 10-16

reports 1-7, 14-9

saving detail logs 13-7

saving event logs 11-7

saving filters 10-16

saving reports 14-9

secondary DC A-3

securityimplications 4-12, 5-12

issues 4-8, 4-12

security issues 4-8

security warnings 2-4

selectedcustomers 4-14, 5-13

devices 4-17, 7-7, 7-9

devices list 4-19

groups 5-11

systems 5-18

user information 4-13


virtual systems list 4-21

selecting multiple users 4-11

'@�.� ��

��

�'�!��

self 14-16

self log reports 1-7

self logs 1-5, 14-3, 14-11, 14-34

self logs reports 14-1, 14-32, 14-34

self logs table screen 14-34

sequentialdevices 7-6

users 4-11

serial number 5-15, 5-17, 6-4, 6-5, 15-2, 15-3

server 1-4

default network settings A-5

installation 2-1

uninterruptable power supply (ups) 2-1

service used 14-21

severity 14-35

chart 14-11

degrees 10-10

levels 9-5, 10-9

severity level 10-10

colors 9-6

email 3-8

severity levels 3-9

severity levels text box 10-13

single events 10-10

single report view 14-5

single reports 14-7

snmp 14-16

software version number 6-5

sorting 11-6, 12-4, 13-7

column items 12-4

columns 13-7

sorting users 5-9

source IP address 14-15, 14-23

source netmask 14-15

source routedefined 14-30

specified time 10-9

specify web browser 6-11

spi in 14-22

spi out 14-22

startingDC 3-2

MC 3-1

Realtime Monitor 15-2

startup time 6-14

statistics 1-4, 1-7

and logs 1-4



flow statistics 1-4

performance and fault related 1-4

performance and log data 1-4, 15-2


polling intervals 1-4


statistics and logs 1-4

status 15-3

status screen 15-3

summary 14-3, 14-35

summary report 14-10

summary reports 1-7, 14-1

summary views 9-10

swatches 9-6

swatches screen 9-7

syn attackdefined 14-30

systemhealth 1-6

requirements 1-8

system alert reports 1-7

system alerts 14-1, 14-3, 14-32, 14-35

system alerts table screen 14-35

system health 8-1

button 8-2

system health button 8-2

system health screen 8-2

system requirements 1-8

system statistics 14-24



flow statistics 14-24

��%��&��'��(�)��*��"�!� '@�.1

��

�'�!��

system statistics group 14-1, 14-24



flow statistics 14-1

�table 14-13, 14-18, 14-26, 14-28, 14-30

tables 6-1, 6-14


tabscontact info 5-5

customers 7-2

devices 6-2, 7-2

general 4-1, 7-2


tabular format 14-32

tcp/IP 1-4

tear drop attackdefined 14-30

telnet 14-16, 14-33

-test option A-1, A-2

the reports window 14-2

this report provides the following information 14-30

tile 14-3

tile command 14-8

tileddisplay in details pane 14-8

report views 14-8

reports 14-5

view 14-5

tiled display in details pane 14-8

tiling report views 14-8

time 10-9, 14-21, 14-23

time period 10-1

timestamp 10-1, 10-9

calendar 10-9

toggle buttons 10-10, 10-12

toolbar 11-4

detachable 10-6, 11-4

grip 11-4

monitor console 9-13

names 9-4

toolbarsdevice monitor 12-2

toolsabort query 9-4

options 9-4

traffic alarms 1-5, 3-9, 14-11

traffic log 14-32

traffic log reports 1-7

traffic logs 1-5, 14-3, 14-11, 14-32

traffic logs report dataapplication 14-33, 14-34

date 14-33

destination IP (address) 14-33, 14-34

duration 14-33, 14-34

policy ID 14-33

policy source 14-33

source IP (address) 14-33, 14-34

time 14-33, 14-34

traffic logs reports 14-32

traffic logs table screen 14-32

traffic statistics 14-11, 14-12

traffic statistics group 14-1, 14-12

active statistics 14-1



troubleshooting A-1

data collector A-2

devices A-3

master controller A-1

runtime A-4

trust 14-16, 14-24

tunnel 14-22

0udp flood

defined 14-31

undobutton 5-7

'@�.2 ��

��

�'�!��

uninstalling

client 2-6

Realtime Monitor 2-6

realtime monitor 2-6

uninstalling realtime monitor from windows 2-6

units 14-25, 14-28

untrust 14-16, 14-24

up/down

devices 1-6

update 10-7

update button 4-11

updated tables 1-5

user ID 14-23, 14-24

user name 3-3

default 3-3

user name and password 3-3

users 5-2

adding 5-3

adding to a group 4-10


deleting 5-7


tab 5-2

users configuration screen 5-4

users configuration screen, contact info tab selected 5-9

users configuration screen, customers tab selected 5-14

users configuration screen, devices tab selected 5-15

users configuration screen, groups tab selected 5-11

users management screen 5-2

users management screen, virtual systems tab 5-18

5version information 14-11

view active filters 10-1

viewing

group member information 4-13

single reports 14-7

viewing group member information 4-13

viewing single reports 14-7

viewing the realtime monitor console 3-5

virtual systems 4-20, 5-17, 7-8, 10-11, 10-12, 14-

28

assign to group 4-1

associating with customers 7-8

associating with users 5-17

information 14-11

tab 4-1, 5-18, 7-2, 7-8

VPN 13-1

type 14-22

VPN events screen 13-3

VPN monitor 1-7, 9-4, 13-1

menu bar 13-1

toolbar 13-2

VPN monitor menu bar 13-1

VPN monitor screen 13-1

VPN monitor tool bar 13-2

VPN monitor toolbar 13-2

VPN tunnels A-3

status 13-1

vsys 10-10

see virtual systems

/wans 1-2

web installation 2-3

webUI A-3

webui 3-1, 6-5, 6-11, 15-1, 15-2

device serial number 6-5

launching 6-11

window

Realtime Monitor Console 9-3

winnuke

defined 14-31

write check boxes

defined 4-14, 4-17

��%��&��'��(�)��*��"�!� '@�.3

��

�'�!��

'@�.4 ��

��

netscreen-global pro express realtime monitor ... · netscreen-global pro express product, or any...

Documents