Identity-Based Traffic Logging and Reporting



Similar documents
Identity-Based Application and Network Profiling

Limitation of Riverbed s Quality of Service (QoS)

IF-MAP FEDERATION WITH JUNIPER NETWORKS UNIFIED ACCESS CONTROL

JUNOScope IP Service Manager

Juniper Networks Solution Portfolio for Public Sector Network Security

Network and Security. Product Description. Product Overview. Architecture and Key Components DATASHEET

Configuring and Implementing A10

WXOS 5.5 SSL Optimization Implementation Guide for Configuration and Basic Troubleshooting

MIGRATING IPS SECURITY POLICY TO JUNIPER NETWORKS SRX SERIES SERVICES GATEWAYS

Meeting PCI Data Security Standards with Juniper Networks Security Threat Response Manager (STRM)

After you have created your text file, see Adding a Log Source.

Setting up an icap Server for ISG- 1000/2000 AV Support

PERFORMANCE VALIDATION OF JUNIPER NETWORKS SRX5800 SERVICES GATEWAY

NETWORK AND SECURITY MANAGER

TECHNICAL NOTE SETTING UP A STRM UPDATE SERVER. Configuring your Update Server

VMWARE VIEW WITH JUNIPER NETWORKS SA SERIES SSL VPN APPLIANCES

Juniper Networks Solution Portfolio for Public Sector Network Security

Monitoring Network Traffic Using sflow Technology on EX Series Ethernet Switches

Using Multicast Call Admission Control for IPTV Bandwidth Management

MONITORING NETWORK TRAFFIC USING sflow TECHNOLOGY ON EX SERIES ETHERNET SWITCHES

Migrating Log Manager to JSA

Deploying IP Telephony with EX-Series Switches

NETWORK AND SECURITY MANAGER APPLIANCES (NSMXPRESS AND NSM3000)

CONFIGURATION OPTIONS FOR HARDWARE RULE SEARCH (RMS) AND SOFTWARE RULE SEARCH (SWRS)

PRODUCT CATEGORY BROCHURE. Juniper Networks SA Series

Juniper Networks Education Services

Optimizing VoIP Applications with Juniper Networks EX3200 and EX4200 Line of Ethernet Switches

Secure, Mobile Access to Corporate , Applications, and Intranet Resources

Web Filtering For Branch SRX Series and J Series

Juniper Networks Unified Access Control (UAC) and EX-Series Switches

Implementing Firewalls inside the Core Data Center Network

Unless otherwise noted, all references to STRM refer to STRM, STRM Log Manager, and STRM Network Anomaly Detection.

PRODUCT CATEGORY BROCHURE

Juniper Networks Management Pack Documentation

NSM Plug-In Users Guide

This technical note provides information on how to customize your notifications. This section includes the following topics:

Juniper Networks Unified Access Control (UAC) and EX-Series Switches

Unless otherwise noted, all references to STRM refer to STRM, STRM Log Manager, and STRM Network Anomaly Detection.

Integrating Juniper Netscreen (ScreenOS)

WEB FILTERING FOR BRANCH SRX SERIES AND J SERIES

Implementation Consulting

SoLuTIoN guide. CLoud CoMPuTINg ANd ThE CLoud-rEAdy data CENTEr NETWork

TECHNICAL NOTE INSTALLING AND CONFIGURING ALE USING A CLI. Installing the Adaptive Log Exporter

Meeting PCI Data Security Standards with

SECURE ACCESS TO THE VIRTUAL DATA CENTER

Voice Modules for the CTP Series

Configuring and Deploying the Dynamic VPN Feature Using SRX Series Services Gateways

J-Flow on J Series Services Routers and Branch SRX Series Services Gateways

DEPLOYING IP TELEPHONY WITH EX SERIES ETHERNET SWITCHES

Increase Simplicity and Improve Reliability with VPLS on the MX Series Routers

Juniper Secure Analytics

Junos Pulse Mobile Security Dashboard. User Guide. Release 4.2. February 2013 Revision , Juniper Networks, Inc.

Junos Pulse. Windows In-Box Junos Pulse Client Quick Start Guide. Published: Copyright 2013, Juniper Networks, Inc.

Product Description. Product Overview

Getting Started Guide

By default, STRM provides an untrusted SSL certificate. You can replace the untrusted SSL certificate with a self-signed or trusted certificate.

STRM Log Manager Administration Guide

Juniper Secure Analytics

Network Configuration Example

Introduction to Junos Space Network Director

Integrating Continuity of Operations (COOP) into the Enterprise Architecture

Juniper Networks WX Series Large. Integration on Cisco

Juniper Secure Analytics

Registered Trademarks and Proprietary Names

Deploy secure, corporate access for mobile device users with the Junos Pulse Mobile Security Suite

Reasons Enterprises. Prefer Juniper Wireless

AlienVault. Unified Security Management 5.x Configuring a VPN Environment

SSL Insight Certificate Installation Guide

Junos Space. Junos Space Security Director Restful Web Services API Reference. Modified: Copyright 2016, Juniper Networks, Inc.

Junos Space Security Director

The dramatic growth in mobile device malware. continues to escalate at an ever-accelerating. pace. These threats continue to become more

Registered Trademarks and Proprietary Names

Electronic Fulfillment of Feature, Capacity and Subscription License Activation Keys via the License Management System (LMS)

ADMINISTRATOR S GUIDE

How to integrate Verax NMS & APM with Verax Service Desk

Interoperability Test Results for Juniper Networks EX Series Ethernet Switches and NetApp Storage Systems

Adaptive Log Exporter Users Guide

StarWind iscsi SAN Software: Installing StarWind on Windows Server 2008 R2 Server Core

How to Install CoSign Connector for SharePoint

ENTERPRISE SOLUTION FOR DIGITAL AND ANALOG VOICE TRANSPORT ACROSS IP/MPLS

Solution Brief. Migrating to Next Generation WANs. Secure, Virtualized Solutions with IPSec and MPLS

Unless otherwise noted, all references to STRM refer to STRM, STRM Log Manager, and STRM Network Anomaly Detection.

Integrating with IBM Tivoli TSOM

Junos Space. Service Now User Guide. Release Published: Copyright 2013, Juniper Networks, Inc.

Velocity Web Services Client 1.0 Installation Guide and Release Notes

Security That Ensures Tenants Do Not Pose a Risk to One Another In Terms of Data Loss, Misuse, or Privacy Violation

Virtual Private LAN Service (VPLS)

FTP Server Configuration

Juniper Secure Analytics

Transcription:

Application Note Identity-Based Traffic Logging and Reporting Using UAC in Conjunction with NSM and Infranet Enforcers to Give Additional, User-Identified Visibility into Network Traffic Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, California 94089 USA 408.745.2000 1.888 JUNIPER www.juniper.net Part Number: 350114-001 Nov 2007

Table of Contents Introduction... 3 Scope.... 3 Design Considerations... 3 Description and Deployment Scenario... 3 Summary..................................................................... 10 About Juniper Networks... 10 2 Copyright 2007, Juniper Networks, Inc.

Introduction Scope The combination of Juniper Networks Unified Access Control (UAC) and Juniper Networks NetScreen-Security Manager (NSM) gives you a more enlightening look at your network traffic. With the addition of an Infranet Controller to an existing Juniper firewall deployment, network traffic can be easily identified by the user who created it. Previously, network traffic was identified strictly by a combination of IP addresses and ports. The identity of the user responsible for the network traffic was difficult to obtain without a significant correlation effort. Now traffic within the NSM traffic log can be tagged with the username and roles of the user who generated that traffic. This application note will describe how to configure NSM and the Infranet Enforcers to provide user-identified traffic logs and UAC-specific reports. Design Considerations To generate identity-based traffic logs, you need the following: Hardware Requirements Server platform capable of running NSM version 2007.2R1 or greater (or NSMXpress appliance) Infranet Enforcer(s) capable of running ScreenOS version 6.0.0R1 or greater Infranet Controller models IC4000 or IC6000 Software Requirements Description and Deployment Scenario NetScreen-Security Manager version 2007.2R1 or greater ScreenOS version 6.0.0R1 or greater Infranet Controller version 2.0R3 or greater In order to use this new feature, you must complete a couple of steps. First and perhaps most obvious, any Infranet Enforcers for which you want to see profiling information must be under the control of NSM. To add an Infranet Enforcer to NSM, use the NSM Graphical User Interface (GUI) and navigate to Device Manager > Security Devices (Figure 1). From there, click the + sign to add a device. Then simply follow the Add Device wizard to add the Infranet Enforcer to NSM. Figure 1: Add Device Copyright 2007, Juniper Networks, Inc. 3

Once added to NSM, the Infranet Enforcer should appear under the list of Security Devices. You can verify the device s operational state by mousing over the device icon in the NSM GUI (Figure 2). Figure 2: Device Operational Status Once NSM has successfully connected to the Infranet Enforcer, you need to enable traffic logging on the Infranet Enforcer. This can be accomplished either through the enforcer Web interface or the command line. In the Web interface, navigate to Configuration > Admin > NSM and check the Traffic Logs checkbox (Figure 3). Click the Apply button to save the changes. The CLI command to perform the same function is: set nsmgmt report log traffic enable. Figure 3: Enforcer NSM Configuration 4 Copyright 2007, Juniper Networks, Inc.

In addition to enabling the traffic logs, you must enable logging on any Infranet policy for which you want traffic data captured to NSM. Again, this can be accomplished either through the enforcer Web interface or the command line. In the Web interface, navigate to Policies, click on the Edit link for the Infranet policy you wish to change, click the checkbox next to Logging, and then click OK. Your Infranet policies should show the blue Logging icon in the Options column. In the CLI, add the log keyword to all Infranet policies as in: set policy id 9 from Trust to hr Any Any ANY permit infranet-auth log. Figure 4: Enforcer Logging Policies In Infranet Controller software version 2.1 and above, there is a configuration option on the controller that can prevent logging from taking place. Under the UAC > Infranet Enforcer > Resource Access > [POLICY] > ScreenOS Options section, you have the ability to configure which ScreenOS policy options will be enabled on the Infranet Enforcer. If you were to select the options as shown in Figure 5, no logging would take place for any resource to which this policy applies. This can be quite confusing because logging appears to be enabled on the Infranet Enforcer, but will be subsequently disable by the controller. Figure 5: ScreenOS Options Configuration That completes the configuration for getting the traffic logs into NSM. In order to see the additional information provided by UAC, you will need to create a custom Traffic Log Viewer (or you could modify the existing one). To create a new Log Viewer, navigate within NSM to Log Viewer > Predefined > 5-Traffic, right-click and select Save As Figure 6: Log View Creation Copyright 2007, Juniper Networks, Inc. 5

In the Save View dialog box, enter a new name (Infranet Traffic) for the view and save the view to the Others folder. Figure 7: Saving the Log View After creating the view, navigate to the Log Viewer > Others and click on Infranet Traffic. You will see a traffic log identical to the predefined one that you just copied. It s now time to make modifications to the view so that you can see the additional information. At the top of the NSM window, go to the View menu and select Choose Columns Figure 8: Choose Columns In the Column Settings dialog box, scroll down to the bottom and check the box next to Roles and User. For both Roles and User, select them and click Move Up several times until User is just below Alert and Roles is just below User, then click OK. You can, of course, customize this view any way you want, but the User and Roles columns are the information we re trying to get at. 6 Copyright 2007, Juniper Networks, Inc.

Figure 9: Add User Column Your Infranet Traffic log view should now look something like the picture below. The User column will reflect the username of the person who generated the traffic associated with that particular log entry, and the Roles column will show the UAC roles to which that user was mapped. Figure 10: Infranet Traffic Log Copyright 2007, Juniper Networks, Inc. 7

In addition to the username and role correlation in the traffic logs, there are three additional canned UAC reports available in NSM. To find these reports, navigate to Report Manager > UAC Reports. Figure 11: UAC Reports This is the Time Graph of UAC Session Logs. October 9th was an especially busy day compared to the others. Figure 12: Time Graph of UAC Sessions 8 Copyright 2007, Juniper Networks, Inc.

Below is the Top 20 Destinations for UAC Logs. There are two local protected resources (172.33.1.1 and 172.32.1.1), and the rest is Internet traffic. Figure 13: Top 20 Destinations for UAC Finally there is the Top 20 Enforcers (Devices) for UAC Logs report. With only two enforcers configured, this isn t a very impressive report, but becomes more useful the more enforcers it is reporting on. Figure 14: Top 20 Enforcers for UAC Copyright 2007, Juniper Networks, Inc. 9

Summary Following the examples in this application note and using the latest versions of NSM, Infranet Enforcers and UAC, you can now identify, track and report on network traffic by user and user role. About Juniper Networks Juniper Networks, Inc. is the leader in high-performance networking. Juniper offers a highperformance network infrastructure that creates a responsive and trusted environment for accelerating the deployment of services and applications over a single network. This fuels highperformance businesses. Additional information can be found at www.juniper.net. CORPORATE HEADQUARTERS AND SALES HEADQUARTERS FOR NORTH AND SOUTH AMERICA Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA 94089 USA Phone: 888.JUNIPER (888.586.4737) or 408.745.2000 Fax: 408.745.2100 www.juniper.net EUROPE, MIDDLE EAST, AFRICA REGIONAL SALES HEADQUARTERS Juniper Networks (UK) Limited Building 1 Aviator Park Station Road Addlestone Surrey, KT15 2PG, U.K. Phone: 44.(0).1372.385500 Fax: 44.(0).1372.385501 EAST COAST OFFICE Juniper Networks, Inc. 10 Technology Park Drive Westford, MA 01886-3146 USA Phone: 978.589.5800 Fax: 978.589.0800 ASIA PACIFIC REGIONAL SALES HEADQUARTERS Juniper Networks (Hong Kong) Ltd. 26/F, Cityplaza One 1111 King s Road Taikoo Shing, Hong Kong Phone: 852.2332.3636 Fax: 852.2574.7803 Copyright 2007 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. JUNOS and JUNOSe are trademarks of Juniper Networks, Inc. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. To purchase Juniper Networks solutions, please contact your Juniper Networks sales representative at 1-866-298-6428 or authorized reseller. 10

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information