Manageability problems

Started by ganeshbala, Apr 28, 2009, 01:51 PM

Previous topic - Next topic

ganeshbala

Manageability problems

Our woes with Network and Security Manager began when we tried to use it to manage the SRX 5800. With eight years of experience using NSM in Opus One's labs, we were looking forward to the unification of JunOS and ScreenOS management. We started out needing to change IP addresses, a common enough task. For a ScreenOS system, this takes three clicks: two clicks to see a summary interfaces and IP addresses, and third to begin editing.

The SRX 5800 was not so simple. It's impossible to get something as simple as a list of interfaces and their IP addresses. You have to find the physical interface, and then click through a series of submenus just to find out what the IP address is -- nine of them. And if you know the IP address but can't remember which port it's connected to, you might as well give up and use the command line to figure it out, since NSM would make you click through eight levels of menus just to see each IP address.

Where NSM does excel is in security policy definition. We were relieved to see that the normal NSM tools for creating and editing policy could be applied to the SRX 5800 – that is, until we tried to turn on network address translation (NAT). Now, you can turn on NAT in the security policy and push that policy with NSM, but it doesn't actually do anything on the firewall. No error message, no warning and no NAT neither. We only discovered NAT wasn't working when we started doing packet dumps to debug a different problem.

The SRX 5800 does support NAT, but you have to go back to the nine-levels-deep style of configuration. The experience is about as pleasant as poking values into an SNMP-managed switch by hand — and, of course, about as error-prone and difficult to document. We ended up using shortcuts provided by Juniper's engineers, putting the NAT configuration in using the JunOS command line, and then re-importing the device into NSM.

Source : networkworld