Juniper

JunOS M/MX

Dashboard Widgets

General (General overview of the system)

Cleanup (Summary of the number of rules that are disabled, fully shadowed, or have not been hit in the past year)

USP Compliance (The number of rules with violations, according to their severity level)

Audit (The number of rules with expired access or will have access expire within the next month)

Recent Changes (Rules and devices with changes in the past 30 days)

Browsers

Rule Viewer (see Rule Viewer)

Object Lookup (See Object Lookup)

USP Viewer (see USP Viewer)

USP Alert Manager Viewer (see USP Alerts Manager)

USP Exceptions Viewer (see USP Exceptions)

Changes (see Change Browser)

Cleanup (see Cleanup Browser)

Device Viewer (see Device Viewer)

Change Management

Change Management (Policy and Side-by-Side policy change comparison in the Compare tab, Comparison report, and New Revision report)

Display IPv6 objects

Graphical Policy (Policies are displayed in SecureTrack as they are shown in the vendor's management software)

Real-time Monitoring (Regularly automatically fetches policy information from the device)

Create SecureChange ticket from Rule Viewer for:

  • Rule Decommission (Removes selected rules from supported devices)

  • Rule Recertification(Used to document and verify the need for a rule)

Topology

Static Topology

Dynamic Topology

Calculate impact of NAT rules

Calculate impact of VPN policies

Notes for JunOS M/MX

  • Accountability, Rule and Object Usage, IPv6 objects logical systems are not supported.

  • Topology and dynamic topology (with MPLS L3 VPNs) are supported on standalone MX routers.

JunOS SRX

Dashboard Widgets

General (General overview of the system)

Cleanup (Summary of the number of rules that are disabled, fully shadowed, or have not been hit in the past year)

USP Compliance (The number of rules with violations, according to their severity level)

Audit (The number of rules with expired access or will have access expire within the next month)

Recent Changes (Rules and devices with changes in the past 30 days)

Browsers

Rule Viewer (see Rule Viewer)

Object Lookup (See Object Lookup)

USP Viewer (see USP Viewer)

USP Alert Manager Viewer (see USP Alerts Manager)

USP Exceptions Viewer (see USP Exceptions)

Changes (see Change Browser)

Cleanup (see Cleanup Browser)

Device Viewer (see Device Viewer)

Change Management

Rule and Object Usage Report (Displays statistics for most-used, least-used, and unused rules and objects)

Change Management (Policy and Side-by-Side policy change comparison in the Compare tab, Comparison report, and New Revision report)

Full Accountability (Details of the revision, including who made the revision and when)

Display IPv6 objects

Graphical Policy (Policies are displayed in SecureTrack as they are shown in the vendor's management software)

Change Window (see View and Update a Change Window)

Real-time Monitoring (Regularly automatically fetches policy information from the device)

Create SecureChange ticket from Rule Viewer for:

  • Rule Decommission (Removes selected rules from supported devices)

  • Rule Modification (Receives rules from the Rule Viewer and lets you create a ticket in SecureChange for a handler to update firewall rules for supported devices)

  • Rule Recertification(Used to document and verify the need for a rule)

Automatic Policy Generation (APG) (Analyzes firewall logs to determine actual business practices, and creates an optimized rulebase that limits traffic allowance to traffic actually used in the organization)

Topology

Static Topology

Dynamic Topology

Calculate impact of NAT rules

Calculate impact of VPN policies

Path analysis with IPv6 addresses in source and destination

Notes for JunOS SRX

  • NAT rules and display of IPv6 objects are supported for directly-monitored SRX firewalls only.

  • Topology supports routes with a VR as the next hop.

  • Provisioning is not supported for global rules. Designer provides manual suggestions only.

NetScreen

Dashboard Widgets

General (General overview of the system)

Cleanup (Summary of the number of rules that are disabled, fully shadowed, or have not been hit in the past year)

USP Compliance (The number of rules with violations, according to their severity level)

Audit (The number of rules with expired access or will have access expire within the next month)

Recent Changes (Rules and devices with changes in the past 30 days)

Browsers

Rule Viewer (see Rule Viewer)

Object Lookup (See Object Lookup)

USP Viewer (see USP Viewer)

USP Alert Manager Viewer (see USP Alerts Manager)

USP Exceptions Viewer (see USP Exceptions)

Changes (see Change Browser)

Cleanup (see Cleanup Browser)

Device Viewer (see Device Viewer)

Change Management

Rule and Object Usage Report (Displays statistics for most-used, least-used, and unused rules and objects)

Change Management (Policy and Side-by-Side policy change comparison in the Compare tab, Comparison report, and New Revision report)

Full Accountability (Details of the revision, including who made the revision and when)

Display IPv6 objects

Graphical Policy (Policies are displayed in SecureTrack as they are shown in the vendor's management software)

Change Window (see View and Update a Change Window)

Real-time Monitoring (Regularly automatically fetches policy information from the device)

Create SecureChange ticket from Rule Viewer for:

  • Rule Decommission (Removes selected rules from supported devices)

  • Rule Modification (Receives rules from the Rule Viewer and lets you create a ticket in SecureChange for a handler to update firewall rules for supported devices)

Topology

Static Topology

Dynamic Topology

Calculate impact of NAT rules

Calculate impact of VPN policies

Supported Devices - NetScreen

SSG 6.3
ISG 6.3 (All versions include Virtual Systems)

Notes for all Juniper Devices

  • IPv6 objects display is not supported.

  • Routing information is not collected from virtual routers; Support the Expired Rules report.

  • ISG series:

    • Vsys devices when managed by Juniper NSM can be included in rule usage report, APG, and unused objects cleanup.

    • Rule usage is supported only when syslogs are sent from NSM.