Juniper Security Director User Guide

: August 20, 2024
: JUNIPer

Table of Contents

Security Director
Specifications:
Product Information:
Product Usage Instructions:
1. Security Director Installation Overview:
Q: Is Security Director compatible with all Juniper Networks
Q: How often should Security Director be updated?

Security Director

“`html

Specifications:

Product Name: Security Director
Manufacturer: Juniper Networks, Inc.
Published Date: 2024-06-27
Website: www.juniper.net

Product Information:

The Security Director is a network security infrastructure
management application developed by Juniper Networks, designed to
help network operators and administrators in installing,
configuring, and managing their network security
infrastructure.

Product Usage Instructions:

1. Security Director Installation Overview:

Follow the steps outlined below to install and upgrade the
Security Director application:

Set Up a Junos Space Virtual Appliance for Security

Director:

Log in to Junos Space using the default username ‘super’ and
password ‘juniper123’.
Click the ‘+’ icon next to Administration to expand the
Administration menu.
Click Applications to list all installed applications.
Note the version of the Junos Space Network Management Platform
or the Network Application.

Upgrade Junos Space Network Management Platform:

Follow the specific instructions provided in the related
documentation to upgrade the Junos Space Network Management
Platform.

Install Security Director:

Proceed with the installation of Security Director as per the
installation guide provided.

Upgrade Security Director:

If upgrading an existing Security Director installation, follow
the upgrade instructions provided in the guide.

Junos Space Store Overview:

Get an overview of the Junos Space Store for additional
applications and upgrades.

Install and Upgrade Security Director from the Junos Space

Store:

Refer to the specific instructions in the guide for installing
and upgrading Security Director from the Junos Space Store.

FAQ:

Q: Is Security Director compatible with all Juniper Networks

products?

A: Security Director is designed to work seamlessly with Juniper
Networks products. However, it’s recommended to check for specific
compatibility requirements based on your network setup.

Q: How often should Security Director be updated?

A: It is advised to regularly check for updates and upgrade
Security Director as necessary to ensure optimal performance and
security of your network infrastructure.

“`

Security Director
Security Director Installation and Upgrade Guide
Published
2024-06-27

ii
Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, California 94089 USA 408-745-2000 www.juniper.net
Juniper Networks, the Juniper Networks logo, Juniper, and Junos are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered marks, or registered service marks are the property of their respective owners.
Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
Security Director Security Director Installation and Upgrade Guide Copyright © 2024 Juniper Networks, Inc. All rights reserved.
The information in this document is current as of the date on the title page.
YEAR 2000 NOTICE
Juniper Networks hardware and software products are Year 2000 compliant. Junos OS has no known time-related limitations through the year 2038. However, the NTP application is known to have some difficulty in the year 2036.
END USER LICENSE AGREEMENT
The Juniper Networks product that is the subject of this technical documentation consists of (or is intended for use with) Juniper Networks software. Use of such software is subject to the terms and conditions of the End User License Agreement (“EULA”) posted at https://support.juniper.net/support/eula/. By downloading, installing or using such software, you agree to the terms and conditions of that EULA.

iii

Table of Contents

About This Guide | iv

1

Installing and Upgrading Security Director

Security Director Installation Overview | 2

Set Up a Junos Space Virtual Appliance for Security Director | 4

Upgrade Junos Space Network Management Platform | 4

Install Security Director | 5

Upgrade Security Director | 6

Junos Space Store Overview | 11

Install and Upgrade Security Director from the Junos Space Store | 12

iv
About This Guide
Use this guide to install and upgrade Security Director application, set up Log Collector, add Log Collector to Security Director, and upgrade Log Collector.

1 CHAPTER
Installing and Upgrading Security Director
Security Director Installation Overview | 2 Set Up a Junos Space Virtual Appliance for Security Director | 4 Upgrade Junos Space Network Management Platform | 4 Install Security Director | 5 Upgrade Security Director | 6 Junos Space Store Overview | 11 Install and Upgrade Security Director from the Junos Space Store | 12

2
Security Director Installation Overview
IN THIS SECTION Intended Audience | 3
Security Director is a Junos Space management application designed to enable quick, consistent, and accurate creation, maintenance, and application of network security policies. It is a powerful and easyto-use solution that lets you secure your network by creating and publishing firewall policies, IPsec VPNs, NAT policies, IPS policies, and application firewalls. Before you install Security Director, you must configure the Junos Space Appliance as a Junos Space node. You can install Security Director on Junos Space Virtual Appliance. The Junos Space virtual appliance consists of preconfigured Junos Space Network Management Platform software with a built-in operating system and application stack that is easy to deploy, manage, and maintain. You must deploy the virtual appliance on a VMware ESX server, VMware ESXi server, or a KVM server which provides a CPU, hard disk, RAM, and a network controller, but requires installation of an operating system and applications to become fully functional. For information about installing Junos Space virtual appliances on a VMware ESX server, VMware ESXi server, or KVM server, see the Junos Space Virtual Appliance Installation and Configuration Guide. Figure 1 on page 3 shows the Security Director installation and upgrade flow.

3 Figure 1: Security Director Installation and Upgrade Flow
Intended Audience
This document is intended for network operators and administrators who install, configure, and manage the network security infrastructure. RELATED DOCUMENTATION
Set Up a Junos Space Virtual Appliance for Security Director | 4

4
Set Up a Junos Space Virtual Appliance for Security Director
The Junos Space virtual appliance consists of preconfigured Junos Space Network Management Platform software with a built-in operating system and application stack that is easy to deploy, manage, and maintain. For more information on installing Junos Space virtual appliance, see Junos Space Virtual Appliance Installation and Configuration Guide. You must set up the Junos Space virtual appliance to run as a Junos Space node. After you deploy a Junos Space virtual appliance, you must enter basic network and machine information to make your Junos Space virtual appliance accessible on the network. For complete configuration steps, see Configuring a Junos Space Virtual Appliance as a Junos Space Node.
RELATED DOCUMENTATION Security Director Installation Overview | 2
Upgrade Junos Space Network Management Platform
Junos Space Security Director Release can be installed or upgraded only on the supported Junos Space Network Management Platform Release. For example, Security Director Release 24.1R1 is supported only on Junos Space Network Management Platform Release 24.1R1. If your appliance is running the supported version of Junos Space, you can skip this procedure and begin installation of Security Director. For information on supported version of Junos Space Network Management Platform for Security Director, see “Upgrade Security Director” on page 6. If your appliance is running a Junos Space Network Management Platform release that is earlier than the supported release, you need to upgrade Junos Space Network Management Platform before upgrading Security Director. To upgrade your Junos Space Network Management Platform: 1. Determine the installed Junos Space Network Management Platform version:
a. Log in to Junos Space. The default username is super and password is juniper123. The Dashboard is displayed.

5
Change the default credentials, when prompted. b. Click the + icon next to Administration to expand the Administration menu. c. Click Applications to list all of the applications installed. d. Note the version of the Junos Space Network Management Platform or the Network Application
Platform. (Some earlier versions of the Network Management Platform were named Network Application Platform.) If the currently installed release is a supported one, you can skip the upgrade procedure; if not, you must upgrade the Junos Space Network Management Platform to the supported release. 2. Upgrade Junos Space Network Management Platform using the procedure at Upgrading to Junos Space Network Management Platform Release 24.1R1.
NOTE: For more information about application compatibility, see the Knowledge Base article KB27572 at Junos Space Application Compatibility .
RELATED DOCUMENTATION Set Up a Junos Space Virtual Appliance for Security Director | 4
Install Security Director
In Junos Space Security Director, a single image installs Security Director, Log Director, and the Security Director Logging and Reporting modules. You must deploy the Log Collector and then add it to the Security Director to view the log data in the Dashboard, Events and Logs, Reports, and Alerts pages.
NOTE: Both JSA as Log Collector and Security Director Insights as Log Collector cannot be added together.
NOTE: Upgrade to the supported release of Junos Space Network Management Platform Release. See “Upgrade Junos Space Network Management Platform” on page 4.
To install the Junos Space Security Director:

6
CAUTION: You must install the Junos Space 24.1R1 hot patch v1 before installing or upgrading Junos Space Security Director application.
1. Download the Junos Space Security Director Release image from the download site. 2. Install the Security Director application using the procedure at Adding a Junos Space Application.
NOTE: The applogic service restarts after the application installation job is successful.
RELATED DOCUMENTATION Upgrade Junos Space Network Management Platform | 4 Upgrade Security Director | 6 Junos Space Store Overview | 11 Install and Upgrade Security Director from the Junos Space Store | 12
Upgrade Security Director
Before You Begin · If you are upgrading from a previous version of Security Director, clear your browser cache before
accessing the Security Director user interface. · Back up Junos Space Security Director Release that you want to upgrade. You must take the backup
before upgrading Junos Space Network Management Platform. Backing up the Junos Space Network Management Platform database before the upgrade helps you to recover the data if the upgrade fails. See Backing Up the Junos Space Network Management Platform Database. · You must upgrade to the supported Junos Space Network Management Platform Release, before you upgrade the Security Director, Log Director, and Security Director Logging and Reporting modules. See “Upgrade Junos Space Network Management Platform” on page 4. · The Junos Space Network Management Platform should be active and functioning. You can upgrade from a previous Security Director release to the latest Security Director release.

7

NOTE: The Required Platform Version column in Table 1 on page 7 indicates the supported Junos Space Network Management Platform version. Before upgrading Security Director, ensure that the system is running the supported Junos Space Network Management Platform version. See “Upgrade Junos Space Network Management Platform” on page 4.

Table 1: Upgrade Path
CAUTION: You must install the Junos Space 24.1R1 hot patch v1 before installing or upgrading Junos Space Security Director application.

Upgrading to Release

Required Platform Version

Upgrade Path

Description

Security Director 24.1R1

24.1R1

· 23.1 > 24.1R1

You can upgrade from the following releases:
· Junos Space Network Management Platform Release 23.1R1 and Security Director Release 23.1R1

Security Director 23.1R1

23.1R1

· 22.3 > 23.1R1 · 22.2 > 23.1R1

You can upgrade from the following releases:
· Junos Space Network Management Platform Release 22.3R1 and Security Director Release 22.3R1
· Junos Space Network Management Platform Release 22.2R1 and Security Director Release 22.2R1

Security Director 22.3R1

22.3R1

· 22.2 > 22.3 · 22.1 > 22.3

You can upgrade from the following releases:
· Junos Space Network Management Platform Release 22.2R1 and Security Director Release 22.2R1
· Junos Space Network Management Platform Release 22.1R1 and Security Director Release 22.1R1

8

Table 1: Upgrade Path (Continued)

Upgrading to Release

Required Platform Version

Upgrade Path

Description

Security Director 22.2R1

22.2R1

· 22.1 > 22.2 · 21.3 > 22.2

You can upgrade from the following releases:
· Junos Space Network Management Platform Release 22.1R1 and Security Director Release 22.1R1
· Junos Space Network Management Platform Release 21.3R1 and Security Director Release 21.3R1

Security Director 22.1R1

22.1R1

· 21.2 > 22.1 · 21.3 > 22.1

You can upgrade from the following releases:
· Junos Space Network Management Platform Release 21.2R1 and Security Director Release 21.2R1
· Junos Space Network Management Platform Release 21.3R1 and Security Director Release 21.3R1

Security Director 21.3R1

21.3R1

· 21.1 > 21.3 · 21.2 > 21.3

You can upgrade from the following releases:
· Junos Space Network Management Platform Release 21.1R1 and Security Director Release 21.1R1
· Junos Space Network Management Platform Release 21.2R1 and Security Director Release 21.2R1

Security Director 21.2R1

21.2R1

· 21.1R1 > 21.2R1

You can upgrade from the following releases:
· Junos Space Network Management Platform Release 21.1R1 and Security Director Release 21.1R1

9

Table 1: Upgrade Path (Continued)

Upgrading to Release

Required Platform Version

Upgrade Path

Description

Security Director 21.1R1

21.1R1

· 20.3R1 > 21.1R1

You can upgrade from the following releases:
· Junos Space Network Management Platform Release 20.3R1 and Security Director Release 20.3R1

Security Director 20.3R1

20.3R1

· 19.3R1 > 20.3R1 · 19.4R1 > 20.3R1 · 20.1R1 > 20.3R1

You can upgrade from the following releases:
· Junos Space Network Management Platform Release 19.3R1 and Security Director Release 19.3R1
· Junos Space Network Management Platform Release 19.4R1 and Security Director Release 19.4R1
· Junos Space Network Management Platform Release 20.1R1 and Security Director Release 20.1R1

Security Director 20.1R1

20.1R1

· 19.3R1 > 20.1R1 · 19.4R1 > 20.1R1

You can upgrade from the following releases:
· Junos Space Network Management Platform Release 19.3R1 and Security Director Release 19.3R1
· Junos Space Network Management Platform Release 19.4R1 and Security Director Release 19.4R1

10

Table 1: Upgrade Path (Continued)

Upgrading to Release

Required Platform Version

Upgrade Path

Description

You can now perform direct upgrade to 20.1R1 from earlier versions of Junos Space Security Director Release 19.1R1 and 19.2R1.
· 19.1R1 > 20.1R1
· 19.2R1 > 20.1R1
NOTE: You can perform direct upgrade only for Junos Space Security Director. However, you must follow all the supported upgrade paths for Junos Space Network Management Platform and Log Collector to upgrade to 20.1R1.

Security Director 19.4R1

19.4R1

· 19.2R1 > 19.4R1 · 19.3R1 > 19.4R1

You can upgrade from the following releases:
· Junos Space Network Management Platform Release 19.2R1 and Security Director Release 19.2R1
· Junos Space Network Management Platform Release 19.3R1 and Security Director Release 19.3R1

To upgrade from a previous version of Junos Space Security Director:
1. Download the Junos Space Security Director Release image to which you want to upgrade from the download site.
2. Upgrade the Junos Space Security Director application using the procedure at Upgrading a Junos Space Application.
NOTE: · If you try to upload Junos Space Security Director image of a lower version, an error
message Can only upgrade to newer version appears. Click OK and upload compatible version of Junos Space Security Director.
· If you try to upload incompatible version of Junos Space Security Director image, an error message Current platform version does not support this software version appears . Click OK and upload compatible version of Junos Space Security Director.

11
NOTE: The applogic service restarts after the application upgrade job is successful.
RELATED DOCUMENTATION Upgrade Junos Space Network Management Platform | 4 Install Security Director | 5 Junos Space Store Overview | 11 Install and Upgrade Security Director from the Junos Space Store | 12
Junos Space Store Overview
The Junos Space store displays the latest compatible versions of the Junos Space applications, which can be installed or upgraded on the current version of Junos Space Network Management Platform. Starting in Junos Space Security Director Release 18.2R1, you can install or upgrade Junos space Security Director application from the Junos Space store on the Network Management Platform. You must configure the Juniper Networks Software download credentials to connect to Junos Space store. The Junos Space store lists the latest available applications. The Junos Space Network Management Platform accesses the metadata repository hosted by Juniper Networks to discover the available applications and published versions. When you initiate an install or upgrade for Security Director application or its components, the package path is identified from the metadata file and package is downloaded. This reduces the manual effort of downloading the application package from the download site and then uploading it to the Junos Space Network Management Platform server, thereby enhancing the installation and upgrade process. You can view whether a Security Director application version is supported on the current Junos Space Network Management Platform version, even before initiating install or upgrade. Junos Space store allows the component configuration while installing Security Director. It limits the component configuration when you try to upgrade Security Director.
NOTE: The earlier method of installing and Upgrading Security Director application documented in “Install Security Director” on page 5 and “Upgrade Security Director” on page 6 are still applicable. You can choose to install using the existing method or through the Junos Space store.

12
RELATED DOCUMENTATION Install and Upgrade Security Director from the Junos Space Store | 12
Install and Upgrade Security Director from the Junos Space Store
The Junos Space store displays a list of applications, which can be installed on the Junos Space Network Management Platform. This topic describes the Security Director installation and upgrade procedure using the Junos Space store. Before You Begin · Configure Junos Space Store in Junos Space Network Management Platform. For details on
configuring and modifying the Junos Space settings, see Configuring and Managing Junos Space Store. · Ensure the HDD size (>500GB) of Junos Space Platform before configuring integrated Log Collector. OpenNMS should be in the disabled state. For configuring Log Collector component in Junos Space store: · For integrated deployment of Log Collector, install the Integrated Log Collector on a Junos Space virtual appliance. · Deploy and configure JSA for using JSA as Log Collector. See, JSA Log Collector Overview. For configuring Policy Enforcer component in Junos Space Store: · Deploy and configure Policy Enforcer. See, Security Director Insights Installation and Upgrade Guide. To install and upgrade Security Director from the Junos Space Store: 1. Log in to Junos Space Network Management Platform. 2. Select Administration > Applications > Junos Space Store. The Junos Space Store page appears.
NOTE: Click Get Latest to refresh the list of applications in Junos Space store.
The Junos Space store with all the applications are displayed as shown in Figure 2 on page 13.

13 Figure 2: Junos Space Store
3. Select Security Director. The details of the application such as the compatible versions, version release date, and release highlights are displayed. NOTE: Click Show only compatible version option to display only the Security Director versions supported on the current platform version.
4. Select a version to be installed or upgraded and click Next. NOTE: If the selected version is not compatible with the Junos Space Network Management Platform version, a warning message is displayed.
5. Select the components, which you want to configure and complete the configuration according to the guidelines given in Table 2 on page 15. NOTE: Junos Space store allows the component configuration while installing Security Director. Upgrade of components is not handled by Junos Space Store.
6. Click Next. The Security Director terms and conditions and the license agreement are displayed. Review the license agreement.
7. Click Accept and Install. The job status is displayed as shown in Figure 3 on page 14.

14 Figure 3: Job Status
8. Click Go to Junos Space Store. The installed or upgraded version of Security Director is displayed in the Junos Space store as shown in Figure 4 on page 14. Figure 4: Verifying the Installed or Upgraded Version

15

Table 2: Security Director Components Description

Fields

Description

Log Collector

Deployment Mode

· Integrated–The integrated Log Collector is installed on Junos Space node (virtual appliance).
Integrated Log Collector on a Junos Space virtual appliance supports only 500 eps.
NOTE: For Integrated Log Collector, OpenNMS must be disabled. On the Junos Space Network Management Platform, the disk space must be greater than 500GB.

Node Type

Select one of the following: · Security Director Log Collector · Juniper Secure Analytics

Node Name

Enter the Node name.

IP Address

Enter the IPv4 or IPv6 address.

Username and Password

For Security Director Log Collector, provide the default credentials; username is admin and password is juniper123. Change the default password using the Log Collector CLI configureNode.sh command.
For JSA, provide the admin credentials that is used to login to the JSA console.

Policy Enforcer

Deployment Mode

Select Standalone. NOTE: For Policy Enforcer, only Standalone option is available.

IP Address

Specify the IP address of the Policy Enforcer virtual machine.

Password

Enter the password to login to the virtual machine with the root credentials.

16

Table 2: Security Director Components Description (Continued)

Fields

Description

ATP Cloud Configuration Type

Select one of the following configuration types:
· ATP Cloud–Includes all threat prevention types, but does not include the benefits of Secure Fabric, Policy Enforcement Groups, and Threat Prevention policies provided by Policy Enforcer. All enforcement is done through SRX Series Firewall policies.
· Cloud Feeds Only–The prevention types available are command and control server, infections hosts, and Geo IP feeds. Policy Enforcer Secure Fabric, Policy Enforcement Groups, and Threat Prevention policies are also available. All enforcement is done through SRX Series Firewall policies.
· ATP Cloud with Juniper Connected Security –A full version of the product. All Policy Enforcer features and threat prevention types are available.
· None–There are no feeds available from ATP Cloud, but the benefits of Secure Fabric, Policy Enforcement Groups, and Threat Prevention policies provided by Policy Enforcer are available. Infected hosts is the only prevention type available.

Network End Point

Polling timers affect how often the system polls to discover endpoints. The timer polls infected endpoints moving within the sites that are a part of Secure fabric. You can set this range from 2 minutes to 60 minutes. The default is 5 minutes.

PollSite End Point

Polling timers affect how often the system polls to discover endpoints. The timer polls all endpoints added to the secure fabric. You can set this range between 1 to 48 hours. The default is 24 hours.

RELATED DOCUMENTATION Junos Space Store Overview | 11