Add Juniper SRX Firewall

Step 1: Prepare Juniper SRX Firewall for monitoring.

Prerequisites
SNMPv1/v2 or SNMPv3 credentials are needed for monitoring. If SNMPv1/v2 is used, you must supply the SNMP community string (which was entered during Juniper SRX Firewall configuration) along with IP address of agent that will be used to monitor the Juniper SRX Firewall. If SNMPv3 is used, you must supply the SNMPv3 user, plus the authentication method (SHA or MD5) and authentication password, if authentication is used. In addition, privilege method (only DES supported) and privilege password will be required, if privileges are used. Everything must be manually configured up front in the Juniper SRX Firewall. Read-only access is sufficient for Juniper SRX Firewall monitoring.

Prerequisites

SNMPv1/v2 or SNMPv3 credentials are needed for monitoring.

If SNMPv1/v2 is used, you must supply the SNMP community string (which was entered during Juniper SRX Firewall configuration) along with IP address of agent that will be used to monitor the Juniper SRX Firewall.

If SNMPv3 is used, you must supply the SNMPv3 user, plus the authentication method (SHA or MD5) and authentication password, if authentication is used. In addition, privilege method (only DES supported) and privilege password will be required, if privileges are used. Everything must be manually configured up front in the Juniper SRX Firewall.

Read-only access is sufficient for Juniper SRX Firewall monitoring.

Step 2: Decide how you want to add the Juniper SRX Firewall.

You can add Juniper SRX Firewall entities using one of two ways:

Add them from UI
Use the agent's omcli add_entity command with the appropriate JSON files

Adding Entities from the UI

From the Management Cloud main menu, select Administration, Discovery, and then Add Entity. The Add Entity page displays.
Select the Juniper SRX Firewall Entity Type.

Enter the following UI properties.

Juniper SRX Firewall UI Fields
Entity Name: Name of your Juniper SRX Firewall in Oracle Management Cloud. Dispatch URL: snmp://<Fully qualified host name or IP address of Juniper SRX Firewall> SNMP Port: Port where Juniper SRX Firewall listens for SNMP requests - 161 by default (optional) SNMP Timeout: Timeout for SNMP requests in seconds - 30 secs by default (optional) Cloud Agent: Cloud agent monitoring your Juniper SRX Firewall. Monitoring Credentials SNMP V1/V2: Community String: SNMPv1/v2c community string. SNMP V3 Username: SNMPv3 username. Authorization Password: Password used for authentication Authorization Protocol: Protocol used for authentication. (MD5 or SHA) Privacy Password: password used for encryption

Juniper SRX Firewall UI Fields

Entity Name: Name of your Juniper SRX Firewall in Oracle Management Cloud.
Dispatch URL: snmp://<Fully qualified host name or IP address of Juniper SRX Firewall>
SNMP Port: Port where Juniper SRX Firewall listens for SNMP requests - 161 by default (optional)
SNMP Timeout: Timeout for SNMP requests in seconds - 30 secs by default (optional)
Cloud Agent: Cloud agent monitoring your Juniper SRX Firewall.

Monitoring Credentials

SNMP V1/V2:

Community String: SNMPv1/v2c community string.

SNMP V3

Username: SNMPv3 username.
Authorization Password: Password used for authentication
Authorization Protocol: Protocol used for authentication. (MD5 or SHA)
Privacy Password: password used for encryption

See Add Entities from the Console for detailed instructions on using the Add Entity UI.

Using omcli and the Appropriate JSON Files

Download and extract the required JSON file(s) from the master JSON zip file. See the table below for the specific JSON files you'll need.

Edit the file(s) and specify the requisite properties shown below.

Juniper SRX Firewall JSON Files and Properties
omc_juniper_srx_sample.json name: Your Juniper SRX Firewall entity name. displayName: Your Juniper SRX Firewall entity display name. timezoneRegion: Time zone of your entity. It is recommended that you use the long values IANA-maintained TZ database time zones. For example: America/New_York host_name: Under “value”, provide fully qualified host name or IP address of the Juniper SRX Firewall. omc_dispatch_url: Under “value”, following the string snmp://, provide the fully qualified hostname or IP address of the Juniper SRX Firewall. omc_snmp_port: Under “value”, provide the port where the Juniper SRX Firewall listens for SNMP requests. The default is 161. omc_snmp_timeout: Under “value”, provide the timeout for SNMP requests in seconds, 10 by default. omc_snmp_version: Under “value”, provide the SNMP version used to monitor the Juniper SRX Firewall. Credential Files omc_juniper_srx_snmpv2_sample_creds.json Use this credential file if you have configured your switch with SNMPv1/v2. community: Under “value”, within the square brackets, provide the SNMPv2c community string used during the Juniper SRX Firewall configuration. omc_juniper_srx_snmpv3_sample_creds.json Use this credential file if you have configured your switch with SNMPv3. authUser: Under “value”, within the square brackets, provide the SNMPv3 username. authPwd: Under “value”, within the square brackets, provide the authorization password or empty out the field. . authProtocol: Under “value”, within the square brackets, provide the authorization method (SHA or MD5). privPwd: Under “value”, within the square brackets, provide the privilege method password, if privilege is used. Only the DES privilege method is supported.

Juniper SRX Firewall JSON Files and Properties

omc_juniper_srx_sample.json

name: Your Juniper SRX Firewall entity name.
displayName: Your Juniper SRX Firewall entity display name.
timezoneRegion: Time zone of your entity. It is recommended that you use the long values IANA-maintained TZ database time zones. For example: America/New_York
host_name: Under “value”, provide fully qualified host name or IP address of the Juniper SRX Firewall.
omc_dispatch_url: Under “value”, following the string snmp://, provide the fully qualified hostname or IP address of the Juniper SRX Firewall.
omc_snmp_port: Under “value”, provide the port where the Juniper SRX Firewall listens for SNMP requests. The default is 161.
omc_snmp_timeout: Under “value”, provide the timeout for SNMP requests in seconds, 10 by default.
omc_snmp_version: Under “value”, provide the SNMP version used to monitor the Juniper SRX Firewall.

Credential Files

omc_juniper_srx_snmpv2_sample_creds.json

Use this credential file if you have configured your switch with SNMPv1/v2.

community: Under “value”, within the square brackets, provide the SNMPv2c community string used during the Juniper SRX Firewall configuration.

omc_juniper_srx_snmpv3_sample_creds.json

Use this credential file if you have configured your switch with SNMPv3.

authUser: Under “value”, within the square brackets, provide the SNMPv3 username.
authPwd: Under “value”, within the square brackets, provide the authorization password or empty out the field. .
authProtocol: Under “value”, within the square brackets, provide the authorization method (SHA or MD5).
privPwd: Under “value”, within the square brackets, provide the privilege method password, if privilege is used. Only the DES privilege method is supported.

Add the entity using omcli.

omcli add_entity agent DEFINITION_FILE [-credential_file CREDENTIAL_FILE [-encryption_method_gpg]]

Verify the status of the newly added entity.
```
omcli status_entity agent DEFINITION_FILE
```

See step 4. Adding Entities to Your Service of Add Entities Using JSON Files for more information.

Step 3: (Optional but recommended) Set up alerts.

To enable lights-out monitoring, you can set up alert rules to generate alerts and send notifications if your entities have performance issues.

See Set Up Alert Rules and Set Up Alert Thresholds and Notifications.

Troubleshooting

If you run into any issues regarding discovery or monitoring of Juniper SRX Firewall, see the following: