fir3net
PPS-Firenetbanner-780.5x190-30-03-17

Netscreen - NSM Issues

Heres a couple of issues I ran into when adding some devices to the NSM,

When trying to enable NSM via the GUI you get "No initial ID configured. NSM agent remains disabled"

  1. The communication between nsm and screenos is based on public key authentication. You don't have to enable NSM manually.

Cant import the Netscreens configuration when adding the device to NSM

  1. Check the NSM source interface on the firewall either via the GUI or CLI. 

The NSM wont obtain the SSH key and comes up with a number of suggestions regarding your connection. You have SSH`d from the NSM to the Netscreen and confirmed connectivity.

  1. Click the back icon so your back at the previous NSM dialog box and then retry. Sometimes I have to go back up to 3 times before it obtains the SSH key.
  2. Is the NSM added to your allowed IPs on your Netscreen ?
  3. Is the interface your are trying to connect to enabled for SSH management (manage SSH)?

The NSM wont import the device and states that the NSM cannot connect to the device. It may also mention that there is a duplicate serial number.

  1. On the CLI of the NSM restart the devSvr. /etc/init.d/devSvr restart.
  2. If this fails exit the NSM GUI and restart all of the severs (haSvr, guiSvr and devSvr) and retry.

Tags: Netscreen

About the Author

RDonato

R Donato

Rick Donato is the Founder and Chief Editor of Fir3net.com. He currently works as a Principal Network Security Engineer and has a keen interest in automation and the cloud.

You can find Rick on Twitter @f3lix001