Netscreen – NSM Issues

Heres a couple of issues I ran into when adding some devices to the NSM,

When trying to enable NSM via the GUI you get No initial ID configured. NSM agent remains disabled”

  1. The communication between nsm and screenos is based on public key authentication. You don’t have to enable NSM manually.

Cant import the Netscreens configuration when adding the device to NSM

  1. Check the NSM source interface on the firewall either via the GUI or CLI.

The NSM wont obtain the SSH key and comes up with a number of suggestions regarding your connection. You have SSH`d from the NSM to the Netscreen and confirmed connectivity.

  1. Click the back icon so your back at the previous NSM dialog box and then retry. Sometimes I have to go back up to 3 times before it obtains the SSH key.
  2. Is the NSM added to your allowed IPs on your Netscreen ?
  3. Is the interface your are trying to connect to enabled for SSH management (manage SSH)?

The NSM wont import the device and states that the NSM cannot connect to the device. It may also mention that there is a duplicate serial number.

  1. On the CLI of the NSM restart the devSvr. /etc/init.d/devSvr restart.
  2. If this fails exit the NSM GUI and restart all of the severs (haSvr, guiSvr and devSvr) and retry.
Rick Donato

Want to become an IT Security expert?

Here is our hand-picked selection of the best courses you can find online:
Internet Security Deep Dive course
Complete Cyber Security Course – Hackers Exposed
CompTIA Security+ (SY0-601) Certification Complete course
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial