Friday, January 21, 2011

Net Screen manager setup

I'm having an issue with our NSMExpress box. I'm trying to manage all our devices, range from ns5gt to ssg320m, and some of those devices have addresses assigned by dhcp from the ISP (like pppoe or dsl). The addresses are actually static but we have the register the MAC address in order to get this address. I can actually add the device in NSM except the IP that's on the untrust side isn't imported in as it's dynamic. Because of this I cannot change many options that pertian to the untrust interface as there is no IP.

I've talked to JTAC on this and they didn't know if there was a way to do this or not but then they stated that Tim Hortons does this so I'm confused on how to get this working. Maybe i'm just missing something as I imagine that other people must be doing this as well. Any assistance is appreciated!

Furthermore when I import a device this is the message I get:

Warnings:

Interface ethernet0/0 is a pppoe/dhcp/pppoa client and its ip is NOT IMPORTED because it may be dynamic.

  • First I would escalate your case to get an answer on your possible solution.

    Second, it would be nice to know your version of NSM and the schema you are using. If these are older versions then this may be a limiting factor. A lot of times things like this slide in under a new release or schema update, but there is no guarantee. While a new version of both can expose some nice new functionality this should be well considered before making an upgrade depending on your environment. Basically the more complicated features you are using on NSM and on the device side could alter the experience for better or worse if there are many devices and if this NSM instance is a very important and heavily used production deployment.

    Codezy : Thank you for the reply. I've actually been through the whole JTAC and they say there is no solution which I can't believe since other people must have the same situation as I do. The version of NSM that we are running is 2009.1r1 and schema is 124. I see that 2010.1 is out now but doesn't appear to address the issue either. I have updated it along the way according to JTAC but again no fix. I'll try the 2010 release to see what happens.
    Null Route : Codezy, keep escalating on it and don't close the case until you get an answer as to whether this is supported or not. This should get you an answer to this either way.
    From Null Route

0 comments:

Post a Comment