Page tree

Unsupported content

 

This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.

Skip to end of metadata
Go to start of metadata

This topic describes how to add a device security profile.

To add a device security profile

  1. Open the Device Security Profiles page by navigating to Admin > Network Admin > Device Security Profiles.
  2. In the menu, click Add to define a new device security profile.
    The Add Device Security Profile page is displayed.

  3. Enter information into the fields as described below:

    Field

    Description

    Name

    Specify a unique name, up to 40 characters, for the device security profile. For example, IOS-account.

    Applicable To

    This field is required when you are managing multiple realms. Select a realm to make the DSP accessible to a single realm. Select Entire Network if you want to be able to assign the DSP to a device irrespective of which realm the device belongs to.

    Note:

    The Entire Network option appears only for the users who have the Full Rights network right. Only users with the Full Rights network right can then manage (edit, copy, and delete) a DSP assigned to the entire network. All users can select such a DSP when editing a device.

    Login User Name

    (Optional) Specify the user name for the login session to be used by the BMC Network Automation system. This field is required when a device has RADIUS/TACACS+ enabled or uses local accounts.

    Login Password

    (Optional) Login password for the login session.

    Privileged User Name

    (Optional) Specify the user name for the privilege (enable) mode, as required (see Special instructions for security profiles of specific devices).

    Privileged Password

    (Optional) This password is used when privilege (enable) mode is required to perform configuration file commands. See Special instructions for security profiles of specific devices for a list of device types requiring a privileged password.

    Note: Some devices might not require a privileged password but do require the account to have privileged access.

    Note: The case sensitivity for the Login User NameLogin PasswordPrivileged User Name, and Privileged Password fields is device-dependent.

    Priority

    When the DSP in a Device record is set to Auto, this indicates the priority (1 to 99) to try each DSP until one works, after which the BMC Network Automation system uses the working DSP unless reassigned. This solves the issue when you are unsure of the device credentials assigned to each device (for example, use multiple RADIUS/TACACS+ servers). Lower priority DSPs are tried first. DSPs of the same priority are tried in random order. DSPs with priority 0 are not tried (that is, disabled).

    Managed by  Terminal Server

    (Optional) Select when the managed device is accessed by the BMC Network Automation system through a serial terminal server using tunneling. You must also correctly assign the Host Name/IP Address field in the device record based on the Terminal Server Type, as documented under the tunneling description.

    Terminal Server Type

    (Required when Managed by a terminal server is selected) Select Serial Terminal Server to manage device through a terminal server connected to the device's console port. Select Telnet/SSH Connection Proxy to manage a device for which Telnet or SSH is appropriate.

    Terminal Server User Name

    (Optional) Specify the login user name for the terminal server.

    Terminal Server Password

    (Optional) Specify the login password for the terminal server.

    Terminal Server Passphrase

    (Optional) Specify the login passphrase for the terminal server.

  4. Click Save.

    Note

    BMC Network Automation uses only a device's required credentials. Therefore, you can share credentials between device types. For example, if one device requires a privileged password, but another device type does not, you can use the same DSP if all other credentials are the same between device types.

Special instructions for security profiles of specific devices

The following table provides special instructions for configuring the BMC Network Automation privileged account based on device type:

Device Type

Special configuration of a privileged account on device

Juniper Firewall

set admin user username password password privilege all

Juniper JunOS

configure
edit system login user username
set class class
where class has permission all

Check Point Nokia Firewall

Set the Privileged Password to the device's admin password.

The User Name must be a member of the wheel group or the User Name must be admin.

To add the BMC Network Automation device login account to the wheel group, select Configuration > Groups under the Check Point Nokia Voyager manager.