- play_arrow What's New for Administrators
- play_arrow Overview of JSA Administration
- play_arrow User Management
- play_arrow License Management
- play_arrow System Management
- System Management
- System Health Information
- JSA Component Types
- Data Nodes
- Network Interface Management
- JSA System Time
- NAT-Enabled Networks
- Off-site Hosts Management
- Managed Hosts
- Configuration Changes in your JSA Environment
- Deploying Changes
- Restarting the Event Collection Service
- Shutting Down a System
- Restarting a System
- Collecting Log Files
- Changing the Root Password on Your JSA Console
- Resetting SIM
- play_arrow Event Data Processing in JSA
- Event Data Processing in JSA
- DSM Editor Overview
- Properties in the DSM Editor
- Property Configuration in the DSM Editor
- Opening the DSM Editor
- Configuring a Log Source Type
- Configuring Property Autodetection for Log Source Types
- Configuring Log Source Autodetection for Log Source Types
- Configuring DSM Parameters for Log Source Types
- Custom Log Source Types
- Custom Property Definitions in the DSM Editor
- Event Mapping
- Exporting Contents from the DSM Editor
- play_arrow Using Reference Data in JSA
- play_arrow User Information Source Configuration
- play_arrow Juniper Networks X-Force Integration
- play_arrow Managing Authorized Services
- play_arrow Backup and Recovery
- play_arrow Flow Sources Management
- play_arrow Remote Networks and Services Configuration
- play_arrow Server Discovery
- play_arrow Domain Segmentation
- play_arrow Multitenant Management
- Multitenant Management
- User Roles in a Multitenant Environment
- Domains and Log Sources in Multitenant Environments
- Provisioning a New Tenant
- Monitoring License Usage in Multitenant Deployments
- Rules Management in Multitenant Deployments
- Network Hierarchy Updates in a Multitenant Deployment
- Retention Policies for Tenants
- play_arrow Asset Management
- play_arrow Configuring JSA to Forward Data to Other Systems
- Forward Data to Other Systems
- Adding Forwarding Destinations
- Configuring Forwarding Profiles
- Configuring Routing Rules to Forward Data
- Using Custom Rules and Rule Responses to Forward Data
- Configuring Routing Rules to Use the JSA Data Store
- Viewing Forwarding Destinations
- Viewing and Managing Forwarding Destinations
- Viewing and Managing Routing Rules
- play_arrow Event Store and Forward
- play_arrow Security Content
- play_arrow SNMP Trap Configuration
- play_arrow Protect Sensitive Data
- play_arrow Log Files
- play_arrow Event Categories
- play_arrow Common Ports and Servers Used by JSA
- play_arrow RESTful API
IPv6 Addressing in JSA Deployments
IPv4 and IPv6 addressing is supported for network connectivity and management of JSA software and appliances. When you install JSA, you are prompted to specify whether your Internet Protocol is IPv4 or IPv6.
JSA Components That Support IPv6 Addressing
The following JSA components support IPv6: addressing.
Network Activity tab -- Because IPv6 Source Address and IPv6 Destination Address are not default columns, they are not automatically displayed. To display these columns, you must select them when you configure your search parameters (column definition).
To save space and indexing in an IPv4 or IPv6 source environment, extra IP address fields are not stored or displayed. In a mixed IPv4 and IPv6 environment, a flow record contains both IPv4 and IPv6 addresses.
IPv6 addresses are supported for both packet data, including sFlow, and NetFlow V9 data. However, older versions of NetFlow might not support IPv6.
Log Activity tab -- Because IPv6 Source Address and IPv6 Destination Address are not default columns, they are not automatically displayed. To display these columns, you must select them when you configure your search parameters (column definition).
DSMs can parse IPv6 addresses from the event payload. If any DSM cannot parse IPv6 addresses, a log source extension can parse the addresses. For more information about log source extensions, see the Juniper Secure Analytics Log Sources User Guide.
Searching, grouping, and reporting on IPv6 fields -- You can search events and flows by using IPv6 parameters in the search criteria.
You can also group and sort event and flow records that are based on IPv6 parameters.
You can create reports that are based on data from IPv6-based searches.
Custom rules --The following custom rule to support IPv6 addressing was added: SRC/DST IP = IPv6 Address
IPv6-based building blocks are available in other rules.
Device support modules (DSMs) -- DSMs can parse IPv6 source and destination address from event payloads.
Deploying JSA in IPv6 Environments
To log in to JSA in an IPv6 environment, wrap the IP address in square brackets:
https://[<IP Address>]
Both IPv4 and IPv6 environments can use a hosts file for address translation. In an IPv6 environment, the client resolves the Console address by its host name. You must add the IP address of the IPv6 console to the /etc/hosts file on the client.
Flow sources, such as NetFlow and sFlow, are accepted from IPv4 and IPv6 addresses. Event sources, such as syslog and SNMP, are accepted from IPv4 and IPv6 addresses. You can disable superflows and flow bundling in an IPv6 environment.
IPv6 Addressing Limitations
When JSA is deployed in an IPv6 environment, the following limitations are known:
The network hierarchy is not updated to support IPv6.
Some parts of the JSA deployment, including surveillance, searching, and analysis, do not take advantage of the network hierarchy. For example, within the Log Activity tab, you cannot search or aggregate events By Network
No IPv6-based asset profiles.
Asset profiles are created only if JSA receives events, flows, and vulnerability data for IPv4 hosts.
No host profile test in custom rules for IPv6 addresses.
No specialized indexing or optimization of IPv6 addresses.
No IPv6-based sources and destinations for offenses
