Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Adding the Full Scan Plus Scan Policy to JSA Vulnerability Manager

To add the Full Scan Plus scan policy to JSA Vulnerability Manager, you must download the QVM Engine for OpenVAS NVTs RPM Package Manager (RPM) from IBM Fix Central and install it on your JSA Console.

  • You must have the correct license capabilities to perform the following scanning operations. If you need assistance to obtain a new or updated license key, contact your Juniper Customer Support.

  • Ensure you have JSA 7.3.1, Patch 3 or later installed.

  • Ensure the JSA Vulnerability Manager processor and scanner are enabled.

  1. Download the RPM from IBM Fix Central and save it in the /store/rpms directory on the Console.

  2. Type the following command to install the RPM on the JSA Console:

    rpm -ivh /store/rpms/qvm-openvas-x.x-x.noarch.rpm

    Note:

    In a High Availability environment, perform this step only on the primary console.

  3. Type the following command to enable the Full Scan Plus scan policy:

    /store/qvm/openvas/ openvas_switch.sh enable

    Note:

    Complete this step on the Console only. This step deploys the configuration to the entire system. No actions are required on Managed Hosts.

  4. Run automatic updates by performing the following tasks:

    1. On the navigation menu, click Admin to open the admin tab.

    2. In the System Configuration section, click Auto Update.

    3. Click Get New Updates.

    4. If new updates appear on the list, click Install > All Updates.

    Note:

    You must trigger Auto Update to complete the installation of the Full Scan Plus policy. At this time, additional tools are downloaded and installed. The scan policy will be available in the UI after this installation is complete. You must carry out this step, even if Auto Update has already run for the current day.