Project Buffalo

Juniper networks SRX Pre-sales Campaign Using OneConfig cloud-based Application and Network risk (ANR) Reporting

This page is for Juniper SEs and Juniper Partners who are engaged in the Juniper Networks SRX Sales campaign. 

Getting Started: To start using OneConfig ANR Reports all you need is a OneConfig account and a demo SRX device. For a OneConfig account, please contact your Juniper SE or Account Manager, or email


Evaluation End-to-End Setup Process


The End-to-end Setup Guide - Version 3.1 Click here to download PDF.






Sample ANR Evaluation Report. Click here







Do you have a customer or partner that is interested in using OneConfig as a management platform? Checkout how OneConfig can simplify management and reporting:

Got Buffalo questions? Contact us at


How do I get an evaluation underway? All you need to get started is a demo SRX device and a OneConfig account. If you don't have a OneConfig account please contact your Juniper SE or email

Do I have to complete the ANR Request form ? The process has been simplified and automated with the OneConfig UI so you no longer need to complete the ANR Request form.

Will my device license expire after 30 days? No, the 30-day trial license does not apply to Project Buffalo devices. 

How much syslog can I send to OneConfig? To ensure all devices are able to successful log to our servers we recommend no individual device send more that 100 EPS (events per second). If you have an evaluation that requires syslog processing beyond 100 EPS please contact us and we will discuss options to accommodate your needs.

Will the OneConfig ANR Report be branded with my end customer's logo? Yes, you can add your customer's name and logo into your reports.

When I move a evaluation SRX from one customer to another, do I have to clear the logs on the device or on OneConfig? No, we reset the logs and data collection for each demo, so there is no chance of the data showing anything from anyone else.

How long does it take for data to show in the interim ANR reports in the OneConfig web application? Due to the timing of the polling of SRX devices it may take up to 2 hours from deployment for data to appear in the reports. 

Do I have to pay for the OneConfig ANR Report service? No, the report service is free to all approved Juniper Partners worldwide - talk to your Juniper Partner Manager if you are unsure.

Who do I contact for support? Email the OneConfig Team at, or talk to your local Juniper SE/Partner Manager.

My customer wants OneConfig reporting for their Juniper devices on an on-going basis - is this possible? Yes, please contact and we will provide you with pricing and other details.

Is my data/customer's data secure? Yes. All OneConfig transport is encrypted. This includes the API connections from the SRX using outbound-ssh in Junos and using TLS to encrypt syslog. OneConfig's system is based on a strict multi tenant structure. We use an authorisation system to have users associated with tenants. All device data is bound to the tenant and only users of that tenant can ever see the data. The data we receive from the device, either via API or syslog, is only meta data about the customer traffic ("this IP talked to this IP" or "feature X counter Y is value Z"). At no time are we able to see the actual traffic passing through the SRX. For data retention, there are two parts. We have a system policy of 32 days for logs before expiry. OneConfig and Juniper have an NDA in place.

Partner evaluation tracking and support. Juniper creates accounts for partners within OneConfig for evaluation purposes. Using OneConfig's multi tenancy capability, Juniper management team has visibility of these partner accounts for evaluation support and tracking purposes. 

An engineer is leaving my organization, how do I remove his OneConfig account. Login to OneConfig and delete the account yourself, or contact to do it for you at

We are not seeing any detailed syslog information in our reports, what could be the reason for this? (1) There is no interesting traffic hitting the policies (is the device inline/sniffer correctly connected?) (2) The source-interface setting for the data plane logs is not correct. Check the interface settings, normally the connection to the internet is from ge-0/0/0.0 in the Buffalo golden config. (3) Policy log settings are not in place. The Golden Config uses specific zones with policies that log, your configuration is not inline with the Golden Configuration.