What is Project Buffalo (a.k.a. Dare to Know Your Network)?
Juniper networks SRX Pre-sales Campaign Using OneConfig cloud-based Application and Network risk (ANR) Reporting
This page is for Juniper SEs and Juniper Partners who are engaged in the Juniper Networks SRX Sales campaign.
Getting Started: To start using OneConfig ANR Reports all you need is a OneConfig account and a demo SRX device. For a OneConfig account, please contact your Juniper SE or Account Manager, or email email@example.com.
Evaluation End-to-End Setup Process
The End-to-end Setup Guide - Version 3.4 Click here to download PDF.
Sample Executive ANR Report. Click here to download PDF.
OneConfig - Simplified Network Management
Do you have a customer or partner who is interested in using OneConfig as a management platform? Find out how OneConfig can simplify network management and reduce operations costs: http://oneconfig.com/features
Got Buffalo questions? Contact us at firstname.lastname@example.org
How do I get an evaluation underway? All you need to get started is a demo SRX device and a OneConfig account. If you don't have a OneConfig account please contact your Juniper SE or email email@example.com.
Will my OneConfig device license expire after 30 days? No, the 30-day trial license does not apply to Project Buffalo devices.
How much syslog can I send to OneConfig? To ensure all devices are able to successful log to our servers we recommend no individual device send more that 100 EPS (events per second). If you have an evaluation that requires syslog processing beyond 100 EPS please contact us and we will discuss options to accommodate your needs.
Will the OneConfig ANR Report be branded with my end customer's logo? Yes, you can add your customer's name and logo (or your logo) to the ANR Reports.
When I move a evaluation SRX from one customer to another, do I have to clear the logs on the device or on OneConfig? No, we reset the logs and data collection for each demo, so there is no chance of the data showing anything from anyone else. Simply delete the Evaluation Service at the end of each evaluation and create a new one for the next customer.
How long does it take for data to show in the interim ANR reports in the OneConfig web application? Due to the timing of the polling of SRX devices it may take up to 2 hours from deployment for data to start appearing in the reports.
Do I have to pay for the OneConfig ANR Report service? No, the reporting service is free to all approved Juniper Partners worldwide - talk to your Juniper Partner Manager if you are unsure.
Who do I contact for support? Email the OneConfig Team at firstname.lastname@example.org, or talk to your local Juniper SE/Partner Manager.
My customer wants OneConfig reporting for their Juniper devices on an on-going basis - is this possible? Yes, please contact email@example.com and we will provide you with pricing and other details.
Is my data/customer's data secure? Yes. All OneConfig transport is encrypted. This includes the API connections from the SRX using outbound-ssh in Junos and using TLS to encrypt syslog. OneConfig's system is based on a strict multi tenant structure. We use an authorisation system to have users associated with tenants. All device data is bound to the tenant and only users of that tenant can ever see the data. The data we receive from the device, either via API or syslog, is only meta data about the customer traffic ("this IP talked to this IP" or "feature X counter Y is value Z"). At no time are we able to see the actual traffic passing through the SRX. For data retention, there are two parts. We have a system policy of 32 days for logs before expiry. OneConfig and Juniper have an NDA in place.
Partner evaluation tracking and support. Juniper creates accounts for partners within OneConfig for evaluation purposes. Using OneConfig's multi tenancy capability, Juniper management team has visibility of these partner accounts for evaluation support and tracking purposes.
An engineer is leaving my organization, how do I remove his OneConfig account. Login to OneConfig and delete the account yourself, or contact firstname.lastname@example.org to do it for you at
We are not seeing any detailed information in our reports, what could be the reason for this? Starting with the most basic, the following scenarios could be impacting your reporting of traffic:
- There is no traffic reaching the port mirror or in line ports on your SRX. Check to see that all interfaces are up and passing traffic;
- Check to see how many security sessions are present on the device. This can be done form OneConfig UI (Action Menu -> System and Monitoring -> System Graphs) or from CLI on the SRX ("show security flow sessions ge-0/0/1.0"). If the sessions are consistently around 20 - 50 this indicates system only session and no significant traffic - sessions should be in the range of 100s or 1,000s;
- Check the OneConfig interface graphs to make sure the port mirror or in line ports are receiving meaningful traffic volumes.
- The source-interface setting for the data plane logs is not correct. Check the interface settings, normally the connection to the internet is from ge-0/0/0.0 in the Golden Config;
- Zone and policy settings may be incorrect. The Golden Config uses specific zones with policies that are configured to generate logs. Check your configuration to make sure it is inline with the Golden Configuration.
I’m connecting my SRX directly to the Internet on GE-0/0/0, what about security? Typically SRX evaluations are done behind the border firewall. If you are connecting your device directly to the internet on GE-0/0/0 please add the following commands to the interface, then commit:
# delete security zones security-zone LAN-ACCESS host-inbound-traffic protocols all
# delete security zones security-zone LAN-ACCESS host-inbound-traffic system-services all
# set security zones security-zone LAN-ACCESS interfaces ge-0/0/0.0 host-inbound-traffic system-services dhcp
# set security zones security-zone LAN-ACCESS interfaces ge-0/0/0.0 host-inbound-traffic system-services ssh
# set security zones security-zone LAN-ACCESS interfaces ge-0/0/0.0 host-inbound-traffic system-services ping
I’m using an SRX in InLine mode, do I need to configure Secure Wire mode? Typically this is only needed on
SRX1500s if there are other devices on the VLAN. If that is the case with your evaluation then you could consider adding
Secure-Wire to your device. See suggested commands below, don’t forget to commit the change:
# set security forwarding-options secure-wire INLINE interface ge-0/0/2.0
# set security forwarding-options secure-wire INLINE interface ge-0/0/3.0
For more information on this topic please see:
I'm re-using an SRX for a new evaluation, do I have to re-enrol for Sky ATP? The Golden Config contains a 'delete' statement. Device re-enrollment into Sky ATP will be required if the Golden Config is applied in full along with any other configuration that you wish to retain from the device.