IVE Quick Startup Guide - OS 4.0

Similar documents
48-Port 10/100/1000Base-T with 4 Shared SFP. Managed Gigabit Switch WGSW Quick Installation Guide

48-Port 10/100Mbps + 4 Gigabit TP / 2 SFP. Managed Switch WGSW Quick Installation Guide

Network Configuration Example

28-Port 10/100/1000Mbps with. 4 Shared SFP Managed Gigabit Switch WGSW / WGSW-28040P. Quick Installation Guide

ZyWALL 10W. Internet Security Gateway. Quick Start Guide Version 3.62 December 2003

Management Security Switch SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P. Quick Installation Guide

D-Link (Europe) Ltd. 4 th Floor Merit House Edgware Road London HA7 1DP U.K. Tel: Fax:

ZyWALL 70. Internet Security Appliance. Quick Start Guide Version 3.62 December 2003

Using the Cisco NCS Command-Line Interface

Exam : JN Title : Juniper Networks Certified Internet Assoc(JNCIA-SSL) Exam. Version : Demo

WLM1200-RMTS User s Guide

24-Port 10/100/1000Mbps with. 4 Shared SFP Managed Gigabit Switch

4TRESS FT2011 Out-of-Band Authentication and Juniper Secure Access

IFS POC2502 Series Quick Start Guide

4TRESS AAA. Out-of-Band Authentication (SMS) and Juniper Secure Access Integration Handbook. Document Version 2.3 Released May hidglobal.

24-Port 100/1000X SFP + 4-Port 10G SFP+ Managed. Metro Ethernet Switch MGSW-28240F. Quick Installation Guide

Installing and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.

Remote Support Security Provider Integration: RADIUS Server

IPMI Configuration Guide

NetScreen Secure Access NetScreen Secure Access FIPS Getting Started

16/24/48-Port 10/100/1000T + 2/4-Port 100/1000X SFP Managed Switch GS T2S/GS T2S/GS T4S. Quick Installation Guide

SmartPath EMS VMA Virtual Appliance Quick Start Guide

16/24-Port 10/100/1000T 802.3at PoE + 2-Port 100/1000X SFP Managed Switch GS P2S GS P2S. Quick Installation Guide

Multi-port Coax + 2-port 10/100/1000T + 2-port. 100/1000X SFP Long Reach PoE over Coaxial. Managed Switch LRP-822CS / LRP-1622CS

Cisco ISE Command-Line Interface

Link Gateway Initial Configuration Manual

Industrial 4G LTE Cellular Gateway ICG-2420-LTE

How to Configure Authentication and Access Control (AAA)

Security Provider Integration RADIUS Server

Cisco NAC Profiler UI User Administration

IFS NS P-4S-2X Quick Start Guide

L2/L4 Managed Gigabit Ethernet Switch GS-4210 Ultra PoE Series

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. Pulse Connect Secure 8.x

Release Notes: J-Web Application Package Release 15.1A4 for Juniper Networks EX Series Ethernet Switches

8-Port 10/100Mbps + 2G TP/SFP Combo. Managed Industrial Switch ISW-1022M / ISW-1022MT / ISW-1022MP / ISW-1022MPT / ISW-1033MT

Overview of the Cisco NCS Command-Line Interface

ilo MP Utilities ilo MP

Single Antenna Multi Channel Modem

Integration Guide. LoginTC

How to Integrate RSA SecurID with the Barracuda Web Application Firewall

L2+ Managed LCD Switch GS T2XV(R) / GS T4XV(R) Quick Installation Guide

ISE Express Installation Guide. Secure Access How -To Guides Series

Industrial 24-Port 10/100/1000Mbps Managed Gigabit. Switch (-40~75 degrees C) with 4 Shared SFP Ports IGSW-24040T. Quick Installation Guide

Xcalenets Console Setup Guide. Xcalenets Console Setup Guide (Standalone version)

ExtraHop Command-line Reference

Administration of Cisco WLC

L2+ 16-/24-Port Gigabit PoE. + 2-/4-Port 10G SFP+ Managed Switch. with LCD Touch Screen GS P2XV(R)/GS UP2XV(R)

Persistent Data Transfer Procedure

SOA Software API Gateway Appliance 6.3 Administration Guide

VMware Identity Manager Connector Installation and Configuration (Legacy Mode)

L2+ Managed Gigabit Switch WGSW series

Juniper Exam JN0-314 Junos Pulse Access Control, Specialist (JNCIS-AC) Version: 7.0 [ Total Questions: 222 ]

F5 WANJet 200. Quick Start Guide. Quick Start Overview

Initial Configuration for the Switch

Installation and Configuration Guide

Troubleshooting External Services (External Message Store, Calendar Integrations, Calendar Information for PCTRs) in Cisco Unity Connection 8.

Total Control System Application Guide

Administering vrealize Log Insight. September 20, 2018 vrealize Log Insight 4.7

CLI users are not listed on the Cisco Prime Collaboration User Management page.

Table of Contents 1 V3 & V4 Appliance Quick Start V4 Appliance Reference...3

Connecting CoovaAP 1.x with RADIUSdesk - Basic

Pulse Secure Desktop Client

Managing External Identity Sources

Establishing two-factor authentication with Juniper SSL VPN and HOTPin authentication server from Celestix Networks

Barracuda Networks NG Firewall 7.0.0

Troubleshooting. Troubleshooting Guidelines. System Reports

24-Port Gigabit with 4 Optional 10G Slots. Layer 3 Managed Stackable Switch XGS Quick Installation Guide

Troubleshooting 1240AG Series Autonomous Access Points

Oracle 10g. Configuration Guide. Copyright 2005 CRYPTOCard Corporation All Rights Reserved

Deploying Cisco UCS Central

Barracuda Networks SSL VPN

Industrial 8-Port 10/100/1000T 802.3af/at PoE + 2-Port 100/1000X SFP Managed Switch with Wide Operating Temperature

Before you start the lab exercises see the lab administrator or EEE3080F tutor to get assigned to your routers.

Deploy the ExtraHop Discover Appliance 1100

BMC FootPrints 12 Integration with Remote Support

Installing Cisco StadiumVision Director Software from a DVD

L2+ Managed Metro Ethernet Switch MGSW / MGSD Series

Deploy the ExtraHop Discover 3100, 6100, 8100, or 9100 Appliances

Configuration Guide. Upgrading AOS Firmware L1-29.1D July 2011

HOB HOB RD VPN. RSA SecurID Ready Implementation Guide. Partner Information. Product Information Partner Name. Last Modified: March 3, 2014 HOB

ForeScout CounterACT. Configuration Guide. Version 4.1

Industrial L2/L4 Managed Gigabit Switch. With 4-Port 802.3at PoE+ IGS P4T/IGS P4T2S. Quick Installation Guide

Troubleshooting Autonomous Access Points

Nova series update F/W & Boot code from Boot Utility

AWS Remote Access VPC Bundle

<Partner Name> <Partner Product> RSA SECURID ACCESS. VMware Horizon View 7.2 Clients. Standard Agent Client Implementation Guide

Operational User Guidance and Preparative

L2+ Managed Gigabit/10 Gigabit Ethernet Switch GS-5220 Series

Connectivity options configuration

L2+ Managed PoE Switch GS-5220 PoE Series

Configuring the Switch with the CLI-Based Setup Program

Forescout. Configuration Guide. Version 4.2

2017/05/12 20:51 1/11 Mikrotik -> Basic

Installing and Configuring vcloud Connector

Pulse Secure Desktop Client

Active Directory as a Probe and a Provider

Horizon Air 16.6 Administration. VMware Horizon Cloud Service Horizon Cloud with Hosted Infrastructure 16.6

Industrial L2+ Multi-Port Full Gigabit. Managed Ethernet Switch IGS-10020MT / IGS-10020PT/HPT / IGS-10080MFT IGS-12040MT / IGS-20040MT / IGS-20160HPT

Administering vrealize Log Insight. April 12, 2018 vrealize Log Insight 4.6

Lab Establishing a Console Connection to a Router or Switch Instructor Version

Transcription:

IVE Quick Startup Guide - OS 4.0 Initial Setup Once you receive the IVE device, unpack the IVE and connect it to a PC or Laptop using the console (null modem) cable provided with the IVE. You have to connect the IVE console port (9 pin D type Male) to the serial port on your workstation with the VT100 terminal emulation program. The pin configuration of console cable is given below: Pin No. Signal Description 1 Data Carrier Detect 2 Receive Data 3 Transmit Data 4 Data Terminal Ready 5 Signal Ground 6 Data Set Ready 7 Request to Send 8 Clear to Send 9 Ring Indicator Netscreen IVE DB-9 DB-9 Connector to (Female) PC or Laptop 2 3 3 2 1 and 8 7 7 1 and 8 5 5 4 6 6 4 After connecting the console port to the PC configure Hyper Terminal as given below: 1. Go to Start Program Accessories Communication Hyper Terminal. 2. You can enter any thing in the Name filed. It is just a display name. 3. From Connect using drop down select the communication port on which you have connected the IVE. Usually it s COM1 or COM2. If you have only one communication port then it will be COM1. 4. The COM1 Properties will be as given below: Bit per second : 9600 Data bits : 8 Parity : None Stop bits : 1 Flow control : None

You will see following on the screen: Wait until you get the following screen shot These are interactive options. Please follow the screen instructions (including entering the network settings) and few suggestions given below: 1. For Link Speed select Auto. 2. For Common name use the URL which you or users are going to use for connecting. E.g. connect.neoteris.com and when users connect to IVE they will use https://connect.neoteris.com. If this URL is different from the URL which you or users will be using, they will be prompted for certificate every time when ever they connect to IVE.

3. Random text generates the self signed certificate for your company for the URL entered in the Common name. Once you are done with the above configuration you will see the following screen: When you press enter you will see the following screen: Description of above options: 1. View/set network settings (IP, netmask, gateway, link speed, DNS, WINS): You can use this option to change the network settings from the console. The current option is displayed in square brackets. 2. Create admin username and password: Using this option you can create new admin accounts. This option is used if you have forgotten the password for the previous admin account. You cannot create the same admin account or reset the password for the previous admin account from console. 3. Display Log: It will display the admin logs.

4. Ping to a server: Using this option you can test the connectivity to the server i.e. you can check whether the IVE can reach the server or not. 5. Trace route to a server: You can see the path and number of hops IVE takes to reach a server. 6. Remove all static routes: If you have configured any static routes and you are not able to get into IVE or if you are not able to delete the route from GUI, in that case you can use this option. 7. Reboot IVE 8. Toggle password protection for the console (Off): Using this option you can give password to the console. You have to provide the password to access the console. If you forget the console password then you need to rollback or do a factory reset. 9. Create a Super Admin session: By any chance if you have changed the admin realm or sign-in page or you are not able to access the admin page for any reason, you can use this option to generate a code using which you can connect to the IVE as super admin and do the changes. This code is only valid for three minutes. You have to connect to https://<ive-host>/dana-na/auth/recover.cgi and enter the recovery token within that three minutes. 10. Print ARP Cache: You can see the IVE ARP cache information. 11. Clear ARP Cache: You can clear the IVE ARP cache. 12. Print Routing Table: You can see the IVE routing table. For logging-in to IVE as administrator from GUI you can use the URL https://<ive IP address>/admin or https://<ive FQDN>/admin and use the administrator username and password which you created at the time of initial setup. If you have forgotten the username and password you can connect back to console and use option 2 to cerate a new admin username and password. Upgrading the IVE OS You may sign-in with your support credentials to Juniper support site and download the latest OS version and save it on your hard disk (http://www.juniper.net/support). 1. Sign-in to the IVE as Administrator. 2. Go to Maintenance System Upgrade/Downgrade. 3. In Service package to install filed select the OS which you have downloaded. 4. Make sure that Delete all system user data is unchecked and click on Install Now tab. Installation will take about 10 15 minutes. After 10 15 minutes, if you are unable to access the IVE, connect the IVE console to a laptop or PC and check the installation status. If it is stuck at some point please contact the Juniper support.

License Installation Login to the IVE as administrator and go to Configuration Licensing and install the license that was sent to you by email. To install the license copy the Company name from the email and paste in the Company Name field and then copy everything under License (Permanent) and paste in the License Key(s) field. Before clicking Save Changes, make sure that there are no spaces in front and back of each line in Company Name and License Key(s) fields. Certificate Installation In initial configuration, IVE installs a self signed certificate. If you use the same URL which you entered while generating the self signed certificate, users will not be prompted for the certificate and you can use the same certificate. If you have bought a valid certificate from a CA, follow the steps given below to install it on the IVE. 1. Go to Configuration Certificate Server Certificates. 2. Click on Import/Renew. 3. Save the certificate sent by CA on the system. 4. Under Import the Certificate for a pending CSR: select the certificate saved on the system and click on Import. Administrator Timeout & External Access Configuration 1. Go to Administrator Delegation.Administrators. 2. Under General go to Session Option. 3. You may change the value of Idle Timeout here. 4. You may change the value of Max. Session Length here. This value should be higher than the Idle Timeout. 5. For enabling external access for administrator go to Administrator Authentication Admin Users Authentication Policy. 6. In Source IP under Administrators sign in on the external port check the box Enable administrators to sign in on the external port. This will allow administrators to login as admin to the IVE s external port. To enable user access you have to perform the 4-step basic configuration given below: I. Creating a role. II. III. IV. Configure resource policies for the above role. Creating an authentication server. Creating a realm. I. Creating Role(s)

1. Go to Users Roles. 2. Click on New Role. 3. In the Name and Description field you can enter any name arbitrary. 4. If you want to use the default option for Session Options and UI Options under Options, then uncheck the box or click on Edit and change the options. 5. Under Access features check the feature you want to enable for this particular role. For initial configuration and testing select Web. 6. Go to Users Roles Select the Role Web Options. 7. Select the options depending on type of access or permissions you want to give to users. If you check the box Auto-allow role bookmarks, IVE will automatically create a resource policy for the bookmark. 8. Go to Users Roles Select the Role Web Bookmarks. 9. Click on New Bookmark. 10. In the Name and Description field you can enter any name arbitrary. 11. In the URL field enter the URL of the website which users can access via IVE. E.g. http://www.yahoo.com or http://intranet.yourcompany.com. 12. Save the changes. Note: You can also configure Secure Application Manager, Windows and UNIX/NFS file share, Network, Telnet/SSH, Meeting, Email Client etc. For configuring all these option refer to the administrator guide. II. Creating Resource Policies 1. Continuing on the Web theme, go to Resource Policies Web. 2. While configuring role if you have not selected Auto-allow role bookmarks, you will not see any policies. If there is no policy please click on New Policy. 3. For testing purpose let s create an open policy. In the Name and Description field you can enter any name arbitrary. 4. Under Resources in Resources field enter an * (This will be an open policy). If you want to create policies only for the resources or bookmarks you have created, enter the FQDN or Hostname or IP address of the resource or the web site for which you have created the bookmark. The Resources field will have http://www.yahoo.com or http://intranet.yourcompany.com value for the example mentioned in step 11 of Creating Roles. 5. Under Roles select Policy applies to SELECTED roles, select the role which you created above from the Available roles list and on Add. 6. Under Action select Allow access.

7. Save the Changes III. Creating Authentication Server(s) 1. Go to Signing-In Servers 2. From New drop down menu select the Authentication Server. 3. Click on New Server. Assume that in step 2 you selected Active Directory / Windows NT. 1. In the Name field you can enter any name arbitrary. 2. In Primary Domain Controller or Active Directory and Backup Domain Controller or Active Directory field enter the FQDN or Hostname or IP address Primary Domain Controller or Active Directory and Backup Domain Controller or Active Directory. IVE should be able to resolve the FQDN or Hostname. 3. In Domain field enter the AD or NT domain. 4. If you do group lookup or want to allow users to change there AD password via IVE, then enter the AD administrator or AD domain administrator username and password. 5. Save the changes. Assume that in step 2 you have selected Radius 1. In the Name field you can enter any name arbitrary. 2. In Radius Server field enter the FQDN or Hostname or IP address of the Radius Server. IVE should be able to resolve the FQDN or Hostname. 3. In the Port field enter the port number on which radius is listening for authentication. Usually it is 1645 or 1812. 4. In Radius you have to add the IVE as a client and create a secret. Enter the same secret in the Shared Secret field. 5. If you have secondary Radius then enter the FQDN or Hostname or IP address of the Radius Server in the Secondary Radius Server field. 6. In the Secondary Radius Port field enter the port number on which radius is listening for authentication. Usually it is 1645 or 1812. 7. In Secondary Radius also you have to add the IVE as a client and create a secret. Enter the same secret in the Secondary Radius Secret field. 8. Save the changes. IV Creating Realm(s) 1. Go to Users Authentication. 2. Click on New.

3. In the Name and Description field you can enter any name arbitrary. 4. Under Server from the Authentication server select the authentication server you have created that you intend to use. 5. You may use AD as LDAP or any other LDAP server for group lookup. If you are doing group lookup then select the server from the Directory/Attribute server drop down menu. For initial setup you may leave this option or refer to admin guide for more details. 6. Check the box When editing, start on the Role Mapping page. Next time you click on the realm it will take you directly to the role mapping page. 7. Save the changes. 8. Go to Users Authentication Role Mapping. 9. Click on New Rule. 10. For testing purpose select Username from the Rule base on drop down menu. 11. Under Rule: If username... enter an *. 12. Under then assign these roles select the role which you created above and click on Add. 13. Save the changes. URL for user sign-in: https://<ive IP address> or https://<ive FQDN>. Login as a user and test the configuration. Note: You may look at the user access log for more information in case the authentication is unsuccessful.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback