Table of Contents
Advertisement
Best Practice: Use MGT0 or MGT1 Ethernet interface for system-wide management
Firmware considerations
During the initial firmware configuration, the script prompts you for supported
operational modes and the password for the admin account.
Considerations for operational modes
Depending on the model type of the DataPower appliance, the script prompts you
to enable or disable operational modes.
Attention: Use care when making your selections for operational modes. If you
select an incorrect mode for your environment, the only way to change an
operational mode is to reinitialize the appliance.
Disaster recovery mode
Common criteria mode
Consideration for the password for the admin account
The first time that you boot the DataPower appliance from a serial connection is
different from any subsequent boot.
v On the first boot, you must initialize the appliance. The initialization routine
24
Installation and User's Guide
functions to handle network traffic for incoming SNMP, SSH, and
Web Management (WebGUI) functions on your intranet. If you have
a serial over LAN connection, it must be configured on MGT0.
The remaining Ethernet interfaces can handle data traffic and
logging functions to and from the various DataPower services.
Disaster recovery mode allows you to create a secure backup that you can
use to restore all settings for an appliance. A secure backup creates a set of
files that you can use to recover the configuration of a lost appliance. A
secure backup contains private data on the appliance (certificates, keys,
and user data). An administrator cannot see this data in the backup. The
appliance encrypts this data with the DataPower key .
The backup-restore process must be used among appliances that are at the
same firmware level and have the same compatible configuration (auxiliary
storage, iSCSI, and so forth). You can use the disaster recovery process
during the end-of-life migration to move configuration details from one
appliance to another.
Common Criteria mode (CC mode) puts the appliance in a mode that
enforces a set of policies defined by the CC certification. If you are unsure
about whether to use this mode, then you most likely should not. In
general, this mode is only used when required by a specific authority. If
this is not a specific requirement for your use of the appliance, use normal
mode. CC mode is not more secure than normal mode.
CC mode forces several settings to specific values. The appliance enforces
these values at reboot if changed. These values affects audit log policies
and includes a group of default rules and actions.
prompts you to accept the license agreement and change the password for the
admin account (see "Procedure 2 of 4: Initializing the appliance" on page 27).
After initialization, create a user with a group-defined account type with the
appropriate access policy or the privileged account type as a back up for the
admin account. A privileged user or a group-defined user with the appropriate
access policy can log in and reset the password for the admin account. See
Advertisement
Table of Contents
Troubleshooting
