Table of Contents
Advertisement
Setting Up NSM to Work with Infranet Controller and Infranet Enforcer
Copyright © 2010, Juniper Networks, Inc.
-DBE_CFG=${CFG_FILE} -DLOG4J_CFG=${LOG4J_CFG_FILE}
-XX:PermSize=64M -XX:MaxPermSize=64M -Xms128000000 - Xmx2048000000
com.netscreen.devicecomm.DeviceDirectiveManager -version -repo ${REPO_DEST_DIR}
-conf ${SVC_CFG_FILE}
The servers must be restarted after you change these parameters.
A ScreenOS firewall that is managed by NSM can also be configured as an Infranet
Enforcer in a UAC solution. To prevent conflicts between NSM and the Infranet Controller,
configure these firewall devices:
On the Infranet Controller, create the Infranet Enforcer instances:
1.
On the Infranet Controller, select UAC > Infranet Enforcer > Connection.
a.
Click New Enforcer.
b.
Enter the information requested in the display.
c.
Enter a password for the NACN password. You will use it again while setting up
d.
the Infranet Enforcer. If you are setting up a cluster instead of a single box, enter
all the serial numbers in the cluster, one per line.
Click Save Changes.
e.
Repeat Step 1b through Step 1e until all of your Infranet Enforcers have been entered.
f.
If you do not have one already, create a CA certificate for each Infranet Enforcer:
2.
Create a certificate signing request (CSR) for an Infranet Controller server certificate,
a.
and use the CA certificate to sign the server certificate.
Import the server certificate into the Infranet Controller.
b.
Import the CA certificate into the Infranet Enforcer.
c.
On each Infranet Enforcer, create the Infranet Controller instance:
3.
On the Infranet Enforcer, select Configuration > Infranet Auth > Controllers.
a.
Click New.
b.
Enter the parameters as prompted. The password in the second section must be
c.
the NACN password you entered in Step 1d.
Click OK.
d.
Important SSL VPN and Infranet Controller Instructions
5
Advertisement
Table of Contents
