Table of Contents
Advertisement
Setting Up NSM to Work With Infranet Controller and Infranet Enforcer
Avoiding Naming Conflicts of the Authorization Server Object
Copyright © 2010, Juniper Networks, Inc.
In the Non-members list, select the devices that you want to be part of the Sales
5.
device group.
Click Add to move the selected devices to the Member list (or drag the selected
6.
devices into the Member list), and then click OK.
A ScreenOS firewall that is managed by NSM can also be configured as an Infranet
Enforcer in a UAC solution.
The Infranet Controller specifies an authorization server $infranet for each Infranet
Enforcer in its list. This name is required for correct operation between the Infranet
Controller and the Infranet Enforcer. Conversely, if NSM has multiple Infranet Enforcers
in its global domain, it will distinguish among them by renaming additional Infranet
Enforcers $infranet_1, $infranet_2, and so on. To resolve this naming conflict, you must
move each Infranet Controller to a separate NSM domain.
In addition, because the Infranet Controller regularly changes its NACN password with
the Infranet Enforcer, you should always import the Infranet Enforcer into NSM before
performing a device update to it.
The following procedures prevent these conflicts between NSM and the Infranet
Controller:
Avoiding Naming Conflicts of the Authorization Server Object on page 183
Avoiding NACN Password Conflicts on page 185
To avoid naming conflicts with the authorization server objects, follow these steps:
On the Infranet Controller, create the Infranet Enforcer instances:
1.
On the Infranet Controller, select UAC -> Infranet Enforcer -> Connection.
a.
Click New Enforcer.
b.
Fill out the information requested in the display.
c.
Enter an NACN password. Remember it because you will need to use it again while
setting up the Infranet Enforcer. If you are setting up a cluster instead of a single
device, enter all the serial numbers in the cluster, one per line.
Click Save Changes.
d.
Repeat Steps b through d until all of your Infranet Enforcers have been entered.
e.
If you do not have one already, create a CA certificate for each Infranet Enforcer.
2.
Create a certificate signing request (CSR) for an Infranet Controller server certificate,
a.
and use the CA certificate to sign the server certificate.
Import the server certificate into the Infranet Controller.
b.
Chapter 4: Adding Devices
183
Advertisement
Table of Contents
Need help?
Do you have a question about the NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1 and is the answer not in the manual?
Questions and answers