Importing an Infranet Controller Device Through Not Reachable Workflow
You can add an Infranet Controller to your existing network using NSM and import its configurations. Using the Add Device Wizard, you can configure a connection between the management system and the physical device, and then import all device parameters, policies, objects, VPNs, and so on.
Import an Infranet Controller through Not Reachable workflow into NSM by following these procedures:
- Installing and Configuring the Infranet Controller Device
- Adding the Infranet Controller Device Through NSM
- Configuring and Enabling the DMI Agent on the Infranet Controller Device
- Confirming Connectivity and Importing the Infranet Controller Device Configuration
Installing and Configuring the Infranet Controller Device
Before you can add the Infranet Controller to NSM, you must install and configure the Infranet Controller device to have logon credentials for an NSM administrator.
To install and configure the Infranet Controller:
- Select System > Network > Overview on the
device’s admin console and ensure that basic connection information
such as the following are configured on the Infranet Controller.
- Network interface settings
- DNS settings
- Select Authentication > Auth Servers and enter the username
and password of the NSM administrator in the applicable authentication
Note: Only password-based authentication servers can be used. One-time password authentication is not supported.
- Select Administrators > Admin Roles and create a DMI agent role.
- Select Administrators > Admin Realms and create a DMI agent
administrator realm for the DMI agent on the device and use role mapping
to associate the DMI agent role and realm.
Note: Ensure that the Host Checker, browser, and certificate restrictions are not applied for the DMI agent role or realms.
For complete details on installing and configuring Infranet Controller devices, see the Juniper Networks Unified Access Control Administration Guide.
Adding the Infranet Controller Device Through NSM
To add the Infranet Controller device through the NSM UI:
- From the left pane of the NSM UI, click Configure.
- Expand Device Manager and select Devices. The Devices workspace appears on the right side of the screen.
- Click the Device Tree tab, click the New button, and select Device. The New-Device dialog box appears.
- Select Device is Not Reachable and click Next.
- Enter the device name, and select the required color, OS name (IC), platform, and managed OS version from the drop-down lists.
- From the Choose Device Server Connections Parameter
- Use Default Device Server IP Address and Port—Connects the device to the NSM device server IP address and port.
- Use Device Server Through MIP—Connects the NSM device server through a mapped IP address and port.
- Click Next, and a unique external ID gets generated automatically. This ID represents the device within the management system.
- Enter an admin username for the device admin.
- Set the Admin User Password and the First Connection
- Select Set Password and enter a new password.
- Confirm your new password and click OK.
- Make a note of the unique external ID. The device administrator will need it to configure connectivity with NSM. The wizard automatically enters this value for the device. This ID number represents the device within the management system.
- Specify the administrator username and password for the SSH connection. This name and password must match the name and password already configured on the device.
- Specify the First Connection One Time Password (OTP) that authenticates the device. Make a note of this password. The device administrator will need it to configure the connectivity with NSM.
- Click Finish to add the device to the NSM UI. The Infranet Controller appears in the Devices workspace.
Configuring and Enabling the DMI Agent on the Infranet Controller Device
You must configure and activate the DMI agent on the Infranet Controller device. It helps to establish SSH communications with the NSM application and to control the Infranet Controller from the NSM application.
To configure and enable the DMI agent:
- Select System > Configuration > DMI Agent to add the NSM management application.
- Under DMI settings for outbound connections, enter the device server's IP address in the Primary Server box..
- Enter 7804 in the Primary Port box.
- Fill in the Backup Server and Backup Port boxes, if a device server is configured for high availability.
- Enter the unique external ID provided by the NSM administrator in the Device ID box.
- Enter the first connection one-time password provided by the NSM administrator in the HMAC Key box.
- Click Enable to activate the DMI agent.
- Click Save Changes, and the device attempts to establish a session with the NSM application.
The device software initiates the TCP connection to NSM and identifies itself using the specified device ID and HMAC. Both sides then engage in SSH Transport Layer interactions to set up an encrypted tunnel. The NSM application authenticates itself to the Infranet Controller based on the username and password.
Confirming Connectivity and Importing the Infranet Controller Device Configuration
In NSM, validate connectivity with the device, and then import the device configuration:
- From the Devices workspace, select the Device List tab.
- Check the newly added device in the Connection Status column. The connection status must change from Never Connected to Up.
If the connection status appears as Device Platform Mismatch or Device Firmware Mismatch, delete the device from the application and add it back using the correct device platform and managed OS, respectively.
To import the device configuration:
- From the Devices workspace, select the Device List tab.
- Right-click the newly added Infranet Controller device and select Import Device. The Save Changes dialog box appears.
- If you are prompted to save policy or VPN changes, click Yes. The Device Import Option dialog box appears.
- Select Run Summarize Delta Config, and click OK and Yes. The Job Information dialog box displays the progress of the delta
config summary. You can also monitor the progress in Job Manager.
The next step is to verify the imported configuration using either the Device Monitor or the Device Manager in NSM. See “Verifying Imported Device Configurations (NSM Procedure)” for details.