Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Using the Redirect Server for Zero Touch Provisioning


The Redirect Server provides authentication and authorization of remote devices (NFX Series and SRX Series) that requests a boot image and initial configuration files.

The Redirect Server authenticates a remote device and establishes communication between the remote device and the assigned regional or central server (in your CSO deployment), after which CSO automatically pushes the stage-1 configuration to the device.

In the Redirect Server, you must specify the following information for the device to obtain the stage-1 configuration from CSO:

  • CSO regional or central VM IP address

    • For large deployments, IP address of the csp-regional-lbvm1 or csp-regional-lbvm2, or the regional virtual IP (VIP) address.

    • For medium deployments, IP address of the csp-central-lbvm1 or csp-central-lbvm2, or the central VIP address.

    • For small deployments, the central microservices VM.

    For more information about VMs, see CSO Deployment Guide.

  • Server certificate, and

  • Serial number of the device

To add information on servers, certificates, and serial number:

  1. Login to the Redirect Server.

    You need an account to login to the Redirect Server. To create an account, contact your sales representative.

  2. Add server details and upload the SSL certificate.
    1. On the Redirect Server page, click Manage Servers.

      The Manage Servers page appears

    2. Click Add New Server.

      The Add a Server panel appears. Specify the following information:

      • Hostname—Specify the IP address or fully qualified domain name (FQDN) of the regional or central server.

      • Port—Specify the port configured to communicate with the remote devices.

      • Trust Anchor—Specify the SSL certificate for the central or regional server. The certificate is located in the /etc/pki/tls/certs directory on the central or regional server.

    3. Click Add Server.

    4. Click Done.

    On the Redirect Server, the server details are listed.

  3. Add devices:
    1. On the Redirect Server page, click Add Devices.

      The Add Device page appears.

    2. Add devices through the GUI or by uploading a comma-separated values (CSV) file

      • To add devices by uploading a CSV file, click Load CSV File and select the CSV file from the local drive.

      • To add devices through the GUI, in the Serial Number field, specify the serial numbers of the devices, separated by commas.

    3. Click Add Device.

    The device details are listed on the Redirect Server page.

The stage-1 configuration is applied to the device and the device is ready for provisioning.