Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Configuring IF-MAP Client Settings on the Secure Access Device (NSM Procedure)

    You must identify the IF-MAP server to each Infranet Controller and SA appliance IF-MAP client. To add the server, you specify the IF-MAP URL of the server and how to authenticate to the server. Match the URL and security settings to equal those on the IF-MAP server(s) to which the IF-MAP client will connect.

    To configure IF-MAP client settings on the Infranet Controllers or SA appliances that will be IF-MAP clients:

    1. In the NSM navigation tree, select Device Manager > Devices. Click the Device Tree tab, and then double-click the Secure Access device for which you want to configure IF-MAP client settings.
    2. Click the Configuration tab. In the configuration tree, select System > IF–MAP Federation > Overview.
    3. From the IF-MAP Configuration list, select IF-MAP Client.
    4. Type the server URL for the IF-MAP Web service on the IF-MAP server. For a Juniper IF-MAP server, use:

      https://<FQDN>/dana-ws/soap/ifmap

      FQDN is the fully qualified domain name of the replica's internal or external interface; for a cluster, the FQDN of the internal or external VIP should be used.

    5. Under Authentication Type, select the Client Authentication Method: Basic or Certificate.
      • If you select Basic, enter a username and password. The same information should be added to the IF-MAP server.
      • If you select Certificate, choose which Certificate Authority (CA) to use to verify the certificate for this client. Optionally, specify certificate attributes or restrictions to require values for certain client certificate attributes.
      • Ensure that the certificate of the CA that signed the IF-MAP server certificate is added from the System > Configuration > Certificates > Trusted Server CAs page.

        The IF-MAP client validates the IF-MAP server certificate: if validation fails, the connection fails. Ensure that the hostname in the IF-MAP URL on the client machine matches the hostname of the server certificate on the IF-MAP server, and that the CA that signed the server certificate is configured as a trusted server CA on the IF-MAP client.

    6. Click OK to save the changes.

    Published: 2013-01-03