Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Configuring IF-MAP Servers (NSM Procedure)

    You must add all IF-MAP clients to the Secure Access IF-MAP server to permit the server to communicate with its clients. To add clients, you must specify the IP address and the security mechanism and credentials for each client.

    An IF-MAP server certificate must also be installed on the IF-MAP server. The client verifies the server certificate when it connects to the server. The server certificate must be signed by a certificate authority (CA), the client must be configured to trust certificates signed by that CA, and the hostname in the server certificate must match the hostname in the IF-MAP URL on the client.

    To configure IF-MAP server settings on the Secure Access device that will be the IF-MAP server:

    1. In the NSM navigation tree, select Device Manager > Devices. Click the Configuration tab. In the configuration tree, select System > IF–MAP Federation > Overview.
    2. Click the Device Tree tab, and then double-click the Secure Access device for which you want to configure IF-MAP server settings.
    3. From the IF-MAP Configuration list, select IF-MAP Server.
    4. Click the OK button to save the changes.
    5. From the This Server tab, select Clients and Replicas and click the New button.
    6. Enter a name and an optional description for this client.
    7. From the Type list, select Client.
    8. Type one or more IP addresses of the client. If the client is multihomed, for best results list all of its physical network interfaces. If the client is an Infranet Controller or Secure Access cluster, list the internal and external network interfaces of all nodes. It is necessary to enter all of the IP addresses for all of the interfaces because equipment failures may cause traffic between the IF-MAP client and the IF-MAP server to be rerouted through a different network interface. Listing all of the IP addresses maximizes the probability that IF-MAP Federation still works in the event of a failure.
    9. Under Authentication Type, select the Client Authentication Method: Basic or Certificate.
      • If you select Basic, enter a username and password. The same information should be added to the IF-MAP server.
      • If you select Certificate, choose which CA to use to verify the certificate for this client. Optionally, specify certificate attributes or restrictions to require values for certain client certificate attributes.
    10. Click OK to save the IF-MAP client instance on the IF-MAP server.

    Published: 2013-01-03