Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Configuring Policy Enforcer Basic Settings

    Policy Enforcer is delivered as an OVA package to be deployed inside your VMware ESX network. As with other Junos Space virtual appliances, the connector requires either a VMware ESX server version 4.0 or later or a VMware ESXi server version 4.0 or later that can support a virtual machine with the following configuration:

    • 2 CPUs
    • 8-GB RAM
    • 80-GB disk space

    You need to enter several configuration settings for Policy Enforcer. You can use the following table to record your settings for later use.

    Configuration Setting

    Value

    Policy Enforcer hostname

    Policy Enforcer static IP address

    Network mask

    Default gateway

    Primary and secondary DNS server

    (Optional) Failover Policy Enforcer static IP address

    (Optional) Virtual IP address

    (Optional) NTP servers

    Customer ID—Your Juniper Networks-defined identifier that entitles you to use Policy Enforcer. This is typically the same as the SiteID tied to your support account.

    Administrator password

    Once you have deployed Policy Enforcer, you can configure its basic network settings.

    To configure the connector network settings:

    1. Launch the vSphere Client that is connected to the ESX Server where Policy Enforcer is to be deployed and power on the connector virtual machine.

      The welcome page appears. See xxx.

      Figure 1: Spotlight Secure Connector Welcome Page

      Spotlight Secure Connector Welcome
Page
    2. Click OK.

      The End User License Agreement (EULA) window appears.

    3. Click Accept to acknowledge the EULA. If you do not agree with the EULA, click Cancel. Your configuration will stop and you will return to the main vSphere Client page.

      The Network configuration page appears. See xxx.

      Figure 2: Defining the Basic Network Configuration Settings

      Defining the Basic Network Configuration
Settings
    4. Enter the following configuration information.

      Option

      Description

      Hostname

      Enter the hostname for the Policy Enforcer virtual appliance; for example, policy.enforcer.juniper.net.

      IP address

      Enter the static IP address for the Policy Enforcer virtual appliance; for example, 172.24.1.105. Policy Enforcer does not support DHCP to assign its IP address.

      Network mask

      Enter the netmask for the Policy Enforcer virtual appliance; for example, 255.255.255.0.

      Default gateway

      Enter the IP address of the default gateway that connects your internal network to external networks; for example, 172.24.0.1.

      Primary DNS server

      Enter the IP address of your primary system registered to join the Domain Name System (DNS); for example, 8.8.8.8.

      Secondary DNS server

      Enter the IP address of a secondary DNS server; for example, 8.8.4.4. Policy Enforcer uses this address only when the primary DNS server is unavailable.

      Skip DNS servers check

      Select this check box if you do not want to check basic network settings. By default, the system will ping the gateway to ensure it receives a response indicating your settings are correct.

    5. Click Apply Changes.

      Your network settings are applied. A progress window indicates the status.

      When the system is finished updating your network settings, an NTP server window appears and prompts you to configure the NTP server list. See xxx.

      Figure 3: Prompt for Configuring the NTP Servers

      Prompt for Configuring
the NTP Servers
    6. Click Yes to customize the NTP server list. Click No to use the default list of 0, 1, 2 and 3.centos.pool.ntp.org.
    7. (Optional) Specify the NTP servers to use. See xxx. Click Apply Changes to accept your edits, Clear All to clear all fields in this window, or Cancel to discard any edits and continue to the next step.

      Figure 4: Configuring the NTP Servers

      Configuring the NTP Servers

      The HA Cluster Configuration prompt appears.

    8. (Optional) Click Yes to set up a high-availability cluster (also called a failover cluster.)

      The HA Cluster Configuration page appears. See xxx.

      Figure 5: Option to Define a Failover Device

      Option to Define a Failover Device
    9. Enter the following configuration information.

      Option

      Description

      Remote connector instance IP address

      Enter the IP address of the failover Policy Enforcer virtual appliance; for example, 172.24.1.106.

      When the primary Policy Enforcer virtual appliance is unreachable, the failover Policy Enforcer is used. A health check is performed every 60 seconds. Depending on the severity of the failure, failover can take between 60 seconds and 15 minutes. If the remote host cannot be reached, failover occurs in 60 seconds.

      Virtual IP address

      Enter the virtual IP (VIP) shared between the two Policy Enforcer hosts. The VIP serves as the primary external contact point for connected devices like the SRX Series Services Gateways. When failover occurs, the VIP is reassigned to the standby Policy Enforcer host and it becomes the new active device.

    10. Click Apply.

      The Customer Information page appears. See xxx.

      Figure 6: Entering Customer Information

      Entering Customer Information
    11. Enter your customer ID. This might be your SiteID tied to your support account.
    12. Click OK.

      The Root password change page appears. See xxx.

      Figure 7: Changing the Root Password

      Changing the Root Password
    13. Enter and reenter a new administrator password for the connector virtual appliance.

      Passwords must be at least eight characters in length. If you forget your password, see CentOS root password reset instructions.

    14. Click OK.

      The Juniper Networks Policy Enforcer page appears. See xxx.

      Figure 8: Reviewing and Changing Your Configuration Settings.

      Reviewing and Changing Your Configuration
Settings.
    15. Select one of the options and press Enter.

      Option

      Description

      Review configuration and finish setup

      Lets you review the configuration settings you defined one last time before applying them to the connector virtual appliance.

      We recommend that you do not change your configuration settings after the connector is added as a specialized node to the Junos Space fabric.

      Change...

      Select a setting to update its value.

      Troubleshooting menu

      Lets you ping the default gateway, remote HA device (if configured), and custom IP address (if configured). Also lets you perform a DNS lookup to verify that your settings are correct.

      The Review configuration page appears. See xxx.

      Figure 9: Reviewing Your Configuration Settings

      Reviewing Your Configuration Settings
    16. Review your configuration settings and click Finish setup. To change any of the settings, click Change configuration.

      When you click Finish setup, the configuration settings are applied to the connector virtual appliance. A status page indicates the progress.

      When done, the Setup Complete page appears. See xxx.

      Figure 10: Completing the Setup Steps

      Completing the Setup Steps
    17. Click Finish to return to the main vSphere Client page.

    Modified: 2016-10-17