Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Configuring Spotlight Secure Connector

 

Spotlight Secure Connector is delivered as an OVA package to be deployed inside your VMware ESX network. As with other Junos Space virtual appliances, the connector requires either a VMware ESX server version 4.0 or later or a VMware ESXi server version 4.0 or later that can support a virtual machine with the following configuration:

  • 2 CPUs

  • 8-GB RAM

  • 80-GB disk space

You need to enter several configuration settings for Spotlight Secure Connector. You can use the following table to record your settings for later use.

Configuration Setting

Value

Spotlight Secure Connector hostname

Spotlight Secure Connector static IP address

Network mask

Default gateway

Primary and secondary DNS server

(Optional) Failover Spotlight Secure Connector static IP address

(Optional) Virtual IP address

(Optional) NTP servers

Customer ID—Your Juniper Networks-defined identifier that entitles you to use Spotlight Secure Connector. This is typically the same as the SiteID tied to your support account.

Administrator password

The steps to configuring the connector are as follows:

Configuring Spotlight Secure Connector Network Settings

Once you have deployed the connector, you can configure its basic network settings.

Note

When you first log in to the connector, you are prompted for credentials. The default username is root. The default password is abc123.

To configure the connector network settings:

  1. Launch the vSphere Client that is connected to the ESX Server where Spotlight Secure Connector is to be deployed and power on the connector virtual machine.

    The welcome page appears. See Figure 1.

    Figure 1: Spotlight Secure Connector Welcome Page
    Spotlight Secure Connector Welcome
Page
  2. Click OK.

    The End User License Agreement (EULA) window appears.

  3. Click Accept to acknowledge the EULA. If you do not agree with the EULA, click Cancel. Your configuration will stop and you will return to the main vSphere Client page.

    The Network configuration page appears. See Figure 2.

    Figure 2: Defining the Basic Network Configuration Settings
    Defining the Basic Network Configuration
Settings
  4. Enter the following configuration information.

    Option

    Description

    Hostname

    Enter the hostname for the Spotlight Secure Connector virtual appliance; for example, connector.juniper.net.

    IP address

    Enter the static IP address for the Spotlight Secure Connector virtual appliance; for example, 172.24.1.105. Spotlight Secure Connector does not support DHCP to assign its IP address.

    Network mask

    Enter the netmask for the Spotlight Secure Connector virtual appliance; for example, 255.255.255.0.

    Default gateway

    Enter the IP address of the default gateway that connects your internal network to external networks; for example, 172.24.0.1.

    Primary DNS server

    Enter the IP address of your primary system registered to join the Domain Name System (DNS); for example, 8.8.8.8.

    Secondary DNS server

    Enter the IP address of a secondary DNS server; for example, 8.8.4.4. Spotlight Secure Connector uses this address only when the primary DNS server is unavailable.

    Skip DNS servers check

    Select this check box if you do not want to check basic network settings. By default, the system will ping the gateway to ensure it receives a response indicating your settings are correct.

  5. Click Apply Changes.

    Your network settings are applied. A progress window indicates the status.

    When the system is finished updating your network settings, an NTP server window appears and prompts you to configure the NTP server list. See Figure 3.

    Figure 3: Prompt for Configuring the NTP Servers
    Prompt for Configuring
the NTP Servers
  6. Click Yes to customize the NTP server list. Click No to use the default list of 0, 1, 2 and 3.centos.pool.ntp.org.
  7. (Optional) Specify the NTP servers to use. See Figure 4. Click Apply Changes to accept your edits, Clear All to clear all fields in this window, or Cancel to discard any edits and continue to the next step.
    Figure 4: Configuring the NTP Servers
    Configuring the NTP Servers

    The HA Cluster Configuration prompt appears.

  8. (Optional) Click Yes to set up a high-availability cluster (also called a failover cluster.)

    The HA Cluster Configuration page appears. See Figure 5.

    Figure 5: Option to Define a Failover Device
    Option to Define a Failover Device
  9. Enter the following configuration information.

    Option

    Description

    Remote connector instance IP address

    Enter the IP address of the failover Spotlight Secure Connector virtual appliance; for example, 172.24.1.106.

    When the primary Spotlight Secure Connector virtual appliance is unreachable, the failover Spotlight Secure Connector is used. A health check is performed every 60 seconds. Depending on the severity of the failure, failover can take between 60 seconds and 15 minutes. If the remote host cannot be reached, failover occurs in 60 seconds. If there is an internal failure in updating multiple Spotlight Secure Connector feeds, it can take up to 15 minutes for failover to occur.

    Virtual IP address

    Enter the virtual IP (VIP) shared between the two Spotlight Secure Connector hosts. The VIP serves as the primary external contact point for connected devices like the SRX Series Services Gateways. When failover occurs, the VIP is reassigned to the standby Spotlight Secure Connector host and it becomes the new active device.

  10. Click Apply.

    The Customer Information page appears. See Figure 6.

    Figure 6: Entering Customer Information
    Entering Customer Information
  11. Enter your customer ID. This might be your SiteID tied to your support account.
  12. Click OK.

    The Root password change page appears. See Figure 7.

    Figure 7: Changing the Root Password
    Changing the Root Password
  13. Enter and reenter a new administrator password for the connector virtual appliance.

    Passwords must be at least eight characters in length. If you forget your password, see CentOS root password reset instructions.

  14. Click OK.

    The Juniper Networks Security Intelligence Connector page appears. See Figure 8.

    Figure 8: Reviewing and Changing Your Configuration Settings.
    Reviewing and Changing Your Configuration
Settings.
  15. Select one of the options and press Enter.

    Option

    Description

    Review configuration and finish setup

    Lets you review the configuration settings you defined one last time before applying them to the connector virtual appliance.

    We recommend that you do not change your configuration settings after the connector is added as a specialized node to the Junos Space fabric.

    Change...

    Select a setting to update its value.

    Troubleshooting menu

    Lets you ping the default gateway, remote HA device (if configured), and custom IP address (if configured). Also lets you perform a DNS lookup to verify that your settings are correct.

    The Review configuration page appears. See Figure 9.

    Figure 9: Reviewing Your Configuration Settings
    Reviewing Your Configuration Settings
  16. Review your configuration settings and click Finish setup. To change any of the settings, click Change configuration.

    When you click Finish setup, the configuration settings are applied to the connector virtual appliance. A status page indicates the progress.

    When done, the Setup Complete page appears. See Figure 10.

    Figure 10: Completing the Setup Steps
    Completing the Setup Steps
  17. Click Finish to return to the main vSphere Client page.

Adding Spotlight Secure Connector as a Specialized Node in Junos Space

As with other Junos Space appliances, you add Spotlight Secure Connector to the Junos Space Network Management Platform. You can add multiple connector devices to the existing Junos Space fabric, but you can add only one at a time.

To add Spotlight Secure Connector to the Junos Space fabric:

  1. On the Junos Space Network Management Platform user interface, select Administration > Fabric and then click the Add Fabric Node icon. See Figure 11.
    Figure 11: Adding a New Fabric
    Adding a New Fabric

    The Add Node to Fabric dialog box appears. See Figure 12.

    Figure 12: Add Node to Fabric Dialog Box
    Add Node to Fabric Dialog Box
  2. Enter the following information.

    Option

    Description

    Name

    Enter a name for the Spotlight Secure Connector device. The name cannot exceed 32 characters and cannot contain spaces.

    IP

    Enter the IP address of the Spotlight Secure Connector. This is the IP address you assigned to the Spotlight Secure Connector when running the bootstrap script.

    User and Password

    Enter the login credentials (SSH username and password) of the Spotlight Secure Connector.

    The credentials must be the same as those you specified when you ran the configuration step.

    If the credentials do not match, the add node operation (job) fails and Junos Space Network Management Platform displays the following error message on the Job Management workspace: Please check network credentials.

  3. (Optional) Schedule when you want to add the fabric node:
    • Clear the Schedule at a later time check box (the default) to initiate the add operation when you complete Step 7 of this procedure.

    • Select the Schedule at a later time check box to specify a later start date and time for the add operation.

    Note

    The selected time in the scheduler corresponds to the Junos Space server time but is mapped to the local time zone of the client computer.

  4. Click Add to add the connector to the fabric.

    It might take a few minutes to add Spotlight Secure Connector. When done, the Network Management Platform shows the appliance as having an UP status. See Figure 13.

    Figure 13: Spotlight Secure Connector Status in the Network Management Platform
    Spotlight Secure Connector Status
in the Network Management Platform

    Similarly, in the Junos Space Security Director Platform user interface select Security Intelligence > Spotlight Connectors. The Security Director Platform shows Spotlight Secure Connector as having an UP connection status when it is available. See Figure 14.

    Figure 14: Spotlight Secure Status in the Security Director Platform
    Spotlight Secure Status in
the Security Director Platform