Install JSA Console or a managed host on the JSA appliance that is FIPS
enabled.
Software versions for all JSA appliances in a deployment
must be same version and patch level. Deployments that use different
versions of software is not supported.
Ensure that the following requirements are
met:
The correct hardware is installed.
-
Create a bootable USB flash drive with Red Hat Linux. For more information,
see Creating a Bootable USB Drive with Red Hat Linux.
-
Install JSA with a USB flash drive. For more information, see USB Drive Installations.
You have the required license key for your appliance.
A keyboard and monitor are connected by using the VGA
connection.
There are no expired licenses on either the console or
the managed hosts.
-
If you are installing JSA on a Unified Extensible Firmware Interface (UEFI)
system, secure boot must
be disabled.
-
FIPS mode only: After the FIPS installation is complete, you must migrate
Docker Community Edition (CE) to Docker Enterprise Edition (EE) on your JSA
Console and 4000 appliance. You must ensure you have a Docker EE license.
For more information, see Migrating to Docker Enterprise Edition with FIPS.
Note:
FIPS mode only (For JSA 7.5.0 GA to JSA 7.5.0 Update Package 7): To install an
appliance with FIPS enabled, add qradar.fips=1
to the
vmlinuz
.
-
FIPS mode only (For JSA 7.5.0 GA to JSA 7.5.0 Update Package 7): On the Red Hat
Enterprise Linux 7.9 installation page, press Tab to edit
the
vmlinuz
.
-
FIPS mode only (For JSA 7.5.0 GA to JSA 7.5.0 Update Package 7): Add
qradar.fips=1
to the vmlinuz line and press
Enter. The result might look similar to this example:
vmlinuz initrd=initrd.img
inst.stage2=hd:LABEl=QRadar-2020_11_0_20201210153453 quiet inst.text
inst.gpt
inst.ks=hd:LABEL=QRadar-2020_11_0_20201210153452console=ttyS0,9600
console=tty1 qradar.fips=1
- Use SSH to log in as the root user.
-
Accept the End-User license Agreement.
-
If you selected High Availability Appliance complete the
following steps:
-
Select HA appliance (All models) 500 as the
functionality.
-
Select whether the high-availability (HA) appliance is a standby for
a console or non-console appliance.
-
Select Next.
-
If you did not choose High Availability Appliance,
select the appliance assignment, and then select
Next.
-
For the type of setup, select Normal Setup (default) or
HA Recovery Setup, and set up the time.
-
If you selected HA Recovery Setup, enter the cluster
virtual IP address.
- Select the Internet Protocol version:
- If you selected ipv6, select manual or auto for the Configuration type.
-
If required, select the bonded interface setup,
- Select the management interface.
Note:
If the interface has a link (cable connected), a plus sign (+) is
displayed before the description.
- In the wizard, enter a fully qualified domain name in
the Hostname field.
Note:
The hostname must not contain only numbers.
- In the IP address field, enter a static IP
address, or use the assigned IP address.
Note: If you are configuring this host as a primary host for
a high availability (HA) cluster, and you selected Yes for
auto-configure, you must record the automatically-generated IP address.
The generated IP address is entered during HA configuration.
For more information, see the Juniper Secure Analytics
High Availability Guide.
-
If you are installing a Console, enter an admin password
that meets the following criteria:
-
Contains at least 8 characters
-
Contains at least one uppercase character
-
Contains at least one lowercase character
-
Contains at least one digit
-
Contains at least one special character: @, #, ^, or *.
-
Enter root
password that meets the following criteria:
-
Contains at least 5 characters
-
Contains no spaces
-
Can include the following special characters: @, #, ^, and *.
- Click Finish.
A series of messages appears as JSA continues with the installation. Based on
the appliance ID selected, the installation process may take from several
minutes to few hours to
complete.
When the JSA installation process is complete, the message window
appears.
- Apply your license key.
Log in to JSA:
The default user name is admin. The password is the
password of the admin user account.
Click Login To JSA.
Click the Admin tab.
In the navigation pane, click System Configuration.
Click the System and License Management icon.
From the Display list box, select Licenses, and upload your license key.
Select the unallocated license and click Allocate
System to License.
From the list of systems, select a system, and
click Allocate System to License.
-
Click Deploy License Changes.
- If you want to add managed hosts, see the Juniper
Secure Analytics Administration Guide.
-
FIPS mode
only:
Verify that FIPS mode is enabled by typing the following command.
/opt/qradar/bin/myver -fips
The output is 'true' on a FIPS mode enabled system and 'false' when FIPS mode
is not enabled.
If the result is false, try to reinstall with FIPS mode enabled.
-
FIPS mode only (For JSA 7.5.0 Update Package 8): To enable FIPS mode, run the
following command on each host in the deployment.
/opt/qradar/bin/qradar_fips_toggle.sh enable
Reboot the system when the script completes running.