Pulse Policy Secure Virtual Machine Initial Setup and ... Pulse Policy Secure ¢â‚¬â€œ Virtual Machine Setup

  • View
    2

  • Download
    0

Embed Size (px)

Text of Pulse Policy Secure Virtual Machine Initial Setup and ... Pulse Policy Secure...

  • Pulse Policy Secure

    Virtual Machine

    Initial Setup and Configuration Guide

    Contents Introduction ........................................................................................................................................................................... 1

    Setup and Configuration ........................................................................................................................................................ 2

    Prerequisites .................................................................................................................................................................. 2

    Overview ........................................................................................................................................................................ 2

    Section 1: Installation of the VM .................................................................................................................................... 2

    Section 2: CLI Configuration (Initial Configuration Wizard) ............................................................................................ 3

    Section 3: Profiler Configuration...................................................................................................................................... 8

    Section 4: PPS Configuration .......................................................................................................................................... 8

    Section 5: End-User Login ............................................................................................................................................. 20

    Section 6: Logs and Policy Trace ................................................................................................................................... 22

    Section 7: Deployment Guides ..................................................................................................................................... 24

    Introduction

    Pulse Policy Secure is a Network Access Control (NAC) solution built for the next generation of networks. Pulse Policy

    Secure delivers an easy-to-use BYOD ready granular access control solution that is context aware, identity enabled,

    location and device based for the most complex datacenter and cloud environments. Pulse Policy Secure enables safe,

    protected network and cloud access for a diverse user audience over a wide range of devices.

    This document will guide the user through the setup of Pulse Policy Secure (PPS) Virtual Machine (VM) from initial install

    to first end-user login to the PPS.

    Pulse Policy Secure – Virtual Machine Setup and Configuration Guide 1

  • Pulse Policy Secure – Virtual Machine Setup and Configuration Guide 2

    Setup and Configuration

    Prerequisites

    • A supported hypervisor such as VMWare (Server, Fusion, or Workstation), KVM or Hyper-V

    • Pulse Secure Virtual Appliance install package (.ovf) or physical hardware

    • Pulse Secure PPS software package (.pkg)

    • Pulse Secure Profiler Fingerprint Database package (ps-pps-profiler-fpdb-*.pkg)

    • Connectivity to a DNS server

    The configuration steps assume the PPS will be run as a virtual machine. If using a physical box, proceed to Section 2

    (CLI Configuration.)

    Overview

    1) Installation of the VM

    2) CLI Configuration

    a. Network Setup

    b. Admin Account Setup

    c. Self-Singed Certificate Creation

    3) Profiler Configuration

    a. Discover devices using DHCP

    b. Discover devices using SNMP

    4) PPS Configuration

    a. Configuration Verification

    b. PPS Package Update

    c. System Local End-User Account Creation

    d. Realm and Role Configuration

    5) End-user Login

    a. Clientless Login

    b. Pulse Desktop Login

    6) Log View and Policy Trace

    Section 1: Installation of the VM

    Have the installation package ready, which includes an .ovf file. The installation package can be downloaded from the

    Trial website, and may need to be unzipped. The process shown below is for VMware Fusion on a Mac. Importing onto

    an ESXi server is slightly different in regards to selecting the image, however the rest of the process is the same.

  • Pulse Policy Secure – Virtual Machine Setup and Configuration Guide 3

    Import .ovf file: Click ‘Continue’ and then select the location of where the virtual machine will be saved.

    After the import is finished. The virtual appliance will reboot.

    Section 2: CLI Configuration (Initial Configuration Wizard)

    Once the appliance has booted up for the first time, it will enter into the initial configuration wizard. The following

    information will need to be entered:

     Cluster options or stand-alone server prompt.

     License agreement prompt.

     Internal port IP address, network mask, and gateway.

     Primary DNS server.

     Optional: Secondary DNS server.

     DNS domain(s).

     Optional: WINS server.

     Admin credential creation prompts.

     Self-signed certificate creation prompt.

  • Pulse Policy Secure – Virtual Machine Setup and Configuration Guide 4

    Cluster options or stand-alone server prompt. Click ‘y’ to configure this appliance as a stand-alone.

  • Pulse Policy Secure – Virtual Machine Setup and Configuration Guide 5

    License agreement prompt. You can click ‘r’ to read the license agreement or ‘y’ to agree to the licensing.

    Internal port IP address, network mask, and gateway.

  • Pulse Policy Secure – Virtual Machine Setup and Configuration Guide 6

    Primary DNS server.

    Optional secondary DNS server, mandatory DNS domain(s) and optional WINS server.

  • Pulse Policy Secure – Virtual Machine Setup and Configuration Guide 7

    Once networking information is complete – you can confirm.

    Admin credential creation prompts.

  • Pulse Policy Secure – Virtual Machine Setup and Configuration Guide 8

    Self-signed certificate creation prompt.

    Once the certificate has been created, PPS initial setup will be complete. The device will reboot and you will be able to

    access it using the web-based Admin Console via https:///admin.

    Section 3: Pulse Profiler Configuration for Device Visibility Pulse Policy Secure has built-in device profiling that can automatically detect and classify all devices on the network using DHCP-fingerprinting, SNMP discovery, and HTTP-UA fingerprinting. Once you are logged in to the web-based Admin Console, you now need to configure the built-in Profiler using the following 5 steps:

    1. Navigate to Authentication > Auth Servers page.

    2. Select Local Profiler from the server type drop-down and click New Server.

    3. Enter a name for the Auth. server.

    4. Click Browse and upload the device fingerprints package.

    5. Click Save Changes to save the configuration settings. Please note this

    operation may take a few minutes to complete.

    Discover devices using DHCP Devices on the network that have DHCP-based IP addresses are automatically profiled by PulseProfiler as they connect to the network. However, to enable this type of profiling, you need to ensure that all the DHCP requests are forwarded to the internal port of Pulse Policy Secure – this configuration needs to be done on one or more switches in your network. Use the commands in the table below to configure the switch(es).

    Configure DHCP relay on switches to forward DHCP packets to Pulse Policy Secure.

    Switch Vendor Commands

    Cisco interface ip helper-address ip helper-address

  • Pulse Policy Secure – Virtual Machine Setup and Configuration Guide 9

    Juniper set forwarding-options helpers bootp interface set forwarding-options helpers bootp server set forwarding-options helpers bootp server

    HP vlan ip helper-address ip helper-address

    Navigate to System > Reports > Devices Discovery for initial views of devices on the network. The discovery process

    typically takes a few minutes to a few hours depending on the network complexity.

    Discover devices using SNMP To discover and profile devices with static IP addresses, you need to add SNMP-enabled switches in the SNMP management page of the web based Admin Console.

    1. Select Authentication > Auth Servers > [Local Profiler]. Set the SNMP Poll interval

    to 5 mins. Click on Save Changes.

    2. Click on the SNMP Device link in the help text for SNMP Poll Interval. Enter information about the switch. Do not select the SNMP Enforcement check box since we will use the switch for profiling only.

    3. Save the changes. The SNMP Device Configuration table should get updated with the new switch information. Status should be GREEN.

    4. Wait 15 minutes for the new polling interval to take effect, or restart services using

    Maintenance > System > Platform > Restart Services button so the new

    configuration is active immediately after restart.

    Navigate to System > Reports > Devices Discovery to view another set of devices with static IP ad