How do I configure an IP address for the newly installed SSL Visibility Appliance if I do not have physical access?

book

Article ID: 168566

calendar_today

Updated On:

Products

SSL Visibility Appliance Software

Issue/Introduction

Requirements

  • This solution requires that you have a console connection to the newly installed appliance.
  • It also requires that there is no DHCP server on the same network that the SSL Visibility Appliance's management port is connected to.  If there is a DHCP server on the same network that the management port is connected to, the SSL Visibility Appliance will by default accept an IP address from the DHCP server.  
  • This solution also requires that you have SSLv 3.8 or later installed.


This method is often referred to as the "console bootstrap option" by technical support. Once again, this is for either a new or fresh install of the SSL Visibility Appliance appliance. If all these previously mentioned factors are in place, you will be able to take advantage of the bootstrap to configure the user name and IP address of the SSL Visibility Appliance.

Resolution

To add the IP address via console on a fresh install or newly factory installed appliance, reboot the appliance while connected. After the box completes rebooting you will see the following and be prompted be with a login:

SSLV startup stage 3: CONFIRMED
Ubuntu 12.04.3 LTS localhost ttyS0
localhost login:


For the user name and password use bootstrap.

localhost login:bootstrap
Password: 
SSL Appliance 3.8.2-409
S/N: 3814450065
Legal Notices - This product may include 3rd party software.
For more information please refer to the login page of the web based management interface.

BOOTSTRAP: master key configuration


Next, configure the master key.

bootstrap> master key create 
Setting master key configuration.
Waiting for master key generation.


After the key generation, add a user.

bootstrap> user add admin manage-pki manage-appliance manage-policy audit
Enter new user password: 
Re-enter new user password: 
Added user 'admin'.
BOOTSTRAP: completed

Note: manage-pki manage-appliance manage-policy audit ensures that the admin role has the correct priveleges.  Enter user add ? for more detailed information.

After the user is created, you will log out and then log back in with the newly created user.  You will not be able to use the bootstrap user and password until the box is factory reset.

bootstrap> exit
BOOTSTRAP: completed

localhost login: admin
Password: 
SSL Appliance 3.8.2-409
S/N: 3814450065
Legal Notices - This product may include 3rd party software.
For more information please refer to the login page of the web based management interface.


You will now be able to add the network configuration to the SSL Visibility Appliance.
 

admin> network?
network set ip           : Set management network static IPv4 configuration
network set ip dhcp      : Enable DHCP in management network IPv4 configuration
network set ip disabled  : Disable IPv4 in management network configuration
network set ip6          : Set management network static IPv6 configuration
network set ip6 dhcp     : Enable DHCP in management network IPv6 configuration
network set ip6 disabled : Disable IPv6 in management network configuration
network set ip6 slaac    : Enable SLAAC in management network IPv6 configuration
network set mtu          : Set management network MTU
network show             : Show management network IP configuration
network-acl edit         : Edit the IPv4 access control list
network-acl show active  : Show the currently running IPv4 access control list
network-acl6 edit        : Edit the IPv6 access control list
network-acl6 show active : Show the currently running IPv6 access control list



admin> network set ip 192.168.34.130 netmask 255.255.255.0 gateway 192.168.32.254
Management network IPv4 configuration set successfully:
IP address: 192.168.34.130
Netmask: 255.255.255.0
Default gateway: 192.168.32.254
You must reboot for the changes to take effect.

admin> platform reboot
Reboot appliance? (enter 'yes' to confirm): yes


After the SSL Visibility Appliance completes rebooting, you should be able to log into it via HTTPS, using the user name and password you created.