Creating a SSL Visibility application on an ISG
Article ID: 402287
Updated On:
Products
SSL Visibility Appliance Software
ISG SSLV
Issue/Introduction
This article takes into account you are using ISG 2.5.3.1 or greater and SSL Visibility software 5.5.1.1 or greater.
This article also takes into account that the ISG has been deployed on a support model and licensed. In the case that you are using a model which requires a crypto card, it must be installed. For more information see the following KB article: Running SSLV application on SSP host appliance. The ISG should be configured for network access and usability. The article strictly discusses the deployment of SSL Visibility on the ISG appliance.
Note that currently the ISG running a SSL Visibility application cannot be installed with any other applications.
Environment
SSL Visibility Appliance software version 5.5.1.1 or greater running on ISG 2.5.3.1 or greater on a supported ISG appliance.
Resolution
In order to run SSLv on your ISG appliance the following steps will need to be taken.
- Download the SSLv software application to the ISG.
- Create a network-definition for the SSLV.
- Create an application for SSLv.
- Bind the application to the network-definition.
- Connect to the SSLv application console and complete the network set-up of SSLv.
- Log into the GUI of the SSLv via a browser.
- Ensure you have the license for the SSLv installed.
Download the software application to the ISG.
Log into the portal to Broadcom support portal and go do the SV-S550 downloads page. Either download the SSLv 5.5.x build of the software to store and load locally on the ISG or generate a token for download.
I have used the token method in the example below:
ISG-LAB(config-images)# load https://downloadsapi.broadcom.com/utils/random#/sslv_5.5.1.1-303035.bcsi Progress: [##################################################] 100/100 sv-5.5.1.1-303035 is successfully loaded okCreate a network-definition for the SSLV.
ISG-LAB(config-network-definition)# view Network Definition: auto Interfaces (shared): 0:0 1:0 1:1 2:0 2:1 2:2 2:3 3:0 3:1 3:2 3:3ISG-LAB(config-network-definition)# create sslv-netdef ok ISG-LAB(config-network-definition)# edit sslv-netdef add mode shared interfaces 0:0 ok ISG-LAB(config-network-definition)# edit sslv-netdef add mode passthrough interfaces [ 1:0 1:1 2:0 2:1 3:0 3:1 3:2 3:3 ] ok ISG-LAB(config-network-definition)# view Network Definition: auto Interfaces (shared): 0:0 2:2 2:3 Network Definition: sslv-netdef Interfaces (shared): 0:0 Interfaces (passthrough): 1:0 1:1 2:0 2:1 3:0 3:1 3:2 3:3 ISG-LAB(config-network-definition)#Create an application for SSLv.
ISG-LAB(config)# application
ISG-LAB(config-applications)# create sv license-id xxxxxxxxxx image-id sv-5.5.1.1-303035 model C32XS-3 network-definition sslv-netdef sslv
ok
ISG-LAB(config-applications)# start sslv
ok
ISG-LAB(config-applications)#
ISG-LAB(config-applications)# viewNAME TYPE VCPU MEMORY DISK SIZE MODEL STATUS LICENSE ID IMAGE ID ZTP NETWORK DEFINITION
---- ---- ---- -------- ---------- ---------- ---------- ------------ -------------------- --- ------------
sslv SV 32 80 GB 800 GB C32XS-3 Created xxxxxxxxxx sv-5.5.1.1-303035 sslv-netdefConnect to the SSLv application console and complete the network set-up of SSLv.
ISG-LAB(config-applications)#
ISG-LAB(config-applications)# attach-console sslv
Connected to domain 'app'
ISG-LAB(config-applications)# attach-console sslv
Connected to domain 'app'
Escape character is ^] (Ctrl + ]) Wait a few seconds and then hit enter 3 times. This will pull up the application console: Welcome to the Symantec Virtual Series Appliance Serial Console Version: SSLV 5.5.1.1, Release id: 303035 -------------------------- MENU --------------------------- 1) Command Line Interface 2) Setup console 3) Debug shell ----------------------------------------------------------- Enter option: Please press 1, 2 or 3Log into the GUI of the SSLv via a browser.
After completing the above you should be able to log in the SSLv application on the ISG utilizing the configured IP address for the SSLv and port 8082.
Feedback
Yes
No
Powered by
