Recipes » ProxyRA Initial Setup and Licencing

ProxyRA Initial Setup and Licencing

Last modified by Administrator on 2011/06/06 17:26

ProxyRA Initial Setup and Licencing

ProxySG en

This instruction describes ProxyRA installation from an USB flash, initial setup, policy setup and licensing - for the purpose of using it in a mobile lab environment.

ProxyRA Installation

  1. Insert the flash key with the image (file name PISA_Phoenix_2.3.1.1_2928_20080610.usb.img) in a USB port (there are 2 USB ports, the top one works better). If ProxyRA appliance is not available, also Director chassis can be used - e.g. the model 510. Attach serial cable. Power up the unit.
  2. Pick Install RA510 image (number 2), press Enter. After all the files are loaded, the Console screen asks you to remove the flash key and to reboot the system.
  3. Pick the hostname ra01-rix or ra02-rix. Full hostnames are ra01-rix.training.bluecoat.com and ra02-rix.training.bluecoat.com. (Note that there are similar addresses also in Sunnyvale and KL - ra01-sjc.training.bluecoat.com, ra02-sjc.training.bluecoat.com, ra01-kul.training.bluecoat.com, ra02-kul.training.bluecoat.com).
  4. Also enter the IP address, netmask, gateway and DNS server. Write down the password generated during installation, you will change it upon the first login. 
    IP address: 172.17.120.107 for "ra01-rix" (or 172.17.120.109 for "ra02-rix")
Netmask: 255.255.255.0
Gateway: 172.17.120.1
DNS: 195.122.1.59
  5. Wait about 2 minutes after the initial setup for the appliance to start up.

Licensing and Setup Wizard

  1. Make sure that port 0 of ProxyRA is connected to the network. Navigate to https://172.17.120.109/admin/ and add SSL certificate exception.
  2. Accept the license agreement.
  3. Click Yes to update license and upload the license file (file should match the Serial Number of the unit).
  4. You should be forwarded to the Setup Wizard, click Next.
  5. Change password to something that is easier to remember, click Next.
  6. Set the timezone, click Next.
  7. Select the domain (training.bluecoat.com), verify the DNS server IP.
  8. Click Next and Finish (do not configure the policy manually at this point).
  9. Wait until the gateway proxies restart.

Upgrades

  1. Go to Maintenance > Software Management and upload upgrades.
  2. Upload upgrades for versions 2.3.2.1, 2.3.2.2 and 2.3.2.3. The filenames are ra-2.3.2.1-3223.tgz, ra-2.3.2.2-3447.tgz and ra-2.3.2.3-3599.tgz respectively. Without these upgrades backup file cannot be restored. After each of the 3 upgrades be patient and wait until you can log into the Web GUI again.
  3. Go to Maintenance > Backup/Restore and upload the RA backup file ra-backup-20090615T07_25_40.tar.gz
  4. Since the restoring of backup has changed your IP address, please restore it. Type to the serial console window: 
    mccli.py ipedit
    Enter a correct IP address, net mask and gateway.
  5. If the password has changed as well, type the in the console window: 
    mccli.py passwd
    and type a new password twice.

Post-Installation Fixes

  1. Edit System > Interfaces > eth0. Enter the external (outside NAT firewall) IP address. It is 80.232.177.183 for ra01-rix and 80.232.177.185 for ra02-rix.
  2. Connect your Web broswer to https://172.17.120.109/admin once again; log in.
  3. Open Policy > Object Manager > Authentication. Select Edit (the pencil icon) next to Elearning domain (under LDAP Authentication domains). Enter these values in the form:
    1. Name: Elearning
    2. User Login Domain Name: Elearning
    3. LDAP Server Address: 172.17.120.210 with Port: 389
    4. Server Type: Active Directory
    5. Network Timeout: 15 seconds
    6. Under Base DNs edit the LDAP connection settings as shown in the picture (Base DN is "DC=training,DC=bluecoat,DC=com")
      ra-ldap-domain.png
  4. Open Policy > Object Manager > Local Users and add users "user01", ..., "user10" (passwords see in the Riga Lab data sheet).
  5. Open Policy > Object Manager > User Groups, edit group local. Add all the users "user01", ..., "user10" to this group.
  6. Open Policy > Object Manager > Authentication, under "ProxyRA Authentication" edit the "ProxyRA Authentication". Rename the domain to be "Elearning Backup".
  7. Open Policy > Object Manager > Network Locations, create a new network location - "Lab 120 Net" whith the following value: 172.17.120.0/24 (CIDR notation).
  8. Open Policy > Rulebase > Connector Rulebase. Edit Elearning-Connector. Make the values to match the picture:
    ra-connector-rule.png

Test the ProxyRA

  1. Connect to the ProxyRA (if it is behind a firewall, use the external IP address). You should get a login screen with two domains - "Elearning" and "Elearning Backup".
  2. For the "Elearning" domain you can log in, using Active Directory domain accounts on the 172.17.120.110 Windows server.
  3. For the "Elearning Backup" you can log in, using "user01", ..., "user10" accounts you created locally.


Tags:  

Tags:
Created by Kalvis Apsītis on 2009/08/04 15:52
This wiki is licensed under a Creative Commons 2.0 license
XWiki Enterprise 3.0.36132 - Documentation