您的当前位置：首页 SA快速入门指南

SA快速入门指南

来源：意榕旅游网

Juniper Networks Secure Access

Juniper Networks Secure Access FIPS

快速入门指南

Juniper Networks, Inc.

1194 North Mathilda AvenueSunnyvale, CA 940USA

408-745-2000

www.juniper.net

部件号: 093-1692-000 修订本 B

This product includes the Envoy SNMP Engine, developed by Epilogue Technology, an Integrated Systems Company. Copyright © 1986–1997, Epilogue Technology Corporation. All rights reserved. This program and its documentation were developed at private expense, and no part of them is in the public domain.

This product includes FreeBSD software developed by the University of California, Berkeley, and its contributors. All of the documentation and software included in the 4.4BSD and 4.4BSD-Lite Releases is copyrighted by The Regents of the University of California. Copyright© 1979, 1980, 1983, 1986, 1988, 19, 1991, 1992, 1993, 1994. The Regents of the University of California. All rights reserved.

GateD software copyright © 1995, The Regents of the University. All rights reserved. Gate Daemon was originated and developed through release 3.0 by Cornell University and its collaborators. Gated is based on Kirton’s EGP, UC Berkeley’s routing daemon (routed), and DCN’s HELLO routing protocol. Development of Gated has been supported in part by the National Science Foundation. Portions of the GateD software copyright © 1988, Regents of the University of California. All rights reserved. Portions of the GateD software copyright © 1991, D. L. S. Associates.

Juniper Networks, the Juniper Networks logo, NetScreen, NetScreen Technologies, the NetScreen logo, NetScreen-Global Pro, ScreenOS, and GigaScreen are registered trademarks of Juniper Networks, Inc. in the United States and other countries.

The following are trademarks of Juniper Networks, Inc.: ERX, E-series, ESP, Instant Virtual Extranet, Internet Processor, J2300, J4300, J6300, J-Protect, J-series, J-Web, JUNOS, JUNOScope, JUNOScript, JUNOSe, M5, M7i, M10, M10i, M20, M40, M40e, M160, M320, M-series, MMD, NetScreen-5GT, NetScreen-5XP, NetScreen-5XT, NetScreen-25, NetScreen-50, NetScreen-204, NetScreen-208, NetScreen-500, NetScreen-5200, NetScreen-00,

NetScreen-IDP 10, NetScreen-IDP 100, NetScreen-IDP 500, NetScreen-Remote Security Client, NetScreen-Remote VPN Client, NetScreen-SA 1000 Series, NetScreen-SA 3000 Series, NetScreen-SA 5000 Series, NetScreen-SA Central Manager, NetScreen Secure Access, NetScreen-SM 3000, NetScreen-Security Manager, NMC-RX, SDX, Stateful Signature, T320, T0, T-series, and TX Matrix. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners. All specifications are subject to change without notice.

Products made or sold by Juniper Networks or components thereof might be covered by one or more of the following patents that are owned by or licensed to Juniper Networks: U.S. Patent Nos. 5,473,599, 5,905,725, 5,909,440, 6,192,051, 6,333,650, 6,359,479, 6,406,312, 6,429,706, 6,459,579, 6,493,347, 6,538,518, 6,538,9, 6,552,918, 6,567,902, 6,578,186, and 6,590,785.Copyright © 2006, Juniper Networks, Inc.All rights reserved. Printed in USA.

Juniper Networks Secure Access and Secure Access FIPS Quick Start Guide, Release 5.3Writer: Bill Baker

Editor: Claudette Hobbart

Covers design: Edmonds DesignIllustrations: Blue Moon Productions

Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.Year 2000 Notice

Juniper Networks hardware and software products are Year 2000 compliant. The JUNOS software has no known time-related limitations through the year 2038. However, the NTP application is known to have some difficulty in the year 2036. Software License

The terms and conditions for using this software are described in the software license contained in the acknowledgment to your purchase order or, to the extent applicable, to any reseller agreement or end-user purchase agreement executed between you and Juniper Networks. By using this software, you indicate that you understand and agree to be bound by those terms and conditions.

Generally speaking, the software license restricts the manner in which you are permitted to use the software and may contain prohibitions against certain uses. The software license may state conditions under which the license is automatically terminated. You should consult the license for further details.For complete product documentation, please see the Juniper Networks Web site at www.juniper.net/techpubs.End User License Agreement

READ THIS END USER LICENSE AGREEMENT (\"AGREEMENT\") BEFORE DOWNLOADING, INSTALLING, OR USING THE SOFTWARE. BY

DOWNLOADING, INSTALLING, OR USING THE SOFTWARE OR OTHERWISE EXPRESSING YOUR AGREEMENT TO THE TERMS CONTAINED HEREIN, YOU (AS CUSTOMER OR IF YOU ARE NOT THE CUSTOMER, AS A REPRESENTATIVE/AGENT AUTHORIZED TO BIND THE CUSTOMER) CONSENT TO BE BOUND BY THIS AGREEMENT. IF YOU DO NOT OR CANNOT AGREE TO THE TERMS CONTAINED HEREIN, THEN (A) DO NOT DOWNLOAD, INSTALL, OR USE THE SOFTWARE, AND (B) YOU MAY CONTACT JUNIPER NETWORKS REGARDING LICENSE TERMS.

1. The Parties. The parties to this Agreement are Juniper Networks, Inc. and its subsidiaries (collectively “Juniper”), and the person or organization that originally purchased from Juniper or an authorized Juniper reseller the applicable license(s) for use of the Software (“Customer”) (collectively, the “Parties”). 2. The Software. In this Agreement, “Software” means the program modules and features of the Juniper or Juniper-supplied software, and updates and releases of such software, for which Customer has paid the applicable license or support fees to Juniper or an authorized Juniper reseller.

3. License Grant. Subject to payment of the applicable fees and the limitations and restrictions set forth herein, Juniper grants to Customer a non-exclusive and non-transferable license, without right to sublicense, to use the Software, in executable form only, subject to the following use restrictions:

a. Customer shall use the Software solely as embedded in, and for execution on, Juniper equipment originally purchased by Customer from Juniper or an authorized Juniper reseller, unless the applicable Juniper documentation expressly permits installation on non-Juniper equipment.

b. Customer shall use the Software on a single hardware chassis having a single processing unit, or as many chassis or processing units for which Customer has paid the applicable license fees.

c. Product purchase documents, paper or electronic user documentation, and/or the particular licenses purchased by Customer may specify limits to Customer’s use of the Software. Such limits may restrict use to a maximum number of seats, registered endpoints, concurrent users, sessions, calls, connections, subscribers, clusters, nodes, or transactions, or require the purchase of separate licenses to use particular features, functionalities, services, applications, operations, or capabilities, or provide throughput, performance, configuration, bandwidth, interface, processing, temporal, or geographical limits. Customer’s use of the Software shall be subject to all such limitations and purchase of all applicable licenses.

The foregoing license is not transferable or assignable by Customer. No license is granted herein to any user who did not originally purchase the applicable license(s) for the Software from Juniper or an authorized Juniper reseller.

4. Use Prohibitions. Notwithstanding the foregoing, the license provided herein does not permit the Customer to, and Customer agrees not to and shall not: (a) modify, unbundle, reverse engineer, or create derivative works based on the Software; (b) make unauthorized copies of the Software (except as necessary for backup purposes); (c) rent, sell, transfer, or grant any rights in and to any copy of the Software, in any form, to any third party; (d) remove any

proprietary notices, labels, or marks on or in any copy of the Software or any product in which the Software is embedded; (e) distribute any copy of the Software to any third party, including as may be embedded in Juniper equipment sold in the secondhand market; (f) use any ‘locked’ or key-restricted

feature, function, service, application, operation, or capability without first purchasing the applicable license(s) and obtaining a valid key from Juniper, even if such feature, function, service, application, operation, or capability is enabled without a key; (g) distribute any key for the Software provided by Juniper to any third party; (h) use the Software in any manner that extends or is broader than the uses purchased by Customer from Juniper or an authorized Juniper reseller; (i) use the Software on non-Juniper equipment where the Juniper documentation does not expressly permit installation on non-Juniper equipment; (j) use the Software (or make it available for use) on Juniper equipment that the Customer did not originally purchase from Juniper or an authorized Juniper reseller; or (k) use the Software in any manner other than as expressly provided herein.

5. Audit. Customer shall maintain accurate records as necessary to verify compliance with this Agreement. Upon request by Juniper, Customer shall furnish such records to Juniper and certify its compliance with this Agreement.

6. Confidentiality. The Parties agree that aspects of the Software and associated documentation are the confidential property of Juniper. As such, Customer shall exercise all reasonable commercial efforts to maintain the Software and associated documentation in confidence, which at a minimum includes restricting access to the Software to Customer employees and contractors having a need to use the Software for Customer’s internal business purposes.7. Ownership. Juniper and Juniper’s licensors, respectively, retain ownership of all right, title, and interest (including copyright) in and to the Software, associated documentation, and all copies of the Software. Nothing in this Agreement constitutes a transfer or conveyance of any right, title, or interest in the Software or associated documentation, or a sale of the Software, associated documentation, or copies of the Software.

8. Warranty, Limitation of Liability, Disclaimer of Warranty. The warranty applicable to the Software shall be as set forth in the warranty statement that accompanies the Software (the “Warranty Statement”). Nothing in this Agreement shall give rise to any obligation to support the Software. Support services may be purchased separately. Any such support shall be governed by a separate, written support services agreement. TO THE MAXIMUM EXTENT

PERMITTED BY LAW, JUNIPER SHALL NOT BE LIABLE FOR ANY LOST PROFITS, LOSS OF DATA, OR COSTS OR PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, OR FOR ANY SPECIAL, INDIRECT, OR CONSEQUENTIAL DAMAGES ARISING OUT OF THIS AGREEMENT, THE SOFTWARE, OR ANY JUNIPER OR JUNIPER-SUPPLIED SOFTWARE. IN NO EVENT SHALL JUNIPER BE LIABLE FOR DAMAGES ARISING FROM UNAUTHORIZED OR IMPROPER USE OF ANY JUNIPER OR JUNIPER-SUPPLIED SOFTWARE. EXCEPT AS EXPRESSLY PROVIDED IN THE WARRANTY STATEMENT TO THE EXTENT PERMITTED BY LAW, JUNIPER DISCLAIMS ANY AND ALL WARRANTIES IN AND TO THE SOFTWARE (WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE), INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NONINFRINGEMENT. IN NO EVENT DOES JUNIPER WARRANT THAT THE SOFTWARE, OR ANY EQUIPMENT OR NETWORK RUNNING THE SOFTWARE, WILL OPERATE WITHOUT ERROR OR INTERRUPTION, OR WILL BE FREE OF VULNERABILITY TO INTRUSION OR ATTACK. In no event shall Juniper’s or its suppliers’ or licensors’ liability to Customer, whether in contract, tort (including negligence), breach of warranty, or otherwise, exceed the price paid by Customer for the Software that gave rise to the claim, or if the Software is embedded in another Juniper product, the price paid by Customer for such other product. Customer acknowledges and agrees that Juniper has set its prices and entered into this Agreement in reliance upon the disclaimers of warranty and the limitations of liability set forth herein, that the same reflect an allocation of risk between the Parties (including the risk that a contract remedy may fail of its essential purpose and cause consequential loss), and that the same form an essential basis of the bargain between the Parties.

9. Termination. Any breach of this Agreement or failure by Customer to pay any applicable fees due shall result in automatic termination of the license granted herein. Upon such termination, Customer shall destroy or return to Juniper all copies of the Software and related documentation in Customer’s possession or control.

10. Taxes. All license fees for the Software are exclusive of taxes, withholdings, duties, or levies (collectively “Taxes”). Customer shall be responsible for paying Taxes arising from the purchase of the license, or importation or use of the Software.

11. Export. Customer agrees to comply with all applicable export laws and restrictions and regulations of any United States and any applicable foreign agency or authority, and not to export or re-export the Software or any direct product thereof in violation of any such restrictions, laws or regulations, or without all necessary approvals. Customer shall be liable for any such violations. The version of the Software supplied to Customer may contain encryption or other capabilities restricting Customer’s ability to export the Software without an export license.

12. Commercial Computer Software. The Software is “commercial computer software” and is provided with restricted rights. Use, duplication, or

disclosure by the United States government is subject to restrictions set forth in this Agreement and as provided in DFARS 227.7201 through 227.7202-4, FAR 12.212, FAR 27.405(b)(2), FAR 52.227-19, or FAR 52.227-14(ALT III) as applicable.

13. Interface Information. To the extent required by applicable law, and at Customer's written request, Juniper shall provide Customer with the interface information needed to achieve interoperability between the Software and another independently created program, on payment of applicable fee, if any. Customer shall observe strict obligations of confidentiality with respect to such information and shall use such information in compliance with any applicable terms and conditions upon which Juniper makes such information available.

14. Third Party Software. Any licensor of Juniper whose software is embedded in the Software and any supplier of Juniper whose products or technology are embedded in (or services are accessed by) the Software shall be a third party beneficiary with respect to this Agreement, and such licensor or vendor shall have the right to enforce this Agreement in its own name as if it were Juniper. In addition, certain third party software may be provided with the Software and is subject to the accompanying license(s), if any, of its respective owner(s). To the extent portions of the Software are distributed under and subject to open source licenses obligating Juniper to make the source code for such portions publicly available (such as the GNU General Public License (“GPL”) or the GNU Library General Public License (“LGPL”)), Juniper will make such source code portions (including Juniper modifications, as appropriate) available upon request for a period of up to three years from the date of distribution. Such request can be made in writing to Juniper Networks, Inc., 1194 N. Mathilda Ave., Sunnyvale, CA 940, ATTN: General Counsel. You may obtain a copy of the GPL at http://www.gnu.org/licenses/gpl.html, and a copy of the LGPL at http://www.gnu.org/licenses/lgpl.html.

15. Miscellaneous. This Agreement shall be governed by the laws of the State of California without reference to its conflicts of laws principles. The

provisions of the U.N. Convention for the International Sale of Goods shall not apply to this Agreement. For any disputes arising under this Agreement, the Parties hereby consent to the personal and exclusive jurisdiction of, and venue in, the state and federal courts within Santa Clara County, California. This Agreement constitutes the entire and sole agreement between Juniper and the Customer with respect to the Software, and supersedes all prior and

contemporaneous agreements relating to the Software, whether oral or written (including any inconsistent terms contained in a purchase order), except that the terms of a separate written agreement executed by an authorized Juniper representative and Customer shall govern to the extent such terms are inconsistent or conflict with terms contained herein. No modification to this Agreement nor any waiver of any rights hereunder shall be effective unless expressly assented to in writing by the party to be charged. If any portion of this Agreement is held invalid, the Parties agree that such invalidity shall not affect the validity of the remainder of this Agreement. This Agreement and associated documentation has been written in the English language, and the Parties agree that the English version will govern. (For Canada: Les parties aux présentés confirment leur volonté que cette convention de même que tous les documents y compris tout avis qui s'y rattaché, soient redigés en langue anglaise. (Translation: The parties confirm that this Agreement and all related documentation is and will be in the English language)).

快速入门

You can find a translated version of this document at the site listed below.

https://www.juniper.net/customers/csc/documentation/techdocs/ive/index.jsp

简介

感谢您选择 Juniper Networks Instant Virtual Extranet (IVE) 设备。可以采用以下简单的步骤来安装 IVE 和启动系统配置操作:

󰂄󰂄󰂄

第2 页上的\"步骤 1:安装硬件\"第8 页上的\"步骤 2:执行基本设置\"第12 页上的\"步骤 3:授权和配置 IVE\"

注意: 安装和设置 IVE 后，请参阅管理员 Web 控制台中的\"Initial Configuration\"

任务向导来安装最新的 IVE OS 服务包、授权 IVE 设备以及创建一个测试用户以验证用户的可访问性。要测试初始设置并继续配置 IVE，请参阅 IVE Juniper Networks Secure Access Administration Guide 中的\"Getting started\"一节。建议您在 LAN 中安装 IVE 设备以确保它能与相应的资源进行通信，这些资源包括认证服务器、DNS 服务器、通过 HTTP/HTTPS 连接的内部 Web 服务器、通过 HTTP/HTTPS 连接的外部 Web 站点（可选）、Windows 文件服务器（可选）、NFS 文件服务器（可选）以及客户端/服务器应用程序（可选）。注意: 如果决定在 DMZ 中安装 IVE 设备，请确保 IVE 设备可以连接到这些内部资

源。

简介󰂄

Juniper Networks Secure Access 和 Secure Access FIPS 快速入门指南

步骤 1:安装硬件

IVE 设备在硬件设计方面特色各异。IVE 硬件的安装过程取决于所购买的 IVE 具体型号。以下部分将介绍从 Juniper Networks 处可获得的各种 IVE 系统的硬件安装过程:

󰂄󰂄󰂄󰂄

第2 页上的\"Secure Access 700\"

第3 页上的\"Secure Access 2000 和 Secure Access 4000\"第4 页上的\"Secure Access 6000\"

第5 页上的\"Secure Access 4000 FIPS 和 Secure Access 6000 FIPS\"

注意: 有关 Secure Access 和 Secure Access FIPS 的安全信息，请参阅 Juniper

Networks 支持站点上的 Juniper Networks Security Products Safety Guide。

Secure Access 700

图1: Secure Access 700

控制台端口外部端口内部端口电源开关Secure Access 700 出厂时即带有安装吊环和橡胶支座。使用安装吊环将设备安装在机架内，或通过加装橡胶垫使设备能置于平坦表面上。接下来，按照以下步骤连接随附的电缆并接通 IVE 电源:1.在后面板上，将电源线插入 AC 插座。2.在前面板上:

将以太网电缆插头插入\"INTERNAL\"端口。接通 IVE 电源后，内部端口将使用两个 LED 来指示连接状态，如第7页上的表\"1\"中所述。

图2: 内部端口位于前面板上

󰂄步骤 1:安装硬件

Juniper Networks Secure Access 和 Secure Access FIPS 快速入门指南

b.将串行电缆插入控制台端口。

图3: 控制台端口位于前面板上

c.按下面板右角的电源开关。电源开关旁的绿色 LED 变亮。

安装了设备机架或者将设备放置在适合的平坦表面上、连接了电源、网络、串行电缆并接通电源后，硬件安装过程即结束。接下来将按照第8 页上的\"步骤 2:执行基本设置\"所述来连接设备的串行控制台。

Secure Access 2000 和 Secure Access 4000

图4: Secure Access 2000

电源开关控制台端口内部端口外部端口图5: Secure Access 4000

电源开关控制台端口内部端口外部端口Secure Access 2000 和 Secure Access 4000 设备在出厂时即带有安装支架，它们连接在机柜的前端。按照以下步骤安装机架、连接随附的电缆并接通 IVE 电源:1.使用随附的安装支架将 IVE 设备安装到服务器机架上。2.在后面板上，将电源线插入 AC 插座。3.在前面板上:

将以太网电缆插头插入\"INTERNAL\"端口。接通 IVE 电源后，内部端口将

使用两个 LED 来指示 LAN 连接状态，如第7页上的表\"1\"中所述。

图6: 内部端口位于前面板上

步骤 1:安装硬件󰂄

Juniper Networks Secure Access 和 Secure Access FIPS 快速入门指南

b.将串行电缆插入控制台端口。

图7: 控制台端口位于前面板上

按下面板左角的电源开关。电源开关下方的绿色 LED 变亮。无论设备是从 IVE 硬盘读取数据还是向其中写入数据，IVE 硬盘指示灯都会亮。

安装了设备机架、连接了电源、网络、串行电缆并接通电源后，硬件安装过程即结束。接下来将按照第8 页上的\"步骤 2:执行基本设置\"所述来连接设备的串行控制台。

Secure Access 6000

图8: Secure Access 6000

内部端口电源开关控制台端口外部端口Secure Access 6000 在出厂时即带有安装支架，它们连接在机柜的前端。按照以下步骤安装机架、连接随附的电缆并接通 IVE 电源:

1.使用随附的安装支架将 IVE 设备安装到服务器机架上。

2.在后面板上，将电源线插入 AC 插座。如果 Secure Access 6000 包含两个电

源，请将电源线分别插入两个 AC 插座。注意: 尽管 Secure Access 6000 在只有一个电源供电时也能正常运行，但必须接

通两个电源才能充分利用 Secure Access 6000 的电源冗余功能。3.在前面板上:

将以太网电缆插头插入\"INT\"（供内部使用）端口。接通 IVE 电源后，内部端口将使用两个 LED 来指示 LAN 连接状态，如第7页上的表\"1\"中所述。

󰂄步骤 1:安装硬件

Juniper Networks Secure Access 和 Secure Access FIPS 快速入门指南

图9: 内部端口位于前面板上

b.将串行电缆插入控制台端口。

图10: 控制台端口位于前面板上

按下面板左角的电源开关。电源开关下方的绿色 LED 变亮。无论设备是从 IVE 硬盘读取数据还是向其中写入数据，IVE 硬盘指示灯都会亮。

注意: 有关 SA 6000 硬件组件的详细信息，请参阅 Juniper Networks Secure Access

Administration Guide 中的\"Secure Access 6000\"一章。

Secure Access 4000 FIPS 和 Secure Access 6000 FIPS

图11: Secure Access 4000 FIPS

智能读卡器模式开关电源开关控制台端口内部端口外部端口步骤 1:安装硬件󰂄

Juniper Networks Secure Access 和 Secure Access FIPS 快速入门指南

󰂄步骤 1:安装硬件

图12: Secure Access 6000 FIPS

智能读卡器内部端口电源开关控制台端口模式开关外部端口Secure Access 4000 FIPS 和 Secure Access 6000 FIPS 设备在出厂时即带有安装支架，它们连接在机柜的前端。按照以下章节所述的步骤安装机架、连接随附的电缆并接通 IVE 电源。

Secure Access 4000 FIPS

1.使用随附的安装支架将 Secure Access 4000 FIPS 设备安装到服务器机架上。2.在后面板上，将电源线插入 AC 插座。3.在前面板上:

将以太网电缆插头插入\"INTERNAL\"端口。接通 IVE 电源后，内部端口将使用两个 LED 来指示 LAN 连接状态，如第7页上的表\"1\"中所述。

图13: 内部端口位于前面板上

b.将串行电缆插入控制台端口。

图14: 控制台端口位于前面板上

按下面板右角的电源开关。电源开关下方的绿色 LED 变亮。无论设备是从硬盘读取数据还是向其中写入数据，硬盘指示灯都会亮。

Secure Access 6000 FIPS

1.使用随附的安装支架将 Secure Access 6000 FIPS 设备安装到服务器机架上。

Juniper Networks Secure Access 和 Secure Access FIPS 快速入门指南

2.在后面板上，将电源线连接到每个 AC 电源。

注意: 尽管 Secure Access 6000 FIPS 设备在只有一个电源供电时也能正常运行，

但必须接通两个电源才能充分利用 Secure Access 6000 FIPS 设备的电源冗余功能。

3.在前面板上:

将以太网电缆插头插入\"INT\"（供内部使用）端口。接通 IVE 电源后，内部端口将使用两个 LED 来指示 LAN 连接状态，如第7页上的表\"1\"中所述。

图15: 内部端口位于前面板上

b.将串行电缆插入控制台端口。

图16: 控制台端口位于前面板上

按下面板左角的电源开关。电源开关下方的绿色 LED 变亮。设备从任何一个 IVE 硬盘读取数据或是向其中写入数据，硬盘指示灯都会亮。

安装了设备机架、连接了电源和网络电缆并接通电源后，硬件安装过程即结束。接下来将按照第8 页上的\"步骤 2:执行基本设置\"所述来连接设备的串行控制台。

LED 和模块状态指示灯的工作情况表 1: 内部端口 LEDLAN 状态

10 Mbps 连接100 Mbps 连接1000 Mbps 连接正在传输数据

LED 1

关闭绿色橙色

橙色、绿色或关闭

LED 2

不适用不适用不适用闪烁

步骤 1:安装硬件󰂄

Juniper Networks Secure Access 和 Secure Access FIPS 快速入门指南

表 1: 内部端口 LED （续）LAN 状态

无连接

LED 1

关闭

LED 2

关闭

表 2: Secure Access FIPS -- 硬件安全模块状态指示灯LAN 状态

预初始化状态操作状态预维护状态

LED 1

单次，短闪

大部分时间点亮，有时规律性闪烁单次, 长闪

说明

模块准备就绪，可以开始初始化。

模式开关设置为\"O\"（操作）。设置为\"I\"开始初始化。模式开关设置为 \"M\"（维护）。设置为\"I\"开始初始化。

步骤 2:执行基本设置

启动未经配置的 Secure Access 或 Secure Access FIPS 设备时，需要通过串行控制

台来输入基本的网络和机器信息，以便可以通过网络对设备进行访问。输入了这些设置后，可以通过管理员 Web 控制台继续对设备进行配置。本节将介绍首次连接到 Secure Access 或 Secure Access FIPS 设备时所需的串行控制台设置以及需要执行的任务。

要执行基本设置:

1.对控制台终端或电脑中运行的终端仿真程序（如\"超级终端\"）进行配置，在

其中使用下列串行连接参数:

󰂄󰂄󰂄󰂄

9600 位/秒

8 位，无奇偶校验 (8N1)1 停止位无流量控制

2.将终端或便携式电脑连接到已接入设备控制台端口的串行电缆，然后按 Enter

键直到出现初始化脚本提示。

󰂄步骤 2:执行基本设置

Juniper Networks Secure Access 和 Secure Access FIPS 快速入门指南

图17: IVE串行控制台的欢迎屏幕

3.输入 y 继续，然后输入 y 接受许可协议（或者输入 r 先阅读许可）。4.按照串行控制台的说明，输入所提示的机器信息，包括:

󰂄

内部端口的 IP 地址（在初始配置后，可通过管理员 Web 控制台对外部端

口进行配置）网络掩码缺省网关地址主 DNS 服务器地址

辅 DNS 服务器地址（可选）

缺省 DNS 域名（例如 acmegizmo.com）WINS 服务器名称或地址（可选）管理员用户名管理员密码

通用机器名称（例如 connect.acmegizmo.com）

󰂄󰂄󰂄󰂄󰂄󰂄󰂄󰂄󰂄

步骤 2:执行基本设置󰂄

Juniper Networks Secure Access 和 Secure Access FIPS 快速入门指南

󰂄

组织名称（例如 Acme Gizmo, Inc.）

注意: IVE 使用通用机器名称和组织名称来创建自签署数字证书，并将其用于产

品评估和初始设置过程。

如果是设置 Secure Access 700、2000、4000 或 6000，我们强烈建议您先导入由可信任的证书授权机构 (CA) 签署的数字证书，然后再部署 IVE 投入使用。如果是设置 Secure Access FIPS 4000 或 6000，必须先使用 IVE 管理员 Web 控制台生成新的证书签署请求，然后才能部署 IVE 投入使用。

有关详细信息，请参阅 Juniper Networks Secure Access Administration Guide 中的\"Certificates\"一章。

5.如果安装 Secure Access FIPS 设备:

当串行控制台提示时，将模式开关设置为 INIT（初始化模式）。蓝色硬件安全模块 (HSM) LED 可指示硬件安全模块的模式，如第8页上的表\"2\"所述。指定要初始化的智能卡的数量。

将其中一张智能卡接触面朝上插入读卡器，直到智能读卡器模块的灯由红色变为绿色。当模块处于 INIT 模式时，请不要取出智能卡。

b.c.

d.卡插入后，智能读卡器模块上的 LED 会变绿。但是，这并不表示卡已正确插入。确保智能卡接触面朝上插入读卡器，这是正确的插卡方向。e.f.

输入智能卡管理员密码短语（初始化每个管理智能卡都需要输入一个）。将模式开关切换回 OPERATE（操作模式）。

输入所有信息后，即完成了串行控制台的设置。当出现 IVE 提示您修改设置的选项时，请选定适当的选项或继续。

6.在浏览器中输入机器的 URL 并后跟\"/admin\"，以访问管理员登录页面。URL

的格式为:https://a.b.c.d/admin，其中 a.b.c.d 是在步骤 4 中输入的机器 IP 地址。当安全警报提示是否要在没有签署证书的条件下继续时，单击 Yes。如果出现管理员登录页面，则表明已成功将 IVE 设备连接到网络中。

󰂄步骤 2:执行基本设置

Juniper Networks Secure Access 和 Secure Access FIPS 快速入门指南

图18: 管理员登录页面

7.在登录页面中，输入在步骤 4 中创建的管理员用户名及密码，然后单击 Sign

In。管理员 Web 控制台将进入到 System>Status>Overview 页面中。

图19: System > Status > Overview 页面

步骤 2:执行基本设置󰂄

Juniper Networks Secure Access 和 Secure Access FIPS 快速入门指南

步骤 3:授权和配置 IVE

安装了 IVE 并执行了基本设置后，即可安装最新的 IVE OS 服务包、授权 IVE、验证可访问性以及完成配置过程:12

󰂄步骤 3:授权和配置 IVE

󰂄

要安装最新的 IVE OS 服务包、授权 Secure Access 或 Secure Access FIPS 设备以及创建一个测试用户以验证用户可访问性，请参照管理员 Web 控制台内嵌的任务向导进行操作。

󰂄

要测试初始设置并继续配置 IVE，请参阅 IVE Juniper Networks Secure Access Administration Guide 中的\"Getting Started\"一节。

因篇幅问题不能全部显示，请点此查看更多更全内容

查看全文