Ivanti Connect Secure Provisioning Parameters
Provisioning parameters are those parameters which are required during the deployment of a virtual appliance. Ivanti Connect Secure accepts the following parameters as provisioning parameters in the XML format.
<pulse-config>
<primary-dns><value></primary-dns>
<secondary-dns><value></secondary-dns>
<wins-server><value></wins-server>
<dns-domain><value></dns-domain>
<admin-username><value></admin-username>
<admin-password><value></admin-password>
<cert-common-name><value></cert-common-name>
<cert-random-text><value></cert-random-text>
<cert-organisation><value></cert-organisation>
<config-download-url><value></config-download-url>
<config-data><value></config-data>
<auth-code-license><value></auth-code-license>
<enable-license-server><value></enable-license-server>
<accept-license-agreement><value></accept-license-agreement >
<enable-rest><value></enable-rest>
<registration-code> 1grkL2Xbr </registration-code>
<registration-fqdn>auto.toad.pzt.dev.perfsec.com</registration-fqdn>
<enable-proxy>n</enable-proxy>
<proxy-host></proxy-host>
<proxy-port></proxy-port>
<proxy-username></proxy-username>
<proxy-password></proxy-password>
<register-network-interface>external</register-network-interface>
</pulse-config>
The below table depicts the details of the xml file.
|
# |
Parameter Name |
Type |
Description |
|
1 |
primary-dns |
IP address |
Primary DNS for Ivanti Connect Secure |
|
2 |
secondary-dns |
IP address |
Secondary DNS for Ivanti Connect Secure |
|
3 |
wins-server |
IP address |
Wins server for Ivanti Connect Secure |
|
4 |
dns-domain |
string |
DNS domain of Ivanti Connect Secure |
|
5 |
admin-username |
string |
admin UI user name |
|
6 |
admin-password |
string |
admin UI password |
|
7 |
cert-common-name |
string |
Common name for the self-signed certificate generation. This certificate is used as the device certificate of Ivanti Connect Secure Random text for the self-certificate generation Organization name for the self-signed certificate generation |
|
8 |
cert-random-text |
string |
|
|
9 |
cert-organization |
string |
|
|
10 |
config-download-url |
String URL |
Http based URL where XML based Ivanti Connect Secure configuration can be found. During provisioning, Ivanti Connect Secure fetches this file and comes up with preloaded configuration. XML based configuration can be present in another VM in AWS cloud or at corporate network which is accessible for Ivanti Connect Secure through site to site VPN between AWS and corporate data center |
|
11 |
config-data |
string |
base64 encoded XML based Ivanti Connect Secure configuration |
|
12 |
auth-code-license |
string |
Authentication code that needs to be obtained from Ivanti |
|
13 |
enable-license-server |
string |
If set to ‘y’, ICS will be deployed as a License server. If set to ‘n’, ICS will be deployed as a normal server. |
|
14 |
accept-license-agreement |
string |
This value is passed to the instance for configuration at the boot time. By default, this value is set to “n”. This value must be set to “y”. |
|
15 |
enable-rest |
string |
If set to ‘y’, REST API access for the administrator user is enabled. |
- In the above list of parameters, primary dns, dns domain, admin username, admin password, cert-random name, cert-random text, cert-organization and accept-license-agreement are mandatory parameters. The other parameters are optional parameters.
- The XML parsing fails if the following characters are used in the strings:
- "
- ’
- <
- >
- &
- Ivanti Connect Secure supports zero touch provisioning. This feature can detect and assign DHCP networking settings automatically at the Ivanti Connect Secure boot up. The Ivanti Connect Secure parameters should be set to null in order to fetch the networking configuration automatically from the DHCP server.
The below table describes the new parameters that are added in the XML file and these are applicable only for nSA-managed 9.x and ICS 21.x versions.
|
Parameter |
Type |
Description |
|---|---|---|
|
registrationCode |
string |
The registration code, which is generated during the ICS gateway registration on nSA. Example: KyZR6YDL8 |
|
registrationFQDN |
string |
The registration FQDN name, which is generated during the ICS gateway registration on nSA. Example: sample.domain.com |
|
enableproxy |
string |
Default is set to n. |
|
proxyHost |
string |
The proxy server name. |
|
proxyPort |
integer |
The port number of the proxy server. Example: 8080 |
|
proxyUsername |
string |
The username of the proxy server. Example,:usr |
|
proxyPassword |
string |
The password of the proxy server. Example: pxx124 |
|
registerNetworkInterface |
string |
The interface through which the gateway registers with nSA. Example: external |