Registering Ivanti Connect Secure Gateway
•Completing Registration of an ICS Appliance
•Reregistration of ICS Gateway
Once you have logged into the Ivanti Neurons for Secure Access, the next step is to launch Ivanti Connect Secure Gateway UI, then register one or more ICS.
To launch ICS Gateway UI
-
In the Ivanti Neurons for Secure Access UI, select the Gateway Switcher icon located on the top left corner.
-
From the list, select Ivanti Connect Secure.
The Ivanti Connect Secure UI page is displayed.
To register ICS Gateway:
-
From the Ivanti Connect Secure menu, click the Gateways icon, then select Gateways > Gateways List.
The Gateways List page is displayed.
-
In the Gateways List page, click the Create drop-down list.
-
From the Gateway types list, select ICS Gateway.
The Register ICS Gateway page is displayed.
-
Enter a unique name for ICS gateway.
The name should be maximum 19 characters, only alphanumeric, underscores, and hyphens are allowed between characters, and must start with a letter.
When registering a Clustered ICS gateway with nSA, ensure that the name of the gateway in nSA corresponds to the name of the node in the ICS gateway. As an example, suppose a cluster "Test" consists of two nodes, "gw1" and "gw2". Register gateways with the names "gw1" and "gw2," and the nSA cluster forms automatically.
-
Enter your Location details such as Country, State/Region, City, and then click Register.
The Registration Summary page contains the FQDN URL and Registration Key, which you need to enter in the ICS Gateway to complete the registration. See Completing Registration of an ICS Appliance.
-
Click Close.
The newly added ICS Gateway gets listed as "Unregistered" under ICS Gateways list.
Completing Registration of an ICS Appliance
For all platforms, make sure the firewall rules for the Public Subnet in which your ICS Gateway External Interface resides is configured to accept inbound client connections on TCP port 443.
Furthermore, make sure you configure the Network Gateway serving your Private Subnet to allow outbound traffic to the nSA Controller in the following ways:
- Allow outbound TCP traffic on port 443 to the Controller service
- Allow outbound UDP traffic to the following Network Time Protocol
(NTP) services:
- time.windows.com (port 123)
- time.nist.gov (port 123)
We recommend you use NTP server to ensure the clocks are synchronized and features on Ivanti Neurons for Secure Access work properly.
To complete registration of a ICS appliance:
-
Log in to the ICS appliance as an Admin.
-
Select the System > Configuration > Ivanti Neurons for Secure Access > Settings tab.
-
Enter the Registration FQDN and Registration Code.
The Registration FQDN and Registration Code were displayed during ICS Registration with nSA” .
-
Select Use Proxy Server for communication with Ivanti Neurons for Secure Access to enable ICS to nSA communication via HTTP proxy server.
-
Click Save Changes.
The Status Information displays the Registration Status in green.
Reregistration of ICS Gateway
If a binary import is done after the ICS GW registration, then follow the below steps and perform the reregistration of the ICS Gateway.
1.In ICS Gateway, select System > Ivanti nSA and click Clear Configuration.
2.Select Maintenance > System > Platform and click Restart Services.
3.Log in to nSA, and select Gateways > GW list.
4.Select the appropriate gateway and click Delete Gateway.
5.Register the ICS Gateway as described in Registering Ivanti Connect Secure Gateway.