Configuring the Appliance From the Command Line
The Traffic Manager supports performing initial configuration through the command line, as an alternative to using the Web-based Initial Configuration Wizard.
To use the Initial Configuration Wizard, see Running the Initial Configuration Wizard.
To start the configuration program, login to the appliance console and type the following command at the prompt:
z-initial-config
Follow the on-screen instructions to proceed.
Pulse Secure Virtual Traffic Manager Installation Program
Copyright (C) 2022, Ivanti, Inc.. All rights reserved.
Welcome to your Pulse Secure Virtual Traffic Manager Appliance
This application will guide you through the process of setting up
your Pulse Secure Virtual Traffic Manager Appliance for basic operation.
This should only take a few minutes. Some initial networking settings
will be required - please contact your support provider if you need any help.
Press return to continue.
Press RETURN to start configuring the appliance.
------------------------------------------------------------------------
Use of this software is subject to the Ivanti Terms and Conditions
of Sale.
Please review these terms, published at
http://http://www.pulsesecure.net/support/eula/ before proceeding.
------------------------------------------------------------------------
Enter 'accept' to accept this license, or press return to abort:
Read and accept the Ivanti Terms and Conditions of Sale, available from the URL indicated. If you agree to its terms, type “accept” at the prompt to continue. You cannot proceed with the configuration program, and thus use the software, if you do not accept the terms of the agreement.
Enter the license key file name, or leave blank for the Community Edition.
Enter 'help' for more information.
License key file:
The Traffic Manager requires a license key to operate fully. The feature set and bandwidth limits are determined by the license applied, the details of which can be seen on the System > Licenses page of the Admin UI after you have finished configuring your instance.
Choose either to install the license key now, or to upload it later from the Admin UI. If you choose to leave this entry blank, the system defaults to running as the Community Edition. For further information, see The Community Edition.
For information about paid licensing, contact Pulse Secure Technical Support.
Please provide the basic network configuration for this appliance.
The configuration may be changed at a later date
using the administration server.
Please provide the hostname that this appliance will be known by.
This can be provided as 'hostname' or 'hostname.domainname'.
Hostname:
Type the desired hostname for the appliance, in either the simple form or fully qualified form (for example, "vtm1" or "vtm1.mgmt.site.com"). If you intend to create a cluster of Traffic Manager appliances and you are using DNS servers for name resolution, it is important that the name you choose here is resolvable from your name servers. If you are unable to specify a resolvable hostname, type a suitable text name here and use the IP address identification option offered later in the configuration program.
To use trunking, give interfaces the same IP address.
All interfaces in a trunk must be connected to the same switch and
the switch must have IEEE 802.3ad support enabled.
Enter space separated list of interfaces you would like to configure.
Available options: eth0 eth1 eth2 eth3 eth4 eth5. At least one
network interface must be selected.
Interfaces:
Type the interface name you want to configure from the list given. For example, “eth0 eth1 eth2 eth3”.
Would you like to enable DHCP on eth0? Y/N [N]: y
Would you like to enable DHCP on eth1? Y/N [N]: y
Would you like to enable DHCP on eth2? Y/N [N]: y
Would you like to enable DHCP on eth3? Y/N [N]: n
For each interface, type “Y” to enable DHCP. The Traffic Manager then attempts to obtain address details from the DHCP service in your network. Type “N” to instead specify an IP address and netmask manually.
Enter eth3 IPv4 address or 'use_current' to use currently configured IP which is none.
IP:
Type the IP address for the selected interface in dotted quad notation. For example, “192.168.1.101”.
Enter eth3 netmask or 'use_current' to use currently configured netmask which is none.
Netmask:
Type the netmask for the associated IP address. For example, “16” or “255.255.0.0”.
The gateway IP address for this appliance:
Type the IP address of the default gateway. This IP address is also used for network connectivity tests by your Traffic Manager, and the gateway machine should respond to "ping" requests for this purpose. If it does not, you must configure your Traffic Manager with an additional machine to ping instead. To set a different address to ping, use the Admin UI after your Traffic Manager has been configured.
If you selected DHCP for at least one of your network interfaces, the Traffic Manager attempts to automatically obtain a default gateway, as well as name servers and a search domain, from the DHCP service. If successful, the Traffic Manager uses these settings in place of any values entered during this step.
Optional: choose management IP, or press return to skip.
Available options: 192.168.1.101
Enter 'help' for more information.
Management IP [none]:
Type the IP address of the interface you want to use as the management IP address, based on the list of IP addresses you configured earlier. Management traffic includes access to the Traffic Manager Admin UI, external API access, and internal communications within a Traffic Manager cluster. This address normally resides on a private or dedicated management network.
CAUTION
Ivanti recommends only choosing to use a management address if you have a dedicated, reliable management network. Each management address is a single point of failure for an entire Traffic Manager cluster. All of your management addresses must always be available.
Please provide the DNS and Search Domain configuration for this appliance.
DNS settings are optional. However, without access to a Name Server, hostnames
won't be able to be automatically converted to IP addresses.
Optional: the Name Server(s) that the appliance will use.
Please provide a space separated list of your Name Servers' IP addresses or
'use_current' to use system settings.
Currently system is configured to use: '192.168.1.127 192.168.1.128'.
Nameservers:
Type the IP addresses of the external name servers the appliance should use for DNS resolution.
The Traffic Manager works correctly without access to external name servers, however you then have to use IP addresses instead of hostnames when setting up pools of servers. Alternatively, you can manually enter hostname-to-IP address mappings in the Admin UI (in the "DNS" section of the System > Networking page) after you have completed the configuration program.
Optional: the default domain name used when looking up unqualified
hostnames in the DNS. Please provide a space separated list of search domains.
Search domains:
Type the default search domains the appliance should use when looking up unqualified hostnames.
Optional: do you want to replace the traffic manager name with an IP address?
You might want to identify this traffic manager instance using its IP address
if its hostname is not resolvable.
Available options: 192.168.1.101.
Enter the value of nameip parameter, or press return to skip,
nameip [none]:
If your designated appliance hostname is not resolvable, you must use the IP address of a configured network interface as the appliance identifier. Type the desired IP address from list of available addresses, or type "None" (the default value) to force the wizard to set the Traffic Manager name to be the unresolvable hostname. Be aware that you might experience connectivity issues until the hostname successfully resolves to an IP address within your DNS.
To change the identifying IP address after you have completed the configuration program, use the “Replace Traffic Manager Name” section on the System > Traffic Managers page of the Admin UI.
Please specify the time zone of this appliance, or enter 'help'
for the list of available time zones.
Timezone:
Type the time zone you want this appliance to use, or type “help” to first display a list of available time zones.
A master 'admin' user is created that you can use to log in to the
Administration Server and SSH console.
Please choose a password for this user:
Re-enter:
Type (and confirm) a password for the Traffic Manager “admin” user. This is the master password that is used when configuring the appliance through a Web browser, or when you log in to the Traffic Manager command line using SSH (with the username "admin").
Do you want to enable SSH intrusion detection?
Enter 'help' for more information:
Enable SSH intrusion detection? Y/N [N]:
The Traffic Manager also contains the option to enable SSH Intrusion Detection to help prevent brute-force SSH attacks on your appliance. Ivanti strongly recommends you enable this option.
Do you want to enable REST API access to the appliance?
Enable REST API? Y/N [N]:
The Traffic Manager provides an industry-standard REST API. Type “Y” to enable or “N” to disable the REST API. For further information, see the Pulse Secure Virtual Traffic Manager: REST API Guide.
Do you want to disable IPMI LAN access? Y/N [N]:
Your appliance hardware might come supplied with an Intelligent Platform Management Interface (IPMI) card. Type “Y” if you want to disable LAN access to the IPMI module for increased security.
You may create an IPMI admin user to access IPMI remotely
using IPMI LAN channel.
Do you want to create an IPMI admin user? Y/N [N]:
If you choose to retain IPMI LAN access, type “Y” here to set the IPMI administration user credentials to match the Traffic Manager admin user configured earlier.
You have specified the following settings:
No license file: the traffic manager will run as the Community Edition
Hostname: vtm-01
DHCP enabled on: eth0 eth1 eth2
eth3 IP address: 192.168.1.101
eth3 netmask: 16
Gateway: 192.168.1.1
Management IP: (none)
Nameservers: 192.168.1.30
DNS search domains : cam.zeus.com
Traffic Manager Name IP: (none)
Timezone: Europe/London
SSH protection enabled: Yes
REST enabled: No
Disable IPMI: No
Create IPMI admin user: Yes
You may be logged out when the network configuration changes.
Proceed with configuration? Y/N:
Before you finish, check through the summary to confirm your intended settings. To configure your appliance with these settings, type “Y” at the prompt.
If your configuration is successful, the following message is displayed:
Initial configuration completed successfully.
Performing an Unattended Configuration
The Traffic Manager provides the ability to automate z-initial-config using a replay file containing pre-determined responses to the questions asked during the configuration process. To perform an unattended configuration, type the following command at the prompt:
z-initial-config --replay-from=<replay filename>
To create a suitable replay file, capture your responses using the following command:
z-initial-config --record-to=<replay filename>