Configuring a Virtual Appliance From the Command Line

The Traffic Manager supports performing initial configuration through the command line, as an alternative to using the Web-based Initial Configuration Wizard.

To use the Initial Configuration Wizard, see Using the Initial Configuration Wizard.

To start the configuration program, login to the virtual appliance console and type the following command at the prompt:

z-initial-config

Follow the on-screen instructions to proceed.

Pulse Secure Virtual Traffic Manager Installation Program

Copyright (C) 2022, Ivanti, Inc. All rights reserved.

 

 

Welcome to your Pulse Secure Virtual Traffic Manager Appliance

 

This application will guide you through the process of setting up

your Pulse Secure Virtual Traffic Manager Appliance for basic operation.

This should only take a few minutes. Some initial networking settings

will be required - please contact your support provider if you need any help.

 

Press return to continue.

Press RETURN to start configuring the virtual appliance.

------------------------------------------------------------------------

Use of this software is subject to the Ivanti Terms and Conditions

of Sale.

 

Please review these terms, published at

http://www.pulsesecure.net/support/eula/ before proceeding.

------------------------------------------------------------------------

 

 

Enter 'accept' to accept this license, or press return to abort:

Read and accept the Ivanti Terms and Conditions of Sale, available from the URL indicated. If you agree to its terms, type “accept” at the prompt to continue. You cannot proceed with the configuration program, and thus use the software, if you do not accept the terms of the agreement.

Would you like to register this traffic manager with a Services Director,

for remote licensing purposes? If not, a license file can be specified.

 

Note that registering will enforce that the REST API is enabled.

 

Register with a Services Director? [Y/N] [N]:

To register this Traffic Manager to use remote licensing as part of a Pulse Secure Services Director deployment, type “Y” and follow the instructions contained in your Services Director documentation.

To use remote licensing, make sure you are using Pulse Secure Services Director version 2.4 or later.

Flexible licensing through the Services Director is available only for certain virtualization platforms. This option appears only where it is applicable.

Type “N” to license this Traffic Manager directly.

Enter the license key file name, or leave blank for the Community Edition.

Enter 'help' for more information.

 

License key file:

The Traffic Manager requires a license key to operate fully. The feature set and bandwidth limits are determined by the license applied, the details of which can be seen on the System > Licenses page of the Admin UI after you have finished configuring your instance.

Choose either to install the license key now, or to upload it later from the Admin UI. If you choose to leave this entry blank, the system defaults to running as the Community Edition. For further information, see The Community Edition.

For information about paid licensing, contact Pulse Secure Technical Support.

Please provide the basic network configuration for this appliance.

The configuration may be changed at a later date

using the administration server.

 

 

Please provide the hostname that this appliance will be known by.

This can be provided as 'hostname' or 'hostname.domainname'.

 

Hostname:

Type the desired hostname for the virtual appliance, in either the simple form or fully qualified form (for example, "vtm1" or "vtm1.mgmt.site.com"). If you intend to create a cluster of Traffic Managers and you are using DNS servers for name resolution, it is important that the name you choose here is resolvable from your name servers. If you are unable to specify a resolvable hostname, type a suitable text name here and use the IP address identification option offered later in the configuration program.

To use trunking, give interfaces the same IP address.

All interfaces in a trunk must be connected to the same switch and

the switch must have IEEE 802.3ad support enabled.

 

 

Enter space separated list of interfaces you would like to configure.

Available options: eth0 eth1 eth2 eth3 eth4 eth5. At least one

network interface must be selected.

 

Interfaces:

Type the interface names you want to configure from the list given. For example, “eth0 eth1 eth2”.

Would you like to enable DHCP on eth0? Y/N [N]: y

Would you like to enable DHCP on eth1? Y/N [N]: y

Would you like to enable DHCP on eth2? Y/N [N]: n

For each interface, type “Y” to enable DHCP. The Traffic Manager then attempts to obtain address details from the DHCP service in your network. Type “N” to instead specify an IP address and netmask manually.

Enter eth2 IPv4 address or 'use_current' to use currently configured IP which is none.

IP:

Type the IP address for the selected interface in dotted quad notation. For example, “192.168.1.101”.

Enter eth2 netmask or 'use_current' to use currently configured netmask which is none.

Netmask:

Type the netmask for the associated IP address. For example, “16” or “255.255.0.0”.

The gateway IP address for this appliance:

Type the IP address of the default gateway. This IP address is also used for network connectivity tests by your Traffic Manager, and the gateway machine should respond to "ping" requests for this purpose. If it does not, you must configure your Traffic Manager with an additional machine to ping instead. To set a different address to ping, use the Admin UI after your Traffic Manager has been configured.

If you selected DHCP for at least one of your network interfaces, the Traffic Manager attempts to automatically obtain a default gateway, as well as name servers and a search domain, from the DHCP service. If successful, the Traffic Manager uses these settings in place of any values entered during this step.

Optional: choose management IP, or press return to skip.

Available options: 192.168.1.101

Enter 'help' for more information.

 

Management IP [none]:

Type the IP address of the interface you want to use as the management IP address, based on the list of IP addresses you configured earlier. Management traffic includes access to the Traffic Manager Admin UI, external API access, and internal communications within a Traffic Manager cluster. This address normally resides on a private or dedicated management network.

CAUTION
Ivanti recommends only choosing to use a management address if you have a dedicated, reliable management network. Each management address is a single point of failure for an entire Traffic Manager cluster. All of your management addresses must always be available.

Please provide the DNS and Search Domain configuration for this appliance.

DNS settings are optional. However, without access to a Name Server, hostnames

won't be able to be automatically converted to IP addresses.

 

 

Optional: the Name Server(s) that the appliance will use.

Please provide a space separated list of your Name Servers' IP addresses or

'use_current' to use system settings.

Currently system is configured to use: '192.168.1.127 192.168.1.128'.

 

Nameservers:

Type the IP addresses of the external name servers the virtual appliance should use for DNS resolution.

The Traffic Manager works correctly without access to external name servers, however you then have to use IP addresses instead of hostnames when setting up pools of servers. Alternatively, you can manually enter hostname-to-IP address mappings in the Admin UI (in the "DNS" section of the System > Networking page) after you have completed the configuration program.

Optional: the default domain name used when looking up unqualified

hostnames in the DNS. Please provide a space separated list of search domains.

 

Search domains:

Type the default search domains the virtual appliance should use when looking up unqualified hostnames.

If you selected DHCP for at least one of your network interfaces, the Traffic Manager attempts to automatically obtain name servers and a search domain from the DHCP service. If successful, the Traffic Manager uses DHCP-derived settings in place of any values entered during this step.

 

Optional: do you want to replace the traffic manager name with an IP address?

You might want to identify this traffic manager instance using its IP address

if its hostname is not resolvable.

Available options: 192.168.1.101.

Enter the value of nameip parameter, or press return to skip,

 

nameip [none]:

If your designated virtual appliance hostname is not resolvable, you must use the IP address of a configured network interface as the virtual appliance identifier. Type the desired IP address from list of available addresses, or type "None" (the default value) to force the wizard to set the Traffic Manager name to be the unresolvable hostname. Be aware that you might experience connectivity issues until the hostname successfully resolves to an IP address within your DNS.

To change the identifying IP address after you have completed the configuration program, use the “Replace Traffic Manager Name” section on the System > Traffic Managers page of the Admin UI.

Please specify the time zone of this appliance, or enter 'help'

for the list of available time zones.

 

Timezone:

Type the time zone you want this virtual appliance to use, or type “help” to first display a list of available time zones.

A master 'admin' user is created that you can use to log in to the

Administration Server and SSH console.

Please choose a password for this user:

Re-enter:

Type (and confirm) a password for the Traffic Manager “admin” user. This is the master password that is used when configuring the virtual appliance through a Web browser, or when you log in to the Traffic Manager command line using SSH (with the username "admin").

Do you want to enable SSH intrusion detection?

Enter 'help' for more information:

 

Enable SSH intrusion detection? Y/N [N]:

The Traffic Manager also contains the option to enable SSH Intrusion Detection to help prevent brute-force SSH attacks on your virtual appliance. Ivanti strongly recommends you enable this option.

Do you want to enable REST API access to the appliance?

 

Enable REST API? Y/N [N]:

The Traffic Manager provides an industry-standard REST API. Type “Y” to enable or “N” to disable the REST API. For further information, see the Pulse Secure Virtual Traffic Manager: REST API Guide.

You have specified the following settings:

 

No license file: the traffic manager will run as the Community Edition

Hostname: vtm-01

DHCP enabled on: eth0 eth1

eth2 IP address: 192.168.1.101

eth2 netmask: 16

Gateway: 192.168.1.1

Management IP: 192.168.1.99

Nameservers: 192.168.1.127 192.168.1.128

DNS search domains : cam.zeus.com

Traffic Manager Name IP: (none)

Timezone: Europe/London

SSH protection enabled: Yes

REST enabled: No

 

You may be logged out when the network configuration changes.

Use your management IP address to log in again.

 

Proceed with configuration? Y/N:

Before you finish, check through the summary to confirm your intended settings. To configure your virtual appliance with these settings, type “Y” at the prompt.

If your configuration is successful, the following message is displayed:

Initial configuration completed successfully.

Performing an Unattended Configuration

The Traffic Manager provides the ability to automate z-initial-config using a replay file containing pre-determined responses to the questions asked during the configuration process. To perform an unattended configuration, type the following command at the prompt:

z-initial-config --replay-from=<replay filename>

To create a suitable replay file, capture your responses using the following command:

z-initial-config --record-to=<replay filename>