Managing Domains

In This Section:

A Domain Server is the functional equivalent of a Security Management Server in a single-domain environment. You connect directly to a Domain Server with SmartConsole to manage a Domain and its components:

Domain Security Gateways
Domain Security Policies, rules, and other Domain level security settings
Domain system objects, such as services, users, and VPN Communities.
Domain Software Blades and their related configuration settings

This chapter shows how to create and manage Domains and Domain Servers. Also included in this chapter are procedures for creating and configuring a Secondary Multi-Domain Server.

Creating a New Domain

Use this procedure to create a new Domain together with the first Domain Server for this Domain.

To create a new Domain:

Connect to the Multi-Domain Server with SmartConsole.
In the Multi-Domain > Domains view, click New.
In the Domain window, enter a unique Domain name.
Click the + icon in the General > Domain Servers section.
In a High Availability deployment, you must select a Multi-Domain Server from the list.
1. Enter a unique Domain Server name or accept the default name.
2. Enter the Domain Server IP address, or click Resolve IP to get the IP Address from the Multi-Domain Server address pool.
3. Accept the default Domain Server type and click OK.
4. Click Trusted Clients and select one or more trusted clients from the list that can connect to this Domain Server.
5. Optional: Click Additional Information and enter contact information for the person responsible for this Domain Server.
Click OK to save the new Domain and Domain Server.

Notes:

When you create a new Domain, you must always create at least one new Domain Server with it.
You can also use this procedure to create Standby Domains and Domain Servers for Domain Server for redundancy and Load Sharing. To do this, there must be at least one Secondary Multi-Domain Server in the deployment.
To create a Log Server, you must have a Multi-Domain Log Server or a Secondary Multi-Domain Server in your environment.

Assigning Trusted Clients to Domains

You must assign all Domains to one or more trusted SmartConsole clients before you can connect to them. If you do not do this, an error message will show when you try to connect.

Each Domain assignment identifies trusted SmartConsole clients based on one of these criteria:

An IP address
A host name
A range of IP addresses
Net mask
IP addresses with wildcard characters
Any - All SmartConsole clients can connect

To assign a trusted client to a Domain:

Connect to the Multi-Domain Server with SmartConsole
Select Multi-Domain > Permissions & Administrators > Trusted Clients.
Click New.
In the New Trusted Client window, enter a unique name for this Domain assignment.
Select an identification criterion from the Type list and enter the applicable information.
Add one or more Domains to the Domain Assignment list.
Optional: Select Multi-Domain Server Trusted Client to apply this assignment to Multi-Domain Servers in addition to the specified Domains.

To add another Domain to an existing trusted client:

Select Multi-Domain > Permissions & Administrators > Trusted Clients.
Double-click the trusted client name.
In the Trusted Client window, add one or more Domains to the Domains Assignment list.

To change a Domain assignment:

Select Multi-Domain > Permissions & Administrators > Trusted Clients.
Double-click an existing trusted client name.
Select an identification criterion from the Type list and enter or change the applicable information.
Add or delete one or more Domains in the Domain Assignment list.
Optional: Select Multi-Domain Server Trusted Client to apply this assignment to Multi-Domain Servers in addition to the specified Domains.

Configuring Automatic Domain IP Address Assignment

You can configure a Multi-Domain Server to assign an IP address to Domain Servers managed by this Multi-Domain Server from a predefined pool of IP addresses. This makes sure that the assigned IP address is not in use by other Multi-Domain Servers or Domain Servers.

To configure a Multi-Domain Server to assign IP addresses to Domain Servers:

In the Multi-Domain view, right-click a Multi-Domain Server and select Edit.
The Multi-Domain Server window opens.
From the navigation tree, select Multi-Domain.
In the IP Range section, enter the first and last IP address in the range.
Click OK.

Changing an Existing Domain Configuration

To change an existing Domain configuration:

Connect to the Multi-Domain Server with SmartConsole.
In the Multi-Domain > Domains view, double-click the applicable Domain.
In the Domain window, select the Domain Server and click the pencil icon (edit).
Note - You cannot change the Domain name. If you try to do this, an error message shows.
Add, delete or change the other Domain definitions as necessary.

Deleting a Domain Server

To Delete a Domain Server:

Connect to the Multi-Domain Server with SmartConsole and go to the Domains view.
Right click a Domain Server in the grid, and then select Delete.

Deleting a Domain

To delete a Domain:

In the Domains section, right-click a Domain.
Select Delete from the context menu.

This action automatically deletes the active and secondary Domain Servers, Domain Log Servers, and the Domain object.

Connecting to a Domain Server

To connect directly to a Domain:

Login to SmartConsole.
In the Welcome screen, select a Domain from the list, and then click Proceed.
SmartConsole opens with the active Domain Server in the Gateways & Servers view.

To connect to a Domain Server from the SmartConsole Multi-Domain view:

Connect to a Multi-Domain Server with SmartConsole.
In the Multi-Domain > Domains view, right-click the active Domain Server in the grid.
Select Connect to Domain Server.

Note - In a High Availability deployment, you can only make changes to a Domain from the active Domain Server. The active Domain Server shows with a black icon. If you connect to a standby Domain Server (white icon), SmartConsole opens in the Read Only mode.

Working with Cross-Domain Management

The Multi-Domain Management Gateways & Servers view lets administrators see and work with Domain Servers, Security Gateways, and other objects for all Domains in one convenient window. You must have the applicable permissions to see and work with these objects.

To open the Gateways & Servers view:

Connect to a Multi-Domain Server with SmartConsole.
Click Gateways & Servers.
The Gateways & Servers view shows all Security Gateway and Domain Server objects.

To work with a Security Gateway, double-click Security Gateway object. A SmartConsole instance for the applicable Domain Server opens and automatically shows the Gateway window for the selected Security Gateway. In a High Availability environment, the Active Domain Server opens.

To work with a Domain, double-click its Domain Server object. A SmartConsole instance for the applicable opens and automatically shows the Host window for the selected Domain Server. In a High Availability environment, make sure that you select the Active Domain Server, which opens in the Read/Write mode. Standby Domain Servers open as Read-Only and you cannot make any changes to Domain objects.

Changing an Existing Multi-Domain Server

You can change the settings for an existing Multi-Domain Server or Multi-Domain Log Server.

To change the settings for an existing Multi-Domain Server:

Double-click the Multi-Domain Server or Multi-Domain Log Server in the top row of the Domains grid.
In the Multi-Domain Server window, change the parameters in the General, Multi-Domain and Log Settings views.

Note - You cannot change the Multi-Domain Server name.

Setting the Domain Server Display Format

You can change how Domain Servers show in the Domains grid.

To set the Domain Server display format:

Go to Multi-Domain > Preferences.
Select a display format:
- Domain Server Name and IP (default)
- Domain Server IP
- Domain Server Name