Supported Security Gateways

The vSEC Controller works with:

• R77.20
• R77.30
• R80.10 gateways
• 60000/40000 Scalable Platforms R76SP.50 (starting with Jumbo Hotfix Accumulator, Take 20)

Important

To use the vSEC Controller with R77.20 and R77.30 gateways (R77.30 gateways with Jumbo Hotfix Accumulator below Take 309) install the R80.10 vSEC Controller v1 Enforcer Hotfix. See sk120464.

Activating the Identity Awareness Software Blade

For a Security Gateway to work with Data Center objects:

1. Enable the Identity Awareness Software Blade
2. Enable the Identity Awareness API
3. Add 127.0.0.1 to the trusted clients list.

Activating Identity Awareness for R80.10

For a Security Gateway to work with Data Center objects, enable the IDA Blade and the IDA API, and add 127.0.0.1 to the trusted clients list.

To activate Identity Awareness:

1. In SmartConsole, double-click the gateway. The General Properties window shows.
2. In the Network Security tab, select the Identity Awareness Software Blade.

   The Identity Awareness Configuration > Methods for Acquiring Identity window opens.

   Remove the AD Query selection if it is not necessary.

3. Select I do not wish to configure an Active Directory at this time.

   The Identity Awareness blade is activated by default.

4. Click Next > Finish.
5. From the General Properties window, select Identity Awareness.
6. From the Identity Awareness window, select Identity Web API.
7. Click Settings. The Identity Web API Settings window shows.
8. From the Authorized Clients section, add the 127.0.0.1 host object.
9. Enter a secret word in Selected Client Secret. Press Generate to create the client secret. Click OK.
10. Install the policy.

Activating Identity Awareness for R77.30 and R77.20

To work with Data Center objects, the Identity Awareness Blade and Terminal Server have to be enabled.

To activate Identity Awareness:

1. In SmartConsole, double-click the gateway. The General Properties window shows.
2. In the Network Security tab, select the Identity Awareness Software Blade.

   The Identity Awareness Configuration > Methods for Acquiring Identity window opens.

   Remove the AD Query selection if it is not necessary.

3. Select Terminal Servers > Next.

   The Identity Awareness Configuration > Integration with Active Directory window opens.

4. Select I do not wish to configure an Active Directory at this time.

   The Identity Awareness Software Blade is activated by default.

5. Click Next > Finish.
6. Install the policy.

To enable Identity Awareness on R77.30 Security Gateways, there must be communication between vSEC Controller and the Identity Awareness daemon on the gateway. Run pdp api enable. On VSX gateways, run this command on every Virtual System.

Enabling the vSEC Controller

In the R80.10 Security Management Server, the vSEC Controller is off by default.

To enable the vSEC Controller, run: vsec on

vSEC turned on successfully shows in the window.

To enable the vSEC Controller on the Security Management Server High Availability and the Multi-Domain Server High Availability, run: vsec on on each server

To disable the vSEC Controller, run: vsec off. When you disable the vSEC Controller, the vSEC Controller functionality will not work.