KB10163 - Steps to Add or Replace New Hardware and Configure Web Admin Access

This article provides the steps to add or replace new hardware, including MAG's and PSA devices, and configure the device for Web Admin access.

You have received new PCS hardware that needs to be installed and configured for Web admin access.  

Steps to configure the device via serial console and setup Web GUI admin access:

For rack mounting, installation and cabling guidelines go to https://www.pulsesecure.net/techpubs/ and select Pulse Appliances to download the hardware guides for PSA and MAG Series.

1. Once the device is installed, rack mounted, and connected to the switch, connect to the device via the serial console port.
2. If configuring the device via a direct connection to a laptop using HyperTerminal or SecureCRT, use the following settings:

• 9600 BPS
• 8 Data Bits
• No Parity
• 1 Stop Bit
• No flow control  

3. Power on the device.
4. When prompted to choose a factory-reset personality image choose option 1:

5. The device will perform post-install of components.  This can take several minutes:

6. Wait for the following prompt and type 'y' to proceed:

7. Click 'y' to agree to the terms of the license agreement:

8. Enter the network settings including the Internal Port IP address, network mask, gateway IP and DNS/WINS servers. (For an RMA replacement enter the IP settings that the defective node had.) Enter 'y' to confirm settings:

9. This completes the initial network configuration.
10. Create an administrative user account by entering the Admin username and password.  
11. Enter a Common Name and Organization name for the self-signed digital certificate.  The self-signed certificate will be replaced by a signed certificate later so whatever is entered here does not need to match actual host or organization names.  Enter some random text for the key generator.

12. Upon seeing the following output, the initial configuration is complete and the device can now be accessed via the URL in the example:  

FIPS Setup

FIPS setup is almost identical to the normal setup. The difference is that after the IP information instead of asking for the certificate information it asks you to initialize the security world.

1. To start the setup set the Cryptographic Module to initialize and then reboot the PCS.

2. The PCS will prompt that the card is unrecognized or unformatted and prompt to create a new security world.
3. When prompted to enter the number of cards to create, it is recommended to create at least two

 

4. Type yes when prompted to overwrite the unrecognized card.  The PCS will then prompt for a pass phrase.  It is important to document this pass phrase for later use as it will be required for importing a configuration, clustering operations or recovering a security world.

5. Set the PCS into Operational mode and reboot.
6. This completes the FIPs initial configuration. 
7. Access the Admin console via the Web URL.
8. For replacement or RMA nodes, import the system and user configuration from defective node (if available).

Refer to KB16146 - How to add or replace a device in an Active/Passive or Active/Active cluster for instructions to join an RMA node to an existing cluster.