NextGen Secure Connectors are configured and managed by the NextGen Control Center using the Secure Connector Editor. You can either create the configuration as a template and then assign it to the FSC device, or directly configure the FSC. For more information, see How to Create and Apply FSC Templates.
Step 1. Add a Secure Connector Configuration
Add a Secure Connector Configuration or use a configuration template. Configuration settings configured via template are automatically used and cannot be configured on a per-device basis.
- Go to your cluster > Cluster Settings > Secure Connector Editor.
- Click Lock.
- Click Add SC.
(optional) Select a template.
- Click OK. The Create SC window opens.
Step 2. Configure the settings for the FSC
Configure identification settings
- Enter a Unique Appliance Name for the FSC. The name is final and cannot be changed later.
The Unique Identifier is a string containing the range, cluster and unique appliance name.
- (optional) Enter a description for the FSC
- From The Secure Connector Model drop-down list, select the hardware version. E.g., SC1.
- (optional) Click + to add the serial number of the FSCs allowed to connect with this configuration.
- (optional) Enter your company details and specify the location and timezone of the FSC unit.
Configure administrative settings
- In the left menu, click Administrative Settings.
- Select the FSC network from the S-Series VIP Net drop-down list. The FSC is automatically assigned to the FSAC associated with the FSC network.
In the CC IP Address field, enter the IP address of the Control Center.
Set the WebUI Username/ Password for the web interface of the FSC.
Enter the Root Password for the FSC. The default root password is:
Select the SSH Remote Access check box to enable SSH. You must also create an FSC management rule to be able to log in via SSH. For more information, see How to Create FSC Firewall Management Rules.
- Enter the Hostname used for the FSC. You can use the same hostname for all FSCs.
- In the Box DNS Domain field, enter the domain for the FSC.
- Next to DNS Server IP, Click + to enter the IP addresses for the DNS servers.
- Select the Enable NTP check box to synchronize the time with an NTP server.
- Enter the FQDN or IP address for the NTP server located near your location. Default:
Configure WAN settings
In the left menu, click WAN Settings.
- From the WAN Network Mode drop-down list, select Manual.
Configure the WAN connection for the WAN port. For more information, see FSC WAN Connections.
Configure LAN settings
In the left menu, click LAN Settings.
Select the LAN Network Mode:
- Automatic (default) – The FSC is automatically assigned a subnet from the FSC network with the pool size specified in the FSC network configuration.
- Manual – Define the IP address and all other FSC network settings manually. You can also enable the DHCP server for the network.
Configure Wi-Fi settings
In the left menu, click Wi-Fi Settings.
Select the Wi-Fi Mode:
Configure Wireless WAN settings
In the left menu, click Wireless WAN Settings.
- Select the WWAN Active checkbox.
- Enter the name of the WWAN access point you wish to connect to.
- If applicable, enter the unlocking PIN code for your SIM card.
- Enter the Phone Number number without the trailing hash (#).
- Select the Authentication Method.
- Enter the User Access ID assigned by your WWAN service provider.
(optional) Enter the User Access Sub-ID assigned by your WWAN service provider.
Enter the Access Password assigned by your WWAN service provider.
Configure VPN Settings
- In the left menu, click VPN Settings.
- Select the VPN Mode:
- Operative Mode (default) – Use certificates to authenticate to the FSAC.
- Deployment Mode – Use a passphrase to authenticate to the FSAC.
- Select the VPN enabled check box.
- (Deployment mode only) Enter the Deployment Password used to authenticate when connecting to the FSAC.
- Click New Key and select the Key Length to generate the private certificate.
- Click Edit and fill in the certificate information.
- (Manual network only) – Enter the VIP IP address in the Virtual IP field. If automatically assigned, this is the first IP address in the FSC subnet assigned to the unit.
- Next to Remote Networks, click + to add the networks routed through the VPN tunnel. To send everything through the tunnel and to offer Internet access, enter
The Server Port is the Entry Port configured for the FSAC. The VPN Access Concentrator Public Key is automatically filled in when the configuration is saved.
- From the Tunnel Mode drop-down list, select the transport protocol. Select TCP (default) for more reliability and UDP for high performance.
- Select the E ncryption algorithm used.
Configure Routing Settings
- In the left menu, click Routing Settings.
Click + to add System Routes. For more information, see FSC Routing.
Configure Firewall Settings
In the left menu, click Firewall Settings.
Configure the Firewall Settings. For more information, see FSC Firewall.
Configure advanced settings
In the left menu, click Advanced:
Configure Logging. For more information, see FSC Logging.
Select USB Mass Storage support to use the FSC as a mass storage device on your desktop computer. This allows you to copy configuration files directly to the FSC.
- To configure syslog streaming, see FSC Syslog Streaming.
For information on how to deploy an FSC using this configuration, see: