Tips to create a profile using the Director Management Console (DMC)


<< Back to Knowledge Search

Solution

Overview

How do you create a profile on the Director Management Console?

Cause
Resolution

NOTE: This article assumes you have registered your ProxySG appliances with the Director.

Should I use a separate Profile for each model?

There should be no reason to build different profiles for each model type, unless they’re meant to do different things.  However,we suggest you use different profiles in these cases:

  • Different SGOS versions – each version might introduce a new command or change one, and the profile has to have a set of commands supported by the SGOS target version
  • Different functionality at the SG – for instance, there might be different configurations for branch servers vs. core servers or forward proxy vs. reverse proxy deployments.  This can be achieved either through different profiles, one for each configuration needed.
  • The config in a profile could for example reference an interface name which is not available on all platforms/models. However, if your customer is always using IF 0:0 for example, there should be no issue.

To create a profile, follow these steps.

1:  Login to the Director Management Console ( DMC): 

  • After you login, navigate to the configure tab.
  • Ensure you have chosen "profiles" in the drop down list.
  • Right click on the configuration library area, (on the right of your screen) and press new profile.
  • Give this new profile a name of say 'My new profile'
  • Click on the radio button for device, rather than URL.
  • Browse and choose the SG you want to pull a profile/overlay file from.
  • Press ok
  • A new profile will now be added to the DMC configuration library, on the right hand side. 

 2: To send this profile back to this, and other SG appliances, follow these steps.

  1. Click on the configure tab,
  2. Naviagate to the profile you configued above, in step 1.
  3. Right click on it, and choose edit.
  4. Remove the SSH key section that we highlight in 000011443
  5. Between the sections starting with "nline keyring show configuration-passwords-key "end-479427578-inline""     and " end-479427578-inline
  6. TIP: Ensure you select and delete the the above mentioned text as well.   The exact section you should delete is also detailed here- 000011443
  7. Press ok.
  8. Result: you have now edited out the keyring part of the configuration.
  9. Navigate to the device you want to send this profile to.
  10. Right click on the profile again, but this time select "execute". 
  11. If the 'execute option is greyed out you have not properly selected your SG appliance object.
  12. Once you press 'execute' you will be warned of keyring errors.
  13. Execute profile "My new profile" on model "200-C"
  14. You will see the below warnings.
     

Warning: This profile may exclude SSL keyrings and passwords from the source Device.  If such security credentials are required, modify the Director connection settings for the source Device to use SSH-RSA and recreate the Profile.

This will overwrite the existing configuration and reload the SG.
Do you want to proceed?

  • Press ok on the above warmings,  and the profile will be sent to the SG.
  • This will take a few minutes, and  SG will be reboot,
  • Once it completes, you should see this message..

Profile execution complete for device "SG402"

 

To create a backup of a ProxySG appliance, follow these steps.

  • Login to the Director Management Console ( DMC) .
  • Navigate to the Configure tab.
  • Select the device you want to backup.
  • Click on the link that is named "Launch Backup manager''
  • Choose 'create' to create a new backup for this device.

 

To create a overlay file, follow these steps: 

  • After you login, navigate to the configure tab.
  • Ensure you have chosen "overlays" in the drop down list.
  • Right click on the configuration library area, (on the right of your screen) and press new overlay.
  • Give this new overlay  name of say 'My new profile'
  • Click on the radio button for device, rather than URL.
  • Browse and choose the SG you want to pull a profile/overlay file from.
  • Choose the method in which you want to add to this file. 
  • Your options are:
    • using the SG UI.
    • CLI.
    • Content policy and using a  refreshable configurations  such a Proxy SG Pac files and routing
  • TIP:  A refreshable is content that will be refreshed from this source SG, whenever this overlay is sent out to your chosen target  SGs.  You mainting the Golden, or source SG with configuration you consider Golden, and this configuration is updated every time you send this overlay file out.
  • Press ok
  • A new overlay file is  now be added to the DMC configuration library, on the right hand side

Troubleshooting tips.

1: All overlay, profiles, and Backup files are formed in the SGS own Command line syntax, and can be sent to them directly, through a SSH terminal session, using Putty, or something similiar.   For example, in the 'sending a profile section above (section  2) , you can cut and past the contents you extracted in step 6, and send it to the SG directly through a SG Putty session, therebv bypassing the Director appliance. 

2: Here are three examples of very generic overlay files. One creates BCWF fitler configuration and  another creates a FTP ocation for the SG to send an access log two.  Either of these overlay files could be cut and pasted into a putty sesion of any SG, thereby bypassing the Director.  We suggest using this type of troubleshooting methodoly for Director profiles, overlay files, and backups.

EXAMPLES:

1: Bluecoat webfilter example:

content-filter
bluecoat
download username "BCWF-MAR1511"
exit
exit

Steps to create the above BCWF setup overlay file.

  • Choose and Launch the "Device management console"  option.
  • Click on content filtering, and choose "Bluecoat"  and then enter the user name of "BCWF-MAR1511"
  • Then select "save to overlay" 
  • Here, it creates a section named "bluecoat"
  • TIP: No overlay can save passwords.

2: Access logging example:

access-log
enable
exit

access-log
edit log main
client-type ftp
ftp-client primary host "dummy.ftp.com" 21
ftp-client primary path "/"
ftp-client primary username "Goofy"
exit
exit

Steps in creating the above two sections of access log configuration.

  • Choose and Launch the "Device management console"  option.
  • Click on the 'access logging' section.
  • Click on "general' and enable acces logging.
  • Click on logs, and choose upload client.
  • Select the client type as press the 'settings' button.
  • Type in dummy.ftp.com as the FTP host, and Goofy as the username.
  • Select "save to overlay' .
  • Here it creates a two sections in the overall overlay file called "General access logs" and "Access logs.
  •  TIP: No overlay can save passwords.

 

Workaround
Additional Information
Bug Number
InQuira Doc IdKB4322
Attachment

Article Feedback

Hide Properties
First Published      10/01/2014
Last Modified      08/17/2016
Last Published      08/17/2016
Article Audience
Product      Director-510
Software      Director 5.5, Director 6.1
Topic      Configuration / WUI / CLI, Director Jobs
Article Number      000010276
Summary      This article provides examples for creating profiles on the DMC.
Was this helpful?
Comments:
 
Previous MonthNext Month
SunMonTueWedThuFriSat