Manualshelf

User guide

ManualsBrandsJuniper ManualsNetworkingSA6500 FIPS
31323334353637383940
To import an existing security world into a stand-alone Secure Access device:
1. Import the system configuration file that contains the archived security world and its
corresponding certificate into the Secure Access device, and then initialize the security
world if necessary. If the configuration file contains an archive of:
The same security world that was already present on the machine, no further
configuration is required.
A different security world than was already present on the machine, you must
initialize the new security world.
NOTE: If you import a configuration file containing a different security
world, note that your existing administrator cards will not work with the
imported security world until you reformat them with the new security
world’s data. Also note that once you set the switch to I and begin
initialization, you must complete the process. Otherwise, your security
world is only partially initialized, making it unusable.
2. Insert an administrator card that is pre-initialized with the imported security world
into the smart card reader slot with the contacts facing up.
3. Set the mode switch on the cryptographic module to I (initialization mode).
4. Access the Secure Access device’s serial console and reboot the Secure Access device.
5. Reset the cryptographic module’s mode switch to O (operational mode) when
prompted.
Importing a Security World Into a Cluster
To import an existing security world into a cluster:
1. Sign in to the admin console of a cluster node. To access a node’s admin console,
enter its internal IP address followed by “/admin” in a browser. For example:
https://x.x.x.x/admin
2. On the System > Clustering > Status tab, select the checkbox for all nodes other than
the current node in the Cluster Members column and then click Disable.
3. Import an archived security world in to the cluster member.
4. When the installation process completes, return to the node’s System > Clustering >
Status tab, select the checkbox next to the disabled nodes in the Cluster Members
column, and then click Enable.
5. Wait for all the cluster members to go into the "Enabled" state.
6. Set the mode switch on the cryptographic modules of cluster members' that were
earlier disabled to I (initialization mode).
21Copyright © 2012, Juniper Networks, Inc.
Chapter 5: Security World