Configuring a Agile Controller Server

This section describes how to configure a Agile Controller server in a Agile Controller SSO scenario.

Context

In the Agile Controller SSO scenario, you must set parameters for a FW to communicate with a Agile Controller server so that user information on the Agile Controller server can be imported to the FW.

Procedure

Choose Object > Authentication Server > Agile Controller.
Click Add.

Set parameters of a Agile Controller server.

The parameters on the FW must be consistent with those on the Agile Controller server.

Parameter	Description
Name	Name of a Agile Controller server.
IP Address	IP address of a Agile Controller. You can configure a maximum 20 IP addresses. The FW attempts to connect to these IP addresses in the order that they were added until one attempt succeeds.
Server Port	Port of the Agile Controller server that provides authentication services
Encryption	Use 3DES or AES128 to encrypt the packets transmitted between the FW and the Agile Controller server. AES128 is securer than 3DES. When AES128 is used as the encryption algorithm, you can enable Enhanced Encryption to use AES128 enhanced encryption which is more secure. NOTE: Each Agile Controller version may support different encryption modes. Before configuration, confirm whether the Agile Controller version supports the encryption mode and ensure that the encryption modes on both ends are the same.
Shared Key	Shared Key for the communication between a FW and a Agile Controller server The FW and Agile Controller server use this Shared Key to encrypt packets.
Source IP	IP address to be used by the FW to proactively access the Agile Controller server (to detect the connectivity of the Agile Controller server or import users/user groups/devices from the Agile Controller server). If you do not specify this parameter, the FW uses the IP address of the outbound interface connecting to the Agile Controller server as the source IP address. The IP address of the FW configured on the Agile Controller server must be the same as this IP address. In dual-system hot backup deployment, do not specify a virtual IP address as the source IP address. If you specify a virtual IP address as the source IP address, the active device can import users or user groups from the Agile Controller server, but the standby device cannot.

Click Detect. In the dialog box that is displayed, click OK to check the connectivity to the Agile Controller server.