Automatically Connecting the FW to the Cloud Management Platform: Obtaining the IP Address of the Cloud Management Platform from a DHCP Server

When a device starts without any configuration, it can obtain the cloud management platform's IP address and port number from the DHCP server on the LAN and automatically establish a connection with the cloud management platform. This is seen as a plug-and-play mode.

Figure 1 Obtaining the cloud management platform's IP address through a DHCP server

In this mode, you must run the dhcp server option 148 ascii agilemode=agile-cloud;agilemanage-mode=ip/domain;agilemanage-domain=ip-address/domain-name;agilemanage-port=port-number command on the interface of DHCP server directly connecting the FW. The DHCP server uses Option 148 to provide the cloud management platform's IP address and port number to the FW.

In the case of agilemanage-mode=ip, agilemanage-domain is set to the IP address of the cloud management platform.

In the case of agilemanage-mode=domain, agilemanage-domain is set to the domain name of the cloud management platform.

Figure 2 shows the process for the FW to connect to the cloud management platform and to be incorporated into the management of the platform.

Figure 2 Process for the FW to connect to the cloud management platform and to be incorporated into the management of the platform

The FW obtains the cloud management platform's IP address from the DHCP server.
1. After a connection is set up between the FW and the DHCP server, the FW automatically sends a DHCP channel setup request to the DHCP server.
  In the case of no configuration, the FW starts in traditional mode. During the startup, the FW enables the DHCP client and DNS client functions on an interface in up state, adds the interface to a security zone, sets a security policy, and applies to the DHCP server for an IP address.
2. The DHCP server returns the request result to the FW.
  The DHCP server returns an IP address to the FW through a DHCP packet and provides the IP address and port number of the cloud management platform to the FW via a given DHCP option.
  
  FW
  
  After the FW successfully parses the domain name and port of the cloud management platform, it automatically switches the running mode to the cloud management mode and restarts.
  
  During the switchover to cloud management mode, the FW is restarted once, which is normal.
  
  If the FW fails to parse, the system does not switch the cloud management mode and starts in the traditional mode. After the system starts, the DHCP client function enabled for the upstream interface will be disabled, and the bindings between interfaces and security zones will be canceled, and the default security policy will be restored.
Connect the FW to the cloud management platform and incorporate it into the management of the platform.
1. The FW sends a NETCONF channel connection request to the cloud management platform.
  The connection request carries the device certificate of the FW for the cloud management platform to authenticate the FW.
2. The cloud management platform returns a NETCONF channel connection response message to the FW.
  The established NETCONF channel transmits the subsequent query request and service configuration.
3. The FW and cloud management platform send Hello packets to each other to detect the connection status of the NETCONF channel.
4. The cloud management platform sends a device information query request towards the FW.
5. The FW returns its device information to the cloud management platform.
6. The cloud management platform delivers the service configuration to the FW based on the device information acquired in the preceding step.
7. The FW returns the configuration result to the cloud management platform.

The cloud management platform can properly deliver the service configuration to the FW, indicating that the FW has been incorporated into the management of the cloud management platform. The FW incorporated into the cloud management platform proactively reports NETCONF Notification alarms to the cloud management platform. For alarm details, see NETCONF API Development Guide.