Add a Device

Before you can manage and monitor your devices, you must add them to
Management Center
. Devices that can be added to and managed by Management Center include the following.
Device
Go To...
Advanced Secure Gateway
ProxySG
appliance
Content Analysis
Malware Analysis
PacketShaper
Reporter
Security Analytics
SSL Visibility
Web Security Service
Configure how often devices are polled. See Set the Device Polling Interval.
About Public Key or Credential Authentication for
ProxySG
or Advanced Secure Gateway
When adding a device, you must specify how
Management Center
will connect to it. Management Center can connect to a device using the following methods:
  • Credential authentication
    :
    Management Center
    uses the device's credentials to connect. Credential authentication is considered less secure because the device's credentials are stored in
    Management Center
    . Therefore, it is recommended that you use public key authentication.
    Management Center
    always uses credential authentication when importing devices from Director.
  • Public key authentication
    :
    Management Center
    inserts a copy of its public key onto the device. The device then "trusts"
    Management Center
    connections. This authentication method is considered more secure because device credentials are not stored on
    Management Center
    .
    Management Center
    does not remove its public key from devices that are deleted and no longer managed. You can manually delete the key using the following CLI command on the
    ProxySG
    or Advanced Secure Gateway:
    # (config ssh-console)
    delete director-client-key
    key-id
About Host Key Validation
Host key validation is a feature of the SSH protocol. It is designed to prevent devices from impersonating legitimate servers in an attempt to steal credentials and data (man-in-the-middle attack). To prevent this, each device has a unique host key that can be used to establish a host's identity. If a device supports it,
Symantec
recommends that you enable host key validation because the method can warn you of a man-in-the-middle attack. In that case,
Management Center
notes that host verification failed and prompts you to verify the SSH host fingerprint.
You can verify the host fingerprint using one of the following methods:
  • Enter the following command from a terminal that has a trusted network path to the device:
    #
    ssh keygen-lf <(ssh-keyscan
    device_ip
    2>/dev/null)
    The system displays the host key.
  • Do the following from the device's serial connection:
    1. Enter the following command:
      #
      (config ssh-console) view host-public-key sshv2
    2. Copy the output to a file, for example,
      /tmp/hostkey
      .
    3. Enter the following command from a system running OpenSSH 7.2:
      #
      ssh-keygen -l -e sha256 -f
      /tmp/hostkey
      The system displays the host key.
Add a
ProxySG
or Advanced Secure Gateway using Credential Authentication
  1. Select the
    Network
    tab.
  2. (Optional) Browse to the hierarchy and folders/subfolders where you want to add the device.
  3. Click
    Add Device
    . The system displays the
    Add Device
    wizard.
  4. Select the device type.
  5. Specify the
    Modes
    :
  6. In
    Connection
    , click
    Credentials
    . Set the following:
  7. Click
    Connect
    .
    Management Center
    attempts to connect to the device using the information you entered.
  8. If you enabled host key validation, verify the SSH Host Fingerprint and click
    Accept
    .
  9. Management Center
    attempts to connect to the appliance. If the connection is established, the system displays
    Successful
    .
    If the connection test fails, you receive an error. Make sure that the information you entered is correct and try again. If the connection test succeeds, you receive a success message.
  10. Verify or change the
    Device Name
  11. Optional—Input any applicable attributes. See Add Attributes.
  12. Click
    Save
    .
The Network tab displays the device and the web console displays an alert indicating that the device was added and activated.
Add a
ProxySG
or Advanced Secure Gateway using Public Key Authentication
  1. Select the
    Network
    tab.
  2. (Optional) Browse to the hierarchy and folders/subfolders where you want to add the device.
  3. Click
    Add Device
    . The system displays the
    Add Device
    wizard.
  4. Select the device type.
  5. Specify the
    Modes
    :
  6. In
    Connection
    , click
    Public Key
    . Set the following:
  7. Click
    Connect
    .
    Management Center
    attempts to connect to the device using the information you entered.
  8. If you enabled host key validation, verify the SSH Host Fingerprint and click
    Accept
    .
  9. Enter the username and password you use to authenticate to the device. You must do this so that
    Management Center
    can install its public key onto the
    ProxySG
    appliance. The credentials are not saved.
    Management Center
    attempts to connect to the appliance. If the connection is established, the system displays
    Successful
    .
    If the connection test fails, you receive an error. Make sure that the information you entered is correct and try again. If the connection test succeeds, you receive a success message.
  10. Verify or change the
    Device Name
  11. Optional—Input any applicable attributes. See Add Attributes.
  12. Click
    Save
    .
The Network tab displays the device and the web console displays an alert indicating that the device was added and activated.
Add a Reporter
Symantec
recommends that you create a new non-administrator Reporter role before adding Reporter to
Management Center
. If you choose to add a Reporter using the default Admin role, you must specify the role as "
_admin
.”
  1. Select the
    Network
    tab.
  2. (Optional) Browse to the hierarchy and folders/subfolders where you want to add the device.
  3. Click
    Add Device
    . The system displays the
    Add Device
    wizard.
  4. Select the device type.
  5. Specify the
    Modes
    :
  6. In
    Connection
    , specify the following:
  7. Click
    Connect
    .
    Management Center
    attempts to connect to the device using the information you entered.
    Management Center
    attempts to connect to the appliance. If the connection is established, the system displays
    Successful
    .
    If the connection test fails, you receive an error. Make sure that the information you entered is correct and try again. If the connection test succeeds, you receive a success message.
  8. Optional—Verify or change the
    Device Name
    .
  9. Optional—Input any applicable attributes. See Add Attributes.
  10. Click
    Save
    .
The Network tab displays the device and the web console displays an alert indicating that the device was added and activated.
Add a Content Analysis, Malware Analysis, PacketShaper, or SSL Visibility
If you upgrade an SSL Visibility appliance from 3.x to 4.x, you must delete the 3.x device from
Management Center
and then add it back as a 4.x device.
  1. Select the
    Network
    tab.
  2. (Optional) Browse to the hierarchy and folders/subfolders where you want to add the device.
  3. Click
    Add Device
    . The system displays the
    Add Device
    wizard.
  4. Select the device type.
  5. For SSL Visibility only, select the version
    3.8.3+
    or
    4+
    .
  6. Specify the
    Modes
    :
    • Select
      Existing device
      if the device is already installed, or
      Unavailable
      (pre-deployment) if the device is not available yet. See About Pre-deployed and Deactivated Devices for information on pre-deployment devices.
    • Select
      Read/Write
      or
      Read Only
      .
    • Specify whether to monitor the health of the device. See Put Device in Read-Only Mode for more information.
  7. In
    Connection
    , specify the following:
  8. Click
    Connect
    .
    Management Center
    attempts to connect to the device using the information you entered.
    Management Center
    attempts to connect to the appliance. If the connection is established, the system displays
    Successful
    .
    If the connection test fails, you receive an error. Make sure that the information you entered is correct and try again. If the connection test succeeds, you receive a success message.
  9. Verify or change the
    Device Name
  10. Optional—Input any applicable attributes. See Add Attributes.
  11. Click
    Save
    .
The Network tab displays the device and the web console displays an alert indicating that the device was added and activated.
Add a Security Analytics
  1. Select the
    Network
    tab.
  2. (Optional) Browse to the hierarchy and folders/subfolders where you want to add the device.
  3. Click
    Add Device
    . The system displays the
    Add Device
    wizard.
  4. Select
    Security Analytics
    .
  5. Specify the
    Device Management Modes
    :
    • Select
      Existing device
      if the device is already installed, or
      Unavailable
      (pre-deployment) if the device is not available yet. See About Pre-deployed and Deactivated Devices for information on pre-deployment devices.
    • Select
      Read/Write
      or
      Read Only
      .
    • Specify whether to monitor the health of the device. See Put Device in Read-Only Mode for more information.
  6. In
    Connection Details
    , specify the following:
  7. Click
    Connect
    .
    Management Center
    attempts to connect to the device using the information you entered.
    Management Center
    attempts to connect to the appliance. If the connection is established, the system displays
    Successful
    .
    If the connection test fails, you receive an error. Make sure that the information you entered is correct and try again. If the connection test succeeds, you receive a success message.
  8. Verify or change the
    Device Name
  9. Optional—Input any applicable attributes. See Add Attributes.
  10. Click
    Save
    .
The Network tab displays the device and the web console displays an alert indicating that the device was added and activated.
Add Web Security Service (WSS)
To add a WSS, you must first create an integration token on the WSS portal. Then use that token to add the WSS to Management Center.
You use WSS with
Management Center
to create Universal Policy Enforcement (UPE) rules.
The following steps require that you have not yet set up and configured your WSS portal account. If you have already set up your portal account, contact Symantec support for assistance.
Step 1: Create WSS Integration Token
To create the token, do the following:
  1. To create the token, log into your WSS portal and enter
    Service
    mode. Select
    Account Maintenance > Integrations
    .
  2. Click
    New Integration
    . The portal displays the
    New Integration
    dialog.
  3. Select the
    Integration Type
    , depending on your solution. The portal displays the integration page per the device type.
    The exception is CASB Integration; selecting this type adds the drop-down to the Integrations page. From you here, you tenant the CloudSOC.
Refer to the WSS documentation for more information.
Step 2: Add WSS in Management Center
  1. Select the
    Network
    tab.
  2. (Optional) Browse to the hierarchy and folders/subfolders where you want to add the device.
  3. Select
    Add > Add Device
    . The system displays the
    Add Device
    wizard.
  4. Select
    Web Security Service
    .
  5. Specify the
    Modes
    :
    • Select
      Existing device
      if your WSS account is configured, or
      Unavailable
      (pre-deployment) if the service is not configured or is unreachable. See About Pre-deployed and Deactivated Devices for information on pre-deployment devices.
    • Select
      Read/Write
      or
      Read Only
      .
    • Specify whether to monitor the health of the device. See Put Device in Monitor-Only Mode for more information.
  6. In
    Connection
    , do the following:
    1. Select the
      Cloud Network
      to connect to, Production or Pre-Production.
      If you are participating in a beta program, click
      Analyze in Pre-Production
      .
    2. Click
      Connect
      .
  7. In the
    Registration Required
    field, enter the Integration Token you created in Step 1: Create WSS Integration Token and click
    Register
    .
    If the connection test fails, you receive an error. Make sure that the information you entered is correct and try again. If the connection test succeeds, you receive a success message.
  8. Verify or change the
    Device Name
    .
  9. Optional—Input any applicable attributes. See Add Attributes.
  10. Click
    Save
    .
If you use the Management Center failover feature and the primary fails, you must reconnect to the WSS on the secondary. Though WSS devices are propagated to the secondary, it will be viewed by the WSS instance as a different appliance requiring registration. To reconnect to the WSS, go to
Network >
device
> Edit > Connection Parameters
.
The Network tab displays the device and the web console displays an alert indicating that the device was added and activated.
Next Steps
What do you want to do next?
Refer to this topic
Ensure that all devices belong to a hierarchy and group.
Check information specific to the selected device.
Check device metrics.
Troubleshoot device connection