Using the Identity Router Setup Console, you can verify the current network settings and configure additional settings to allow the identity router to communicate with the Cloud Administration Console and the Cloud Authentication Service. These settings are unique to each identity router.

Note: This task does not apply to the identity router embedded in Authentication Manager.

1. Open a web browser and do one of the following:

   • For Amazon cloud-based identity routers, go to https://<identityrouterIP>:9786/setup.jsp, where <identityrouterIP> is the private IP address of the identity router.

   • For VMware and Hyper-V identity routers, go to one of the following:

     • https://<identityrouterIP>/setup.jsp (for two network interfaces)
     • https://<identityrouterIP>:9786/setup.jsp (for one network interface)

     where <identityrouterIP> is the IP address of the identity router management interface.
     
     See your Quick Setup Guide for the identity router IP address.

2. Sign into the Identity Router Setup Console. If this is your first time signing into the setup console for this identity router, see Change the Identity Router Administrator Password Using the Identity Router Setup Console.

3. (Optional) To verify the management interface network settings for on-premises identity routers, do the following. See your Quick Setup Guide for the management interface values for this identity router.

   Note: Management interface settings are not available for identity routers in the Amazon cloud.

   1. In the Management IP Address field, verify the IP address of the identity router management interface. The identity router communicates with DNS servers, identity sources, authentication sources, and RADIUS clients using this address.

   2. In the Management Netmask field, verify the subnet mask for this network.

   3. In the Management Gateway IP Address field, verify the default gateway (router) for this subnet.

4. If your identity router has two network interfaces, you need to verify the portal interface settings for on-premises identity routers. See your Quick Setup Guide for the portal interface values for this identity router.

   Note: Portal interface settings are not available for identity routers with one network interface.

   1. In the Portal IP Address field, verify the IP address of the identity router portal interface. The identity router communicates with users, web applications, and the Cloud Authentication Service, and hosts the application portal using this address. The portal IP address can be on the same subnet or a different subnet than the management IP.

   2. In the Portal Net Mask field, verify the subnet mask for this network.

   3. In the Portal Gateway IP Address field, verify the gateway IP address for this subnet.

5. (Optional) Configure additional Domain Name System (DNS) servers if specified in the DNS Server information of your Quick Setup Guide.
   

   Note: The DNS server settings on this page do not apply for identity routers in the Amazon cloud. Edit the DHCP option set in your AWS environment if you need to add DNS servers for an Amazon cloud-based identity router.

   For each additional DNS server specified, click Add DNS Record and do one of the following.
   To add another DNS server to use for all requests (for redundancy):

   1. Leave the Domain field blank.

   2. In the IP field, enter the IP address of the DNS server for the identity router.

   To add a DNS server to resolve hostnames within a specific domain:

   1. In the Domain field, enter the name of the domain for which this DNS server will resolve hostnames.

   2. In the IP field, enter the IP address of the DNS server for the identity router.

6. In the NTP Server field, enter the Network Time Protocol (NTP) server hostname or IP address from your Quick Setup Guide. For identity routers in the Amazon cloud, the default is 169.254.169.123. For on-premises identity routers, the default is 0.pool.ntp.org.

7. (Optional) You can configure static routes for the identity router to use when accessing specific network resources. If the identity router is not yet registered, the static route you specify here will take effect after you save the settings, and will appear in the Cloud Administration Console. If you change the static route using the Cloud Administration Console, then publish, those changes will overwrite the static routes specified in the Identity Router Setup Console. Use the Identity Router Setup Console only before registration or when the identity router cannot communicate with the Cloud Administration Console.

   Note: Static route configuration is not available for identity routers in the Amazon cloud. Configure route tables in your AWS environment to direct traffic from internal and external network resources through the appropriate gateway in your VPC.

   1. Click Add Static Route.

   2. In the IP field, enter the IP address of the network resource that requires a static route.

   3. In the Network Mask field, enter the subnet mask for the static route.

   4. In the Gateway field, enter the gateway address for the static route.

   5. In the Device field, eth0 is the default to designate the static route for connections using the management interface. Select eth1 to designate it for the portal interface.

8. (Optional) In the Identity Router HostName field, enter the Identity Router FQDN value for this identity router from your Quick Setup Guide. For on-premises identity routers, use the portal interface FQDN. If the identity router has one network interface, use the management interface FQDN
   The hostname must be within the protected domain for your network environment, and must be configured in your DNS server to point to the identity router IP address.

   If you do not enter a hostname, the Identity Router Setup Console automatically populates this field with the appropriate value when you connect the identity router to the Cloud Administration Console.

   Note: If you change the Identity Router HostName, and you have configured a connection to Authentication Manager, you must reestablish the connection between the Cloud Authentication Service and Authentication Manager.

9. Click Update IDR Setup Configuration.