Do you want an overview of our solutions, customer cases and contact details?

Skip to end of metadata
Go to start of metadata

This instruction describes how to deploy Nexus Hybrid Access Gateway and how to do initial setup. 

Hybrid Access Gateway console

Expand/Collapse All



To see the deployment requirements for Hybrid Access Gateway, go here.

Deploy Hybrid Access Gateway

 Download appliance files
  1. Go to the Nexus Support portal. Find Nexus Hybrid Access Gateway and the latest release.

  2. Open the appliance folder. 

  3. For Hyper-V, download:

    • appliance file:

    • digest file: access-gateway-digests.txt 

  4. For VMware, Virtual Box or other virtualization platforms, download:

    • appliance file: access-gateway.ova

    • digest file: access-gateway-digests.txt

 Verify checksum
  1. In the command-line interface, navigate to the search path where the files are stored.

  2. Verify the checksum for the .zip file or the .ova file with the shasum command:

    $ shasum access-gateway.ova 
    bdc2a093caef0c0589325d6f509c1b19de1e36d7 access-gateway.ova

  3. Compare the result with the digest file with the grep command.

    $ grep bdc2a093caef0c0589325d6f509c1b19de1e36d7 access-gateway-digests.txt 
    bdc2a093caef0c0589325d6f509c1b19de1e36d7   access-gateway.ova 
  4. If you are on a Windows machine, you can also check the digest using PowerShell, with the Get-FileHash command:

    PowerShell example
    PS> Get-FileHash -Algorithm SHA1 .\access-gateway.ova 
    Algorithm   Hash                                       Path
    ---------   ----                                       ----
    SHA1        bdc2a093caef0c0589325d6f509c1b19de1e36d7   C:\Users\joachim.kessel\
 Deploy appliance file
  1. In the virtualization platform, import the appliance file.
  2. Check the network settings, and modify them if needed.
  3. Start the appliance, it boots. 

Troubleshooting: If appliance does not start

To start the virtual appliance on your personal computer, virtualization must be enabled in your BIOS. If the appliance fails to start, please check your virtualization settings in your BIOS: 

  1. Restart your computer. Press the required key(s) to enter the BIOS settings (see your screen at startup).
  2. Go to Security > Virtualization. Set Intel/AMD Virtualization Technology to Enabled.
  3. Save and Exit.
 Log in to console menu and set initial password
  1. Log in with the agadmin user. Since this is the first time you log in, you must set the password:

    Example: Log in with agadmin user

    ag-appliance login: agadmin
    You are required to change your password immediately (root enforced)

    Enter new UNIX password:
    Retype new UNIX password:

    The license agreement is shown.

  2. Press any key to continue. The console menu opens.

Do initial setup

 Do basic settings

The first time you log in you need to do some basic settings, for example set network parameters for the network adapter, and time settings.

  1. In the console menu, choose Setup system > Modify interfaces > [select adapter] 
  2. Either use DHCP or set up the IP address, netmask and default gateway manually:
    1. modify IP
    2. Enter the IP address, received from the IT department. Return.
    3. Check the netmask and default gateway. Modify if needed.
    4. Save
  3. Optional: Modify hostname.
  4. Modify DNS, received from the IT department.
  5. Return to main menu.
 Set up Network Time Protocol (NTP)

To use SAML federations or time-based one-time passwords (OTPs), it is required to set up a Network Time Protocol (NTP):

  1. In the console menu, choose Setup system > Setup NTP
  2. Enter a valid NTP address that is reachable by Hybrid Access Gateway, for example Confirm with Enter.
    Hybrid Access Gateway tries to connect to the NTP server and takes over time settings.
  3. Return to the main menu.
 Open administration interface
  1. In a web browser: Enter HAG with the ip address set up earlier and port number 8443:


  2. Since a built-in, self-generated certificate is used, you get an error message the first time you enter Hybrid Access Gateway: Your connection is not secure. Add a security exception to avoid it:
    In the browser, click Advanced > Add exception > Confirm Security Exception
    Until next time, replace the self-generated certificate with a proper one.
  3. In Administration interface, click Log on.
  4. You enter the Setup System Wizard. Choose the built-in demo license or upload a proper license received from Nexus.
  5. In Setup Access Gateway, set the root username and password for the administration interface.
    username: agadmin, different password


    Store this information in a secure place.

  6. Click Next, and then Finish Wizard.

The settings made during the wizard can be updated later.

 Log in and publish
  1. Log in to the Hybrid Access Gateway administration interface with the user name and password entered in the wizard.
  2. Click Publish and the initial setup is done.

Video tutorial

How to deploy Hybrid Access Gateway:

Related information