1. On your ControlCenter server,
   • Go to the Downloads folder
     • select and open the uagdeploy folder
       • observe the contents    
2. In the uagdeploy folder
   • select the uag2-advanced.ini,
     • Copy and Paste so that you have a backup of the original file
3. In the uagdeploy folder
   • select uag2-advanced
     • right-click
       • In the Menu
         • select Edit with Notepad++

4. In the NotePad++ application
   • next to name
     • change to UAG-WS1
   • Next to source change

source=\\horizon-01a\Software\UAG\2412\euc-unified-access-gateway-24.12.0.0-12815712361_OVF10.ova

• Next to target change it to:

target=vi://[email protected]:[email protected]/Region01A/host/Bangalore/esxi-01a.techseals.co

5. Scroll down in your NotePad++ window
   • Next to ds=Local Disk 1
     • change to ds=CorpLun-01b
   • Next to #diskMode=thin
     • remove the #
       • change to diskMode=thin
   • Change the following network settings to:
     • netInternet=CorpDMZ01
     • netManagementNetwork=CorpDMZ01
     • netBackendNetwork=CorpDMZ01
     • defaultGateway=172.16.20.1
     • deploymentOption=onenic (default)
     • ip0=172.16.20.10
     • netmask0=255.255.255.0
     • routes0=172.16.20.0/24 172.16.20.1

6. Scroll Down
   • Locate the entry "dns=192.168.0.10"
   • Edit this entry to

 dns=192.168.110.10

7. Under [SSLCert]
   • change pfxCerts=sslcerts.pfx to

pfxCerts=C:\certificates\wildcard_2025.pfx

8. In the [SSLCertAdmin] section ,
   • change pfxCerts=sslcerts.pfx to

 pfxCerts=C:\certificates\wildcard_2025.pfx

9. In your Notepad++ window
   • Menu Bar
     • SAVE THE .ini File

10. On your ControlCenter server ,
    • Launch the Windows powershell shortcut from the Start Menu

11. We will set the script execution is set to unrestricted.
    • Execute the following command.

 Set-ExecutionPolicy -scope currentuser unrestricted

When Prompted select Y

12. Within the powershell interface
    • type the following command

 cd .\Downloads\uagdeploy

13. Execute the following command

.\uagdeploy.ps1 -iniFile uag2-advanced.ini

• When you get a security warning type: R
• When you get a second security warning type: R
• When prompted to enter a root password for UAG-WS1,
  • type:- Pa$$w0rd
  • when prompted to confirm type Pa$$w0rd

14. When prompted to
    • Enter an optional admin password for the RESP API management access for UAG:
      • enter Pa$$w0rd
    • When prompted to Re-Enter an optional admin password :
      • enter Pa$$w0rd
    • When prompted whether or not to join the customer experience program
      • enter Yes
    • Enter the password for the specified [SSLcert] PFX certificate file wildcard_2025.pfx:
      • enter Pa$$w0rd
    • Enter the password for the specified [SSLcertAdmin] PFX certificate file wildcard_2025.pfx:
      • enter Pa$$w0rd

15. Below Fingerprint will be added to the known host file
    • enter yes

16. When prompted the password for [email protected]
    • enter Pa$$w0rd
    • Your virtual Appliance deployment will now start , it will take between 5 - 10min to deploy. Proceed to step 8

17. Review the deployment once the setup has completed

18. On your ControlCenter server
    • On your Chrome Browser
      • open a new Tab
        • from the Bookmarks Bar
          • select the UAG  bookmark (this should resolve to uag-ws1.techseals.co)
      • login to your UAG server by entering the following
        • Admin Username : admin
        • Admin Password: Pa$$w0rd
          • select SIGN IN

19. On your UAG Admin Console
    • under Configure Manually
      • click the SELECT button

1. Log in to the ControlCenter VM.
   • User name: administrator
   • Password: Pa$$w0rd
2. If the Workspace ONE UEM console is logged out due to inactivity, sign in to the Workspace ONE UEM administration console.
3. Log in to Workspace ONE UEM.
   • User name: studentadmin{labid}
   • Password: Pa$$w0rd
4. In the navigation pane on the left, select Email > Email Settings > Configuration.
5. Click Configure.
   • The Add Email Configuration wizard appears.
6. Configure the settings on the Platform page.
7. Next to Deployment Model, verify that Proxy is selected.
8. From the Email Type drop-down menu, verify that Exchange is selected.
9. From the Exchange version drop-down menu, select Exchange Office 365.
10. Click Next.
11. Configure the settings on the Deployment page.
12. Enter Techseals SEG in the Friendly Name text box.
13. Enter https://seg.techseals.co:443 in the External URL and Port text box.
    • The URL resolves to https://seg.techseals.co:443/segconsole/management.ashx automatically.
14. Enter 443 in the Listener Port text box.
15. Next to terminate SSL on SEG, verify that Enable is selected.
16. Next to SEG Server SSL Certificate, click Upload Locally. (This means the certificate will be uploaded to the UAG)

17. Under Email Server Settings, enter https://mail.office365.com:443 in the Email Server URL and Port text box.
18. Under Security Settings and Cluster Settings, verify that Disable is selected for all settings.
19. Click Next.
20. On the Profiles page, click Next.
    • You skip creating Exchange ActiveSync profiles for now.
21. On the Summary page, click Finish.
    • The details for the Secure Email Gateway appear on the Email Configuration page.
22. Copy the value next to MEM Config GUID.
23. From the ControlCenter Windows Start menu, open Notepad++ and paste the MEM Config GUID value into a new note.
24. Open Chrome and open a new tab.
25. On the bookmarks bar, click UAG.
26. If necessary, log in to the Unified Access Gateway administration console.
    • User name: admin
    • Password: Pa$$w0rd
27. Under Configure Manually, click Select.
28. Turn on the Edge Service Settings toggle to display the available edge services.
29. Click the settings icon next to Secure Email Gateway Settings. The Secure Email Gateway Settings dialog box appears.

1. Turn on the Enable Secure Email Gateway Settings toggle to enable the Secure Email Gateway edge service.
2. Configure the settings for the Secure Email Gateway edge service.
3. Enter https://as1605.awmdm.com in the API Server URL text box.
4. Enter studentadmin{labid} in the API Server Username text box.
5. Enter Pa$$w0rd in the API Server Password text box.
6. Enter seg.techseals.co in the Secure Email Gateway Hostname text box. You do not include https:// in this entry.
7. Open Notepad++ and copy the MEM Config GUID value that you pasted in an earlier step.
8. Return to the Unified Access Gateway console.
9. In the MEM Config GUID text box, paste the MEM Config GUID value that you copied from Notepad++.
10. Turn on the Add SSL Certificate toggle.
11. Next to SSL Certificate, click Select.
    • and select the wildcard_2025.pfx from C:\certificate  .
12. Click Open.
13. Enter Pa$$w0rd in the Password text box.
14. Leave the Alias text box blank.
15. Click Save.
16. After saving, the Secure Email Gateway edge service might take up to 5 minutes to activate.

1. Return to the Workspace ONE UEM administration console in Chrome.
2. If prompted, log in to Workspace ONE UEM.
   • User name: studentadmin{labid}
   • Password: Pa$$w0rd
3. In the navigation pane on the left, select Groups & Settings > All Settings > System > Enterprise Integration > Omnissa Tunnel.
   • The New Tunnel Configuration wizard appears.
4. Click NEW. Configure the settings under Deployment Details.
   • Next to Deployment Type, click Basic.
   • Enter Tunnel for the name
   • Enter tunnel.techseals.co in the Hostname text box.
   • Enter 2020 in the Port text box.
5. Leave the default values for the other settings and click Save. The Tunnel Configuration page appears.
6. Return to the Unified Access Gateway administration console in Chrome.
   1. If the Unified Access Gateway console was closed at any point, open a new tab in Chrome and click UAG on the bookmarks bar.
7. If prompted, log in to Unified Access Gateway.
   • User name: admin
   • Password: Pa$$w0rd
8. Under Configure Manually, click Select.
9. Turn on the Edge Service Settings toggle to display the available edge services.
10. Click the settings icon next to Tunnel Settings. The settings icon resembles a gear.
11. Turn on the Enable or disable Tunnel Settings toggle to enable the Tunnel edge service.
12. Configure the Omnissa Tunnel edge service settings.

13. Click Save.

After saving, the Omnissa Tunnel edge service might take up to 5 minutes to activate.

1. Return to the Workspace ONE UEM administration console in Chrome.
2. If prompted, log in to Workspace ONE UEM.
   • User name: studentadmin{labid}
   • Password: Pa$$w0rd
3. In the navigation pane on the left, select Groups & Settings > All Settings > System > Enterprise Integration > Content Gateway.
4. Next to Current Setting, click Override.
5. Next to Enable the Content Gateway, click Enabled.
6. Click Save.
7. Enter 1234 as your administrator security PIN.
8. Click Add.

9. Configure the settings on the Content Gateway Configuration page.

10. Click Save.
    • The Content Gateway configuration now appears on the Content Gateway page of the Settings dialog box.
11. Scroll to the right and copy the Content Gateway Configuration GUID value for the new Content Gateway.
12. From the ControlCenter Start menu, open Notepad++ and paste the Content Gateway Configuration GUID value to a new note.
13. Return to the Unified Access Gateway administration console in Chrome.
    1. If the Unified Access Gateway console was closed at any point, open a new tab in Chrome and click UAG on the bookmarks bar.
14. If prompted, log in to Unified Access Gateway.
    • User name: admin
    • Password: Pa$$w0rd
15. Under Configure Manually, click Select.
16. Turn on the Edge Service Settings toggle to display the available edge services.
17. Click the settings icon next to Content Gateway Settings. The settings icon resembles a gear.
18. Turn on the Enable or disable Content Gateway Settings toggle to enable the Workspace ONE Content Gateway edge service.
19. Configure the Content Gateway edge service settings.

20. Click Save.

After saving, the Content Gateway edge service might take up to 5 minutes to activate.