13.3.4. Procedure – Configuring recovery connections

You have to configure a recovery connection in the following cases:

  • Connecting a new machine (firewall node) to the MS without bootstrapping (to set up the initial connection between MS and the PNS firewall).

  • Installing a new firewall machine to replace a previous one and configuring it based on MS data.

The authentication in this case is done using a One-Time-Password (OTP) instead of certificates. After successful authentication, the MS receives the configuration data of the agent together with the necessary PKI information (certificate, key and CRL). All further authentication procedures will use this data. After the agent is restarted, the MS initiates the reconnection. The administration can be done as normal afterwards.

Note

The agent needs to be in OTP mode to be able to receive the connection.

  1. Login to the PNS host that you want to reconnect to MS.

  2. Reconfigure the zms-transfer-agent with the following terminal command:dpkg-reconfigure zms-transfer-agent-dynamic

  3. Enter a One-Time-Password (OTP) that the host will use to connect to MS into the window displayed. Enter a password, and store it temporarily for later use.

  4. Login to your Management Server using MC.

  5. Starting a recovery connection

    Figure 13.22. Starting a recovery connection

    Select the host that needs the recovery connection in MC, and click Recovery connection.

  6. Entering the one-time-password

    Figure 13.23. Entering the one-time-password

    Enter the same One-Time-Password (OTP) that you set during the installation on the host.

  7. Upload and reload the configuration of every component of the host.