13.3.4. Procedure – Configuring recovery connections
You have to configure a recovery connection in the following cases:
Connecting a new machine (firewall node) to the MS without bootstrapping (to set up the initial connection between MS and the PNS firewall).
Installing a new firewall machine to replace a previous one and configuring it based on MS data.
The authentication in this case is done using a One-Time-Password (OTP) instead of certificates. After successful authentication, the MS receives the configuration data of the agent together with the necessary PKI information (certificate, key and CRL). All further authentication procedures will use this data. After the agent is restarted, the MS initiates the reconnection. The administration can be done as normal afterwards.
Note |
---|
The agent needs to be in OTP mode to be able to receive the connection. |
Login to the PNS host that you want to reconnect to MS.
Reconfigure the zms-transfer-agent with the following terminal command:dpkg-reconfigure zms-transfer-agent-dynamic
Enter a One-Time-Password (OTP) that the host will use to connect to MS into the window displayed. Enter a password, and store it temporarily for later use.
Login to your Management Server using MC.
Select the host that needs the recovery connection in MC, and click .
Enter the same One-Time-Password (OTP) that you set during the installation on the host.
Upload and reload the configuration of every component of the host.
Published on June 04, 2020
© 2007-2019 BalaSys
Send your comments to support@balasys.hu