Chapter 10. Local firewall administration

Zorp, in cooperation with the ZMS and ZMC software components, is designed to be fully configurable from the graphical user interface of ZMC. Though this graphical administration is definitely the preferred method of management, it is possible to manually accomplish all the management and configuration tasks using a simple, character–based terminal console connection. In addition, the console–based administration provides some useful tools for troubleshooting scenarios that are not available through ZMC.

Local firewall administration, in this sense, does not necessarily refer to administration that takes place physically at the firewall machine using its local console and keyboard, but it also refers to setups where the character terminal of the firewall is reached through a secure network connection using SSH. The described administration is local in the sense that the configuration files are directly manipulated on the firewall machine, and not through the ZMS database.

Note

ZMS reads the configuration files of the firewall host only once, when it is bootstrapped. For details, see Chapter 4, Registering new hosts. After that, configuration changes are only downloaded to the host with the help of the transfer agent and are not parsed again by ZMS. Therefore, if you make local changes to a configuration file which is otherwise managed by ZMS, your configuration changes are overwritten when you next issue an Upload command from ZMS.

Configuration files that are not managed by ZMS, for example custom installed services on the firewall for which you do not define a Text Editor plugin, are not affected by this rule.