2.1.3. Transfer Agent

Technically, ZMS does not communicate directly with the Zorp host: all communication is done through the Zorp Transfer Agent application, which is responsible for transporting configuration files to the managed hosts, running ZMS-initiated commands, and reporting the firewall configuration and other related information to ZMS. The Zorp Transfer Agent is automatically installed on every Zorp host. The communication is secured using Secure Socket Layer (SSL) encryption. The communicating hosts authenticate each other using certificates. For more information, see Section 13.1.1.5, Configuring authentication settings in ZMS.

Communication between the agents and ZMS uses TCP port 1311. If Zorp and ZMS are installed on the same host, the communication between the transfer agent and the ZMS server uses UNIX domain sockets.

Warning

Agent connections must be enabled on every managed host, otherwise ZMS cannot control the hosts. For details, see Appendix A, Packet Filtering.

By default, the ZMS host initiates the communication channel to the agents, but the agents can also be configured to start the communication, if required.