13.3.4. Procedure – Configuring recovery connections
Configure a recovery connection in the following cases:
Connecting a new machine (firewall node) to the ZMS without bootstrapping (to set up the initial connection between ZMS and the Zorp firewall).
Reconnecting an existing host in case the connection is lost (for example, the used certificate is expired) and the communication cannot be started by using the window.
Installing a new firewall machine to replace a previous one and configuring it based on ZMS data.
The authentication in this case is done using a One-Time-Password (OTP) instead of certificates. After successful authentication, the ZMS receives the configuration data of the agent together with the necessary PKI information (certificate, key and CRL). All further authentication procedures will use this data. After the agent is restarted, the ZMS initiates the reconnection. The administration can be done as normal afterwards.
| Note |
|---|
The agent needs to be in OTP mode to be able to receive the connection. |
| Note |
|---|
Passive host temporarily changes to active mode as the agent runs in recovery mode. If the host is behind SNAT without the corresponding DNAT then the recovery will fail. |
Login to the Zorp host that you want to reconnect to ZMS.
Reconfigure the zms-transfer-agent with the following terminal command:dpkg-reconfigure zms-transfer-agent-dynamic
Enter a One-Time-Password (OTP) that the host will use to connect to ZMS into the window displayed. Enter a password, and store it temporarily for later use.
Login to your Zorp Management Server using ZMC.
Select the host that needs the recovery connection in ZMC, and click .
Enter the same One-Time-Password (OTP) set during the installation on the host.
Test the connection, for example, stop and start the communication on the window or check the system statistics of the component.
Published on May 30, 2024
© BalaSys IT Ltd.
Send your comments to support@balasys.hu
