3.2. Procedure – Installing Zorp on a Ubuntu server
Purpose:
If you want to install Zorp on an existing Ubuntu server, complete the following steps.
Prerequisites:
An already installed Ubuntu 18.04 LTS server. Install only services and applications that you absolutely need. For details on installing Ubuntu Server, see Procedure 3.1, Installing Ubuntu Server.
Ensure that you have a working Balasys Support System registration and that have downloaded the required Zorp license files.
Steps:
Login to the host as root from a local console or using SSH.
Update your system and upgrade the Zorp-related packages. This is important, because there might be newer packages available. To update your system, enter the following commands:
sudo apt update sudo apt dist-upgrade
Note that during this step, some packages may be downgraded. This is normal.
Create the following mount point for the Zorp install medium:
sudo mkdir -p /media/cdrom
Mount the Zorp install medium to the previous mount point.
sudo mount /dev/cdrom /media/cdrom -o ro
To allow checking of Zorp package signatures by APT, install the Balasys GPG keys:
sudo /media/cdrom/install-balasys-archive-key.sh
Add Zorp package repositories to APT's list of available sources.
sudo apt-cdrom add
Install the Zorp components that you want to use on the host. Issue the following command: sudo apt-get install <Zorp-components-to-install>, where replace the
<Zorp-components-to-install>
part of the command with the package names of the Zorp components that you want to use on the host. The following packages are available:zorpproduct-zorp
: zorpproduct-zms
: zorpproduct-zas
: zorpproduct-zcv
:
Zorp Management Server (ZMS) and its corresponding packages. ZMS — depending on its product license — can be installed on the Zorp firewall host or on a separate machine.(Package name:
: Thezorpproduct-zms
)zorpproduct-zorp
)Zorp URL filter: The package is required for the url filter. (package name:
zorpproduct-urlfilter
.Zorp Authentication Server (ZAS) enables the authentication of network traffic on the user level at the firewall using password, CryptoCard, S/key, or X.509 methods. Integrating with existing Microsoft Active Directory, LDAP, PAM, and Radius databases is also supported. The module can be installed either together with the Zorp and ZMS modules or separately at a later date. (Package name:
: Thezorpproduct-zas
)Zorp Content Vectoring System (ZCV) is a framework and a uniform interface to manage various built-in and third party content vectoring modules (that is, virus and spam filtering engines). The content vectoring modules to be installed (in addition to the ZCV framework) can be selected from the following list. (Package name:
: Thezorpproduct-zcv
)Warning The ZCV framework and the content vectoring modules must be installed on the same host.
: This module contains the libraries and virus signature databases needed for using the ClamAV antivirus engine. (Package name:zorpproduct-clamav
)zorpproduct-nod32
)zorpproduct-spamassassin
)
: This module contains the libraries needed for using ModSecurity web application firewall (WAF) engine. (Package name:zorpproduct-modsecurity
)
For further information on the different modules, see the Chapter 14, Virus and content filtering using ZCV in Zorp Professional 7 Administrator Guide.
Below are some guidelines about which modules should be installed on the different types of machines.
When installing a single firewall (or a node of a cluster) that will be managed from a separate ZMS host, select only the component.
The third-party modules that can be used by ZCV must be licensed separately from Zorp. Select them only if you have a valid license for them, and only when you are installing the host that will run ZCV.
When installing a ZMS host that will manage one or more Zorp firewalls, but the machine itself will not be used as a firewall, select the (ZMS) component.
If you will use a single host as the firewall and ZMS, select the and the components. Also select and its required modules, and the component if you have purchased licenses for them.
ZAS) is an optional, central authentication service that can be installed on a Zorp machine. If you have license for ZAS select it together with the component. This service must be licensed separately.
(
Note The Zorp hosts. Their installation is discussed in Chapter 5, Installing the Zorp Management Console and Chapter 6, Installing the Zorp Authentication Agent (ZAA), respectively.
and the (also called Satyr) applications are client–side components that cannot be installed onAfter choosing the modules to install, select
.Note When you continue the installation, some steps may not appear for you, depending on the components you have selected to install.
Umount the Zorp install medium from the file system.
sudo umount /dev/cdrom
Configure network interface bootstrap by ZMS.
Reboot the system:
sudo reboot
Repeat this procedure to install other hosts if needed for your environment.
If you have installed a Zorp Management Server (ZMS), install the Zorp Management Console (ZMC) application on the deskop of your Zorp administrators. For details, see Chapter 5, Installing the Zorp Management Console.
Published on May 30, 2024
© BalaSys IT Ltd.
Send your comments to support@balasys.hu