3.2. Procedure – Installing Zorp on a Ubuntu server

Purpose: 

If you want to install Zorp on an existing Ubuntu server, complete the following steps.

Prerequisites: 

Steps: 

1. Login to the host as root from a local console or using SSH.

2. Update your system and upgrade the Zorp-related packages. This is important, because there might be newer packages available. To update your system, enter the following commands:

   sudo apt update
   sudo apt dist-upgrade

   Note that during this step, some packages may be downgraded. This is normal.

3. Create the following mount point for the Zorp install medium:

   sudo mkdir -p /media/cdrom

4. Mount the Zorp install medium to the previous mount point.

   sudo mount /dev/cdrom /media/cdrom -o ro

5. To allow checking of Zorp package signatures by APT, install the Balasys GPG keys:

   sudo /media/cdrom/install-balasys-archive-key.sh

6. Add Zorp package repositories to APT's list of available sources.

   sudo apt-cdrom add

7. Install the Zorp components that you want to use on the host. Issue the following command: sudo apt-get install <Zorp-components-to-install>, where replace the <Zorp-components-to-install> part of the command with the package names of the Zorp components that you want to use on the host. The following packages are available:

   • Zorp Pro Firewall: zorpproduct-zorp
   • Zorp Management Server (ZMS): zorpproduct-zms
   • Zorp Authentication Server (ZAS): zorpproduct-zas
   • Zorp Content Vectoring System (ZCV): zorpproduct-zcv

   • Zorp Management Server: The Zorp Management Server (ZMS) and its corresponding packages. ZMS — depending on its product license — can be installed on the Zorp firewall host or on a separate machine.(Package name: zorpproduct-zms)

   • Zorp Pro Firewall: The packages required for a firewall host. (Package name: zorpproduct-zorp)

   • Zorp URL filter: The package is required for the url filter. (package name: zorpproduct-urlfilter.

   • Zorp Authentication Server: The Zorp Authentication Server (ZAS) enables the authentication of network traffic on the user level at the firewall using password, CryptoCard, S/key, or X.509 methods. Integrating with existing Microsoft Active Directory, LDAP, PAM, and Radius databases is also supported. The module can be installed either together with the Zorp and ZMS modules or separately at a later date. (Package name: zorpproduct-zas)

   • Zorp Content Vectoring System: The Zorp Content Vectoring System (ZCV) is a framework and a uniform interface to manage various built-in and third party content vectoring modules (that is, virus and spam filtering engines). The content vectoring modules to be installed (in addition to the ZCV framework) can be selected from the following list. (Package name: zorpproduct-zcv)

     Warning
     The ZCV framework and the content vectoring modules must be installed on the same host.

     • ClamAV Antivirus Scanner: This module contains the libraries and virus signature databases needed for using the ClamAV antivirus engine. (Package name: zorpproduct-clamav)

     • NOD32 Antivirus Engine: This module contains the libraries and virus signature databases needed for using the Eset NOD32 antivirus engine. (Package name: zorpproduct-nod32)

     • SpamAssassin spam filter: This module contains the libraries and databases needed for using the SpamAssassin spam filtering engine. (Package name: zorpproduct-spamassassin)

     • ModSecurity: This module contains the libraries needed for using ModSecurity web application firewall (WAF) engine. (Package name: zorpproduct-modsecurity)

   For further information on the different modules, see the Chapter 14, Virus and content filtering using ZCV in Zorp Professional 7 Administrator Guide.

   Below are some guidelines about which modules should be installed on the different types of machines.

   • When installing a single firewall (or a node of a cluster) that will be managed from a separate ZMS host, select only the Zorp Pro Firewall component.

   • The third-party modules that can be used by ZCV must be licensed separately from Zorp. Select them only if you have a valid license for them, and only when you are installing the host that will run ZCV.

   • When installing a ZMS host that will manage one or more Zorp firewalls, but the machine itself will not be used as a firewall, select the Zorp Management Server (ZMS) component.

   • If you will use a single host as the firewall and ZMS, select the Zorp Management Server and the Zorp Pro Firewall components. Also select Zorp Content Vectoring System and its required modules, and the Zorp Authentication Server component if you have purchased licenses for them.

   • Zorp Authentication Server (ZAS) is an optional, central authentication service that can be installed on a Zorp machine. If you have license for ZAS select it together with the Zorp Pro Firewall component. This service must be licensed separately.

   Note
   The Zorp Management Console and the Zorp Authentication Agent (also called Satyr) applications are client–side components that cannot be installed on Zorp hosts. Their installation is discussed in Chapter 5, Installing the Zorp Management Console and Chapter 6, Installing the Zorp Authentication Agent (ZAA), respectively.

   After choosing the modules to install, select Continue.

   Note
   When you continue the installation, some steps may not appear for you, depending on the components you have selected to install.

8. Umount the Zorp install medium from the file system.

   sudo umount /dev/cdrom

9. Configure network interface bootstrap by ZMS.

10. Reboot the system:

    sudo reboot

11. Repeat this procedure to install other hosts if needed for your environment.

12. If you have installed a Zorp Management Server (ZMS), install the Zorp Management Console (ZMC) application on the deskop of your Zorp administrators. For details, see Chapter 5, Installing the Zorp Management Console.