cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

inital setup of remote gateway

i have a single gateway and mgmt vm running in site A

I am setting up another gateway for site B

How would i complete my setup (push policy / NAT, etc) of my gateway for Site B if i do not have access to my mgmt box in Site A. is there anything i can do? my gateway in site B has not been SIC trust setup so far. 

5 Replies
Admin
Admin

Re: inital setup of remote gateway

About all you can do with your Site B gateway without access to management is set up the basic operating system configuration, which does not include the security policy configuration.

This comes from the management.

0 Kudos

Re: inital setup of remote gateway

so would this getaway (Site B) pass all traffic by default?

Do i need to worry about anything regarding establishing sic trust from a remote location?

or as long as i have network connectivity to the mgmt vm i should be OK ?

0 Kudos
Admin
Admin

Re: inital setup of remote gateway

Gateways do not pass any traffic by default until a policy is loaded from the manager.

This is done two ways:

  • An initial policy is loaded that only permits very specific traffic (e.g. SSH, SIC) and drops everything else
  • Routing is disabled on the TCP/IP stack

Once SIC is established and a policy is installed, IP routing is enabled and the installed policy is enforced.

0 Kudos

Re: inital setup of remote gateway

so how do i load an initial policy so that when i get to my branch office i can 

- establish SIC

- pull final policy 

0 Kudos
Admin
Admin

Re: inital setup of remote gateway

SIC is actually established from the management, which generates the certificates used for securing communication between the gateway and management.

All you can do from the gateway itself is establish the one-time password used as part of authenticating the gateway to the management.

You can see the process here: How to reset SIC