Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
nflnetwork29
Advisor

inital setup of remote gateway

i have a single gateway and mgmt vm running in site A

I am setting up another gateway for site B

How would i complete my setup (push policy / NAT, etc) of my gateway for Site B if i do not have access to my mgmt box in Site A. is there anything i can do? my gateway in site B has not been SIC trust setup so far. 

5 Replies
PhoneBoy
Admin
Admin

About all you can do with your Site B gateway without access to management is set up the basic operating system configuration, which does not include the security policy configuration.

This comes from the management.

0 Kudos
nflnetwork29
Advisor

so would this getaway (Site B) pass all traffic by default?

Do i need to worry about anything regarding establishing sic trust from a remote location?

or as long as i have network connectivity to the mgmt vm i should be OK ?

0 Kudos
PhoneBoy
Admin
Admin

Gateways do not pass any traffic by default until a policy is loaded from the manager.

This is done two ways:

  • An initial policy is loaded that only permits very specific traffic (e.g. SSH, SIC) and drops everything else
  • Routing is disabled on the TCP/IP stack

Once SIC is established and a policy is installed, IP routing is enabled and the installed policy is enforced.

0 Kudos
nflnetwork29
Advisor

so how do i load an initial policy so that when i get to my branch office i can 

- establish SIC

- pull final policy 

0 Kudos
PhoneBoy
Admin
Admin

SIC is actually established from the management, which generates the certificates used for securing communication between the gateway and management.

All you can do from the gateway itself is establish the one-time password used as part of authenticating the gateway to the management.

You can see the process here: How to reset SIC 

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events