e
| |||||||
The basic premise is to restrict inbound access to the public-facing addresses to only allow ports 4505/TCP, 4506/TCP, and 930/TCP | |||||||
Pre-requisite | Centos 7.5 or RHEnterprise | ||||||
interfaces | renames: mgmt1, lan1 and wan1 ( + IP@) | ||||||
hostname | unique, and meaningful name | ||||||
create 128t user ( | sudo privileges | ||||||
disable | Hyperthreading disabled: friewalld: SELinux: | ||||||
Install 128T | Router and Conductor | ||||||
copy the client's certificate to /etc/pki/128technology/release.pem | |||||||
Initialiser | Select: Router or Conductor Select: Standalone or 1xHA & 2xHA ( 2x Node in the router ) | ||||||
Node Name= ( By default this field uses the Linux system's hostname) Router/Conductor Name: identifiable by the full name of nodeName.routerName ; e.g., labsystem1.boston. | |||||||
sudo systemctl status 128T sudo systemctl start/restart/stop 128T | |||||||
Terminology | |||||||
Under Authority | Conductor Service ( Service address, Service Transport, app id, Access Policy, Security Policy and Service Policy) Tenant Security Policy & Service Policy Routers | ||||||
Under Authority > Router | |||||||