5.5.14. Pairing between a GCap and a GCenter

5.5.14.1. Introduction

This procedure describes the pairing between a GCap and a GCenter.

The following operations must be performed:

  • on the GCenter, get the IP address of the GCenter

  • on the GCap, enter the IP address of the GCenter

  • on the GCenter, declare the GCap and generate the One Time Password (OTP)

  • on the GCap, pair the GCap and the GCenter


5.5.14.2. Prerequisites


5.5.14.3. Preliminary operations


5.5.14.4. Procedure for displaying the IP address of the GCenter

  • Connect to the GCenter and display the GCenter network settings.

    For more information, please refer to the GCenter documentation.


5.5.14.5. Procedure for setting the compatibility mode on the GCap

  • To view the software version of the GCenter:

    • Log into the GCenter and view the GCenter version number.

    The information is located at the bottom left of the GCenter page (GCenter v2.5.3.101-7173-HF3).

  • To display the current compatibility mode between the GCap and the GCenter:

    • Connect to the GCap (see Procedure for connecting to the GCap via SSH)

    • Enter the following command

      (gcap-cli) show compatibility-mode
      
    • Validate

      The system displays the current compatibility mode.

      Current compatibility mode: 2.5.3.101
      
    • Compare the version between the one displayed on the GCap and the one on the GCenter.

      In this example:

      • on the GCenter, the version is: v2.5.3.101

      • on the GCap, the mode is: 2.5.3.101

      Thus, the GCap is well configured.

      In this example, it is not necessary to modify the compatibility mode.

      However, if it is necessary to change the mode, use the following procedure.

  • To change the GCap compatibility mode:

    • enter the following command (for example for version 2.5.3.102)

    (gcap-cli) set compatibility-mode 2.5.3.102
    
    • Validate


5.5.14.6. Procedure for setting the GCenter IP on the GCap

  • To display the current version of the GCenter IP:

    (gcap-cli) show gcenter-ip
    
    • Validate

    The system displays the IP address of the current GCenter: make sure it is the IP address of the GCenter to be paired.

    Current GCenter IP: X.X.X.X
    

    If there is no paired Gcenter then the following message is displayed:

    Current GCenter IP: None
    
    • Check that the IP address displayed is that of the GCenter to be paired. If there is a change, continue this procedure.

  • To change the current version of the GCenter IP:

    • enter the set gcenter-ip command followed by the GCenter IP setting

      Example: set gcenter-ip 10.2.10.234

    • Validate

      The system displays the new IP address of the GCenter.

      Setting GCenter IP to 10.2.19.218
      

5.5.14.7. Procedure for declaring the GCap in the GCenter

  • Obtain the FQDN (hostname.domain) of the GCap via the show status command.

  • Connect to the GCenter via a web browser.

  • Enter the FQDN (refer to the GCenter documentation).

  • Click on the Start Pairing button.

    The One Time Password (OTP) is displayed at the top left of the web page.

    For example: pcmqsnf7iyo34ianzzi7gbgrr

  • Copy the OTP.


5.5.14.8. Procedure for pairing the GCap and the GCenter

  • Log on to the GCap CLI.

  • Enter the following command.

    (gcap-cli) pairing otp 
    
    
  • Insert the OTP previously generated by the GCenter after positioning the cursor after the text.

    (gcap-cli) pairing otp pcmqsnf7iyo34ianzzi7gbgrr
    
  • Validate.

    The GCap connects to the GCenter via the IP address of the GCenter set on the GCap earlier.

    The GCap then calculates the fingerprint using the FQDN of the GCap. It asks the user to compare it with the fingerprint calculated by the GCenter, which was itself calculated using the FQDN entered.

    The system displays the following message:

      Resetting any previous GCenter pairing...
      Generating IPSec certificates for the GCenter pairing...
      Probing for GCenter SSH fingerprint...
    
      Fingerprint for GCenter x is
      e655bc02553e2291a486a32bdce3943a315f830de70b2c627c39884e80
      0f08b2. Is it correct? (y/N)
    
  • Compare the GCenter fingerprint retrieved by the GCap in the CLI with the one present in the GCaps pairing.. part under the GcenterSSH fingerprint text in the GCenter web interface on the web browser.

    • If the fingerprints are not identical:

      • check the GCenter IP address and the value entered in the GCap,

      • check the GCap FQDN and the name entered in the GCenter.

    • If they are identical, answer Y and validate.

      Sending OTP to GCenter...
      Pairing up with the GCenter (IPSec certificates exchange)...
      Pairing up with the GCenter (restarting IPSec tunnel)...
      Pairing successful
      
  • On the GCenter Web UI, check that the GCap is now Online in the GCaps pairing and status menu page.

    For more information please refer to the GCenter documentation.

    On the GCap, this information is visible with the show status command.

    (gcap-cli) show status
    
    GCAP Name         : host.domain
    Version           : 2.5.3.105-xxx
    Paired on GCenter : 10.2.19.128
    Tunnel status     : Up
    Detection Engine  : Container down
    
    

    The Paired on GCenter field takes:

    • the value Not paired when the GCap is not paired with the GCenter

    • the IP value of the GCenter when the GCap is paired with the GCenter