5.5.14. Pairing between a GCap and a GCenter

5.5.14.1. Introduction

This procedure describes the pairing between a GCap and a GCenter.
The following operations must be performed:

On the GCenter, get the IP address of the GCenter
On the GCap, enter the IP address of the GCenter
On the GCenter, declare the GCap and generate the One Time Password (OTP)
On the GCap, pair the GCap and the GCenter

5.5.14.2. Prerequisites

User: setup
Commands used in this procedure:

5.5.14.3. Preliminary operations

Connect to the GCap (see Procedure for connecting to the GCap via SSH).
Know the FQDN of the GCap and its IP address.
Know the FQDN of the GCenter and its IP address.
Check that the date and time of the GCenter and the GCap match: refer to the Procedure for modifying the GCap date and time.

5.5.14.4. Procedure for displaying the IP address of the GCenter

Connect to the GCenter and display the GCenter network settings.
For more information, please refer to the GCenter documentation.

5.5.14.5. Procedure for setting the compatibility mode on the GCap

To view the software version of the GCenter:
- Log into the GCenter and view the GCenter version number.
  The information is located at the bottom left of the GCenter page (GCenter v2.5.3.101-7173-HF3).
To display the current compatibility mode between the GCap and the GCenter:
- Connect to the GCap (see Procedure for connecting to the GCap via SSH).
- Enter the following command.
```
(gcap-cli) show compatibility-mode
```
- Validate.
  The system displays the current compatibility mode.
```
Current compatibility mode: 2.5.3.101
```
- Compare the version between the one displayed on the GCap and the one on the GCenter.
  In this example:
  - On the GCenter, the version is: v2.5.3.101
  - On the GCap, the mode is: 2.5.3.101
  Thus, the GCap is well configured.
  In this example, it is not necessary to modify the compatibility mode.
  However, if it is necessary to change the mode, use the following procedure.
To change the GCap compatibility mode:
- Enter the following command (for example for version 2.5.3.102).
```
(gcap-cli) set compatibility-mode 2.5.3.102
```
- Validate.

5.5.14.6. Procedure for setting the GCenter IP on the GCap

To display the current version of the GCenter IP:
- Connect to the GCap (see Procedure for connecting to the GCap via SSH).
- Enter the following command.
```
(gcap-cli) show gcenter-ip
```
- Validate.
  The system displays the IP address of the current GCenter: make sure it is the IP address of the GCenter to be paired.
```
Current GCenter IP: X.X.X.X
```
  If there is no paired Gcenter then the following message is displayed:
```
Current GCenter IP: None
```
- Check that the IP address displayed is that of the GCenter to be paired. If there is a change, continue this procedure.
To change the current version of the GCenter IP:
- Enter the set gcenter-ip command followed by the GCenter IP setting.
  Example: set gcenter-ip 10.2.10.234
- Validate.
  The system displays the new IP address of the GCenter.
```
 Setting GCenter IP to 10.2.19.218
```

5.5.14.7. Procedure for declaring the GCap in the GCenter

Obtain the FQDN (hostname.domain) of the GCap via the show status command.
Connect to the GCenter via a web browser.
Enter the FQDN (refer to the GCenter documentation).
Click on the Start Pairing button.
The One Time Password (OTP) is displayed at the top left of the web page.
For example: pcmqsnf7iyo34ianzzi7gbgrr
Copy the OTP.

5.5.14.8. Procedure for pairing the GCap and the GCenter

Log on to the GCap CLI.
Enter the following command.
```
(gcap-cli) pairing otp 
```
Insert the OTP previously generated by the GCenter after positioning the cursor after the text.
```
(gcap-cli) pairing otp pcmqsnf7iyo34ianzzi7gbgrr
```
Validate.
The GCap connects to the GCenter via the IP address of the GCenter set on the GCap earlier.
The GCap then calculates the fingerprint using the FQDN of the GCap.
It asks the user to compare it with the fingerprint calculated by the GCenter, which was itself calculated using the FQDN entered.
The system displays the following message:
```
  Resetting any previous GCenter pairing...
  Generating IPSec certificates for the GCenter pairing...
  Probing for GCenter SSH fingerprint...

  Fingerprint for GCenter x is
  e655bc02553e2291a486a32bdce3943a315f830de70b2c627c39884e80
  0f08b2. Is it correct? (y/N)
```
Compare the GCenter fingerprint retrieved by the GCap in the CLI with the one present in the GCaps pairing.. part under the GcenterSSH fingerprint text in the GCenter web interface on the web browser.
- If the fingerprints are not identical:
  - Check the GCenter IP address and the value entered in the GCap
  - Check the GCap FQDN and the name entered in the GCenter
- If they are identical, answer Y and validate.
```
Sending OTP to GCenter...
Operation successful
```

On the GCenter Web UI, check that the GCap is now Online in the GCaps pairing and status menu page.
For more information please refer to the GCenter documentation.
On the GCap, this information is visible with the show status command.

(gcap-cli) show status

 Gcap FQDN         : gcap.gatewatcher.com
 Version           : 2.5.4.0
 Overall status    : Running
 Tunnel            : Up
 Detection Engine  : Up and running
 Configuration     : Complete

 Gcap name             : gcap
 Domain name           : gatewatcher.com
 Tunnel interface      : 192.168.2.2
 Management interface  : 192.168.1.2
 Gcenter version       : 2.5.3.103
 Gcenter IP            : 192.168.2.3
 Paired on Gcenter     : Yes                
 Monitoring interfaces : mon0,mon2,mon4,monvirt

  © Copyright GATEWATCHER 2024

The Paired on GCenter field takes the value Yes or No

5.5.14.9. Procedure for remove the pairing between a GCap and the GCenter

Log on to the GCap CLI.
Enter the following command.
```
(gcap-cli) unpair
```
Validate.