Skip to main content

Quickstart Guide

Follow these instructions to manually install the enforza Agent on an existing or new linux instance in your environment. This will install all of the pre-requesites and dependencies, then register the gateway with the enforza Controller and turn the linux instance into a firewall/gateway.

This method is for users that have SSH access to their linux instance and may have services already running on it, or want more control about timing and level of automation of deploying the enforza Gateways.

note

Currently (Q4/2024), supported linux distributions are:

  • Ubuntu Server 22.04LTS and above
  • Debian 11 and above

This quickstart guide assumes that you:

  • have your VPC, subnets and route-tables in place
  • want to deploy an enforza Gateway in your public subnet
  • are comfortable with configuring your route-tables in order to forward traffic to the enforza gateway
  • know what you are doing

Step 1: Login to your instance

Login to your Linux instance via SSH.

  • Using SSH certificate (AWS default)
ssh -i ./my-key.pem ubuntu@myserver.example.com
  • Using SSH username & password (Azure)
ssh ubuntu@myserver.example.com

Step 2: Run the bootstrap script

Run the Enforza agent install script - you can get your companyId from the portal (Claim Device).

curl -s -L https://efz.io/install | sudo bash -s -- --companyId=a713a652-f973-435f-ab38-xxxxxxxxxx

The output should be (something) like this:

ubuntu@ip-10-8-1-17:~$ curl -s -L https://efz.io/install | sudo bash -s -- --companyId=a713a652-f973-435f-ab38-xxxxxxxxxx

Starting enforza-agent installation...
Bootstrap Version: 24.04 LTS (Noble Numbat)
Scanning processes...
Scanning candidates...
Scanning linux images...
Creating /opt/enforza directory structure...
Creating efzadmin user...
useradd: warning: the home directory /opt/enforza already exists.
useradd: Not copying any file from skel directory into it.
Sudoers configuration is valid.
efzadmin added to adm group for log file access.
Downloading AWS IoT Root CA certificate from AWS...
Downloading enforza Provisioning bootstrap...
Downloading files for x86 architecture...
Downloading efz-generateInfo script...
Downloading efz-provision-core script...
Downloading efz-provision-telemetry script...
Downloading efzw-connect daemon...
Downloading efz-telemetry daemon...
Downloading efz claim certificate...
Downloading efz claim private key...
Downloading logrotate.d configs
Downloading efz-agent-remove script
Enabling IPv4 forwarding...
IPv4 forwarding setting is already configured to persist across reboots.
IPv4 forwarding configuration completed.
Running efz-generateInfo...
Running efz-provision-core...
Running efz-provision-telemetry...
Starting daemons...
Created symlink /etc/systemd/system/multi-user.target.wants/efz-connect.service → /etc/systemd/system/efz-connect.service.
Created symlink /etc/systemd/system/multi-user.target.wants/efz-telemetry.service → /etc/systemd/system/efz-telemetry.service.

ubuntu@ip-10-8-1-17:~$

Next Steps

  • Give your gateway a meaningful name - click here
  • Change the license from "Unlicensed" to Freemium (or above) - click here
  • Create & push your first policy - click here