Skip to main content

Offline Installation Reference

This guide describes how to install zLAN firewall in an offline environment using a complete package bundle provided by NetFoundry. The bundle contains all required packages and their dependencies for supported OS versions and architectures.

This guide doesn't include information on how to install OnPrem in offline mode. Please refer to OnPrem documentation for guidance on deploying OnPrem.

Required Packages (included in the offline bundle)

Main Packages

  • zlan-installer zLAN install script that configure the local system
  • zfw zLAN firewall module
  • zlan-router zLAN router module
  • filebeat The elastic filebeat package gathers & ships metrics

Additional dependencies

Ubuntu/Debian

  • chrony
    Required for accurate system time synchronization.

RHEL/CentOS/Rocky/AlmaLinux

  • chrony
    Required for accurate system time synchronization.
  • systemd-resolved
    Installed to take over local DNS resolution. This is required for the zlan-router to run properly.

What You Receive

NetFoundry provides an archive (for example, zlan-offline-<os>-<version>-<arch>.tar.gz) that contains:

  • All required DEB/RPM packages and their dependencies for the specified OS and architecture
  • A convenience installer script and README with OS-specific steps

Steps for Offline Installation

  1. Obtain the offline bundle from NetFoundry and transfer it to the target system (USB/external disk). Verify integrity using the provided checksums (e.g., sha256sum).

  2. Unpack the bundle to a local path (for example, /opt/zlan-offline).

  3. Run the included offline installer from the bundle /opt/zlan-offline/offline_install.sh. The installer installs all required packages from the bundle (no internet access required).

  4. Enroll and configure zLAN using your JWT (obtained beforehand from the Console reachable within your private network):

    • Standard path (when the Controller is reachable):
      • Run the setup script installed by the packages: /opt/openziti/zlan/scripts/zlan-firewall-setup.sh <JWT_TOKEN>

If your lab is fully isolated and cannot reach the Controller at enrollment time, you cannot continue until that connecitity is resolved.

Notes & Best Practices

  • Make sure the bundle you use matches the target OS release and architecture.
  • Keep the checksum manifest alongside the bundle for audit and troubleshooting.

Troubleshooting

  • If installation reports missing dependencies, verify you used the correct bundle for the OS/arch and that you ran the included offline installer (or configured the provided local repo correctly).
  • For service startup issues, review logs and verify DNS/time services are active.
  • For assistance, collect relevant logs/configs and share them with NetFoundry support via your offline transfer process.