You can complete tasks in the Security Connector console and in the ​SIA​ to manage your configuration of Security Connector. You can:

• Change the Security Connector mode in the Security Connector console. When you add a Security Connector, you can select whether it will act as a HTTP Forwarder or a sinkhole. For more information, see Change Security Connector operation mode.
• Upgrade Security Connector software. For instructions, see Upgrade the security connector.
• Change the security connector password. For instructions, see Change the security connector password.
• Delete Security Connector. For instructions, see Delete a security connector.
• View archived Security Connector. For instructions, see View archived security connectors.
• Manage SSH keys. If you deployed Security Connector on Microsoft Azure or Amazon Web Services cloud platforms, SSH keys are used to access the Security Connector console. While an SSH key is required to set up Security Connector in Azure and AWS, you can further manage SSH keys in the Security Connector console. For more information, see Manage SSH keys in Security Connector.
• Configure local DNS servers. For instructions, see Configure local DNS servers.

Change Security Connector operation mode

While you can configure Security Connector as a sinkhole or HTTP Forwarder when you add it in ​SIA​, you can also define this setting in the Security Connector portal. If you’ve added Security Connector as an HTTP Forwarder, you can toggle this setting to change it to a sinkhole. Likewise, if you added Security Connector as a sinkhole, you can toggle this setting to make it an HTTP forwarder instead.

You can only modify this setting if the Security Connector is not associated with a policy and it’s online.

To change the security connector operation mode:

1. In the Security Console console menu, press 8 or use the arrow keys to select Advanced, and press Enter.

   📘

   If HTTP Forwarder is disabled, Advanced may appear as menu item 7.

2. Press 4 or use the arrow keys to select Toggle Operation Mode, and press Enter.

3. Press c to edit the settings and press Enter

4. Type yes to toggle this setting and press Enter. If Security Connector is currently a sinkhole, this option will configure it as an HTTP Forwarder. If Security Connector is currently an HTTP Forwarder, this option will configure it as a sinkhole.

   Security Connector reboots with the new settings.

Upgrade the security connector

When a new version of the security connector is available, you can select to upgrade it. Users who are configured to receive upgrade notifications are notified by email when an upgrade is available.

Know the following:

• The upgrade process reboots the VM and automatically updates the Security Connector software. The upgrade may take up to 10 minutes to complete.
• Make sure that you upgrade one Security Connector at a time. This ensures that a DNS forwarder is always available while another DNS forwarder is upgraded.
• Make sure your VM meets requirements to run the latest version of Security Connector. For more information on these requirements, see Virtual machine requirements.

🚧

After November 30, 2024, ​Akamai​ will no longer support Security Connector versions earlier than 3.4.0. While you can perform multiple upgrades to reach the latest version, ​Akamai​ recommends that you download the latest version of Security Connector and deploy it on your hypervisor. For instructions, see Deploy Security Connector.

To upgrade the security connector:

1. In the Threat Protection menu of Enterprise Center, select Clients & Connectors > Security Connectors.

2. In the Security Connector area of the page, go to the security connector that you want to upgrade.

3. Hover over the security connector, and click the upgrade icon.

   

   📘

   If you are upgrading a version that’s earlier than version 3.8, this operation upgrades your Security Connector to version 3.8. After this upgrade is complete, you must click the upgrade icon again to upgrade to the latest version.

4. If you are upgrading from version 3.8, a dialog appears that requires you to select the Security Connector type. Select a Security Connector type, and click Continue. You can select Sinkhole, DNS Forwarder, or HTTP Forwarder.
   
   If the connector you’re upgrading functions as more than one type of Security Connector (for example, as both an HTTP Forwarder and DNS Forwarder), you can select one type for upgrade. If this connector is a sinkhole and it’s currently assigned to a policy, you can only select Sinkhole from the menu. For any type that you could not upgrade with this operation, you can deploy it with the latest version of Security Connector.

Change the security connector password

You can change the security connector password in ​SIA​ or in the Security Connector console.

If you change passwords for Security Connector 3.2 or later, passwords must contain:

• Between 8 and 32 characters
• At least one uppercase and one lowercase letter
• At least one numeric character

You cannot reuse the last five passwords.

Change security connector password in ​SIA​

Before you begin

Ensure the security connector is activated and communicating with ​SIA​.

After the security connector is deployed, configured, and communicating with ​SIA​, an ​SIA​ administrator can change the password that is associated with the security connector and is required to access the security connector.

To change the security connector password:

1. In the Threat Protection menu of Enterprise Center, select Clients & Connectors > Security Connectors.

2. In the ​Akamai​ Security Connector area of the page, click the lock icon. The Change Password for Security Connector dialog appears.

3. Enter the new password, and click Save.

Change security connector password in Security Connector

You can change the password that's used to access the security connector. This procedure is completed in the Security Connector console.

To change security connector password in Security Connector

1. In the Security Connector main menu, press 8 or use the arrow keys to select Advanced and press Enter.

2. Press 5 or use the arrow keys to select Change Admin Password and press Enter.

3. When promoted, enter the current password.

4. Enter the new password and press enter. You are prompted to reenter the password.

5. Enter the password again, and press Enter.

6. After the password is successfully set, you can press any key to return to the main menu.

Delete a security connector

If a security connector is not associated with a policy, you can remove it from ​SIA​. Otherwise, you need to associate a new Security Connector to the policy before you can perform the deletion. You need to be an ​SIA​ administrator to perform this task.

This operation deletes the connector from the list of security connectors in ​SIA​. It does not delete the security connector that you deployed on a virtual appliance in your network.

To delete a security connector:

1. In the Threat Protection menu of Enterprise Center, select Clients & Connectors > Security Connectors.

2. Locate the security connector that you want to delete.

3. Click the delete icon. A confirmation message appears.

4. If the security connector is associated with a policy, a dialog appears where you can associate a new Security Connector or a custom response to the policy or policies. Select a Security Connector or custom response and click Replace & Delete.

5. If the security connector is not associated with a policy, a confirmation message appears. Click Yes to confirm the deletion.

View archived security connectors

You can view the security connectors that were previously archived. A security connector may have been archived if you participated in the first beta preview of the security connector.

You need to be an ​SIA​ administrator to perform this task.

To view archived security connectors:

1. In the Threat Protection menu of Enterprise Center, select Clients & Connectors > Security Connectors.

2. Click the eye icon that is shown above in the Security Connector area of the page. Archived security connectors appear.

Manage SSH keys in Security Connector

As you set up Security Connector in Azure or AWS, you upload or create an SSH key that enables you to access the Security Console console. You can manage this key in Security Connector.

In the Security Connector console, you can complete these actions:

• Add an SSH key
• View your SSH keys
• Delete an SSH key
• Rotate your SSH key

Add an SSH key

Complete these steps to add a new SSH key. Security Connector can use a maximum of five SSH keys. The public key must be in OpenSSH format.

Before you begin:

Make sure you generate the new SSH keys that you want to add. For instructions, see Generate SSH keys.

To add a new SSH key:

1. In the main menu, press 7 or use the arrow keys to select Advanced settings, and press Enter.
2. In the menu, press 8 or use the arrow keys to select Manage SSH Keys, and press Enter.
3. Press 2 or use the arrow keys to select Add an SSH key, and press Enter.
4. Press C to continue editing.
5. Enter the contents of the SSH public key. You can copy and paste the contents of the key into the console window, and then press Enter.

View your SSH keys

Complete this procedure to view the SSH keys that are currently active for Security Connector. You can have a maximum of five active keys.

To view your SSH keys:

1. In the main menu, press 7 or use the arrow keys to select Advanced settings, and press Enter.
2. In the menu, press 8 or use the arrow keys to select Manage SSH Keys, and press Enter.
3. Press 1 or make sure the View All SSH Keys option is selected, and press Enter.
   The list of SSH keys appears.

Delete an SSH key

Complete this procedure to delete an SSH key. To delete a key, you must have more than one SSH key that is active. Security Connector requires at least one SSH key.

To delete an SSH key:

1. In the main menu, press 7 or use the arrow keys to select Advanced settings, and press Enter.
2. In the menu, press 8 or use the arrow keys to select Manage SSH Keys, and press Enter.
3. Press 3 or use the arrow keys to select Delete an SSH Key, and press Enter.
4. Press C to continue.
5. Enter the list number that’s associated with the key you want to delete and press Enter.

Rotate an SSH key

Complete this procedure to rotate an SSH key.

Before you begin:

Make sure you generate the new SSH keys that you want to add. For instructions, see Generate SSH Keys

To rotate an SSH key:

1. Add the new SSH keys you want to use for accessing Security Connector. You can have a maximum of five SSH keys. For instructions, see Add an SSH key.
2. Delete a key or any of the keys that you no longer want to use. For instructions, see Delete an SSH key.

Access Security Connector with an SSH key

Complete this procedure to access Security Connector with the SSH key you generated. This procedure applies only to Security Connectors that are deployed with Microsoft Azure or Amazon Web Services.

To access Security Connector with an SSH key:

In your command line or terminal, enter this command:

ssh -i </path/to/ssh/key> admin@<public-or-elastic_IP>

where:

• </path/to/ssh/key> is the file path to the SSH key.
• <public-or-elastic_IP> is the public or elastic IP address that you configured for the network interface you created. For more information on this IP address, see Deploy Security Connector on Amazon Web Services (AWS) or Deploy Security Connector on Microsoft Azure.

Configure local DNS servers

You can configure a local DNS server to resolve internal traffic and detect the machine name for an internal IP address.

🚧

As a best practice, configure DNS Forwarder or a DNS recursive server as your local DNS server. Make sure the configuration you choose for the local DNS server uses SIA DNS servers to resolve external domain names.

To configure local DNS servers:

1. In the Security Connector main menu, press 2 or use the arrow keys to select Configure Networking and press Enter.

2. Depending on the type of Security Connector you are configuring, do one of the following:

   • For DNS Forwarder, press 6 or use the arrow keys to select Manage DNS Forwarder. Press Enter.
   • For HTTP Forwarder, press 7 or use the arrow keys to select Manage HTTP Forwarder. Press Enter

3. Depending on the type of Security Connector you are configuring, do one of the following:

   • For DNS Forwarder, press 4 or use the arrow keys to select Configure Local DNS Server. Press Enter.
   • For HTTP Forwarder, press 2 or use the arrow keys to select Configure Local DNS server. Press Enter.

4. Press C to continue.

5. If there are local DNS servers configured, they are shown. Press C to continue and edit the local DNS server configuration.

6. In the DNS entry, enter the IP address of the DNS server and press Enter.

7. To enter more IP addresses, enter the IP address into the provided field and press Enter. You can enter up to three IP addresses. If you don't want to provide anymore values, enter D for done and press Enter.

8. Enter y and press Enter to confirm the change.

9. After the change is applied, press any key to return to the DNS forwarder menu.