---
title: "General Services Sub-Tab Configuration"
slug: "general-services-sub-tab1"
updated: 2026-05-08T17:46:25Z
published: 2026-05-08T17:46:25Z
---

> ## Documentation Index
> Fetch the complete documentation index at: https://docs.zpesystems.com/llms.txt
> Use this file to discover all available pages before exploring further.

# General Services Sub-Tab Configuration

General security service settings are configured on this page. It is recommended to prepare a document that defines how the company security requirements are implemented with the device security settings. To configure general services:

1. Log in the Nodegrid Web UI.
2. Go to *Security :: Services :: General Services*.
3. Configure the settings as described in the following sections.

### ZPE Cloud section(cloud-based management platform for Nodegrid products):

| **Setting** | **Description** | **Default** |
| --- | --- | --- |
| **Enable ZPE Cloud** | Select Enable ZPE Cloud checkbox (Nodegrid NSR, GSR, BSR, LSR, HSR - default: enabled. Nodegrid Serial Console - default: disabled). When Once enabled you can access this device from the ZPE cloud. | Nodegrid NSR, GSR, BSR, LSR, HSR: Enabled Nodegrid Serial Console, NSCP: Disabled |
| **ZPE Cloud URL** | This is a read-only field, that automatically populates the URL to the ZPE cloud. | N/A |
| **Enable Remote Access** | Check this field to remotely access the device, this is useful when you want to take the backup of the data. | Nodegrid NSR, GSR, BSR, LSR, HSR: Enabled Nodegrid Serial Console, NSCP: Enabled by default when user enables ZPE Cloud. |
| **Enable File Protection (Optional)** | If enabled, file transfer requires an authentication hash based on this password to validate file integrity and origin. The field is disabled by default. If enabled, enter **Passcode**and **Confirm Passcode**. | Disabled |
| **Enable File Encryption** | On the *File Encryption Mode*menu (select one): - **Encryption by Passcode**radio button. Enter the **Encryption Passcode**and **Confirm the Encryption Passcode**. - **Encryption by an Asymmetric Key** radio button. Select **Encryption with Base64** checkbox. | Disabled |

### Active Services

| **Setting** | **Description** | **Default** |
| --- | --- | --- |
| **System Profile** | The default profile is populated in the System Profile. | Out of Band |
| **Enable detection of USB devices** | Detects if any USB is attached to the device. | Enabled |
| **Enable RPC** | Enable if you want to request services from other programs on a different machine in a network. | Disabled |
| **Enable gRPC** | Enables gRPC service. Specify the gRPC Port (default: 4830). | Disabled |
| **Enable FTP Service** | Enables FTP service for file transfers. | Disabled |
| **Enable SNMP Service** | Enables SNMP for network management. | Enabled |
| **Enable Telnet Service to Nodegrid** | Allows Telnet access to Nodegrid. Specify the Telnet TCP Port (default: 23). | Disabled |
| **Enable Telnet Service to Managed Devices** | Allows Telnet access to managed devices. | Disabled |
| **Enable ICMP echo reply** | Enables ICMP echo reply for network diagnostics. | Enabled |
| **Enable ICMP secure redirects** | Enables secure redirects for ICMP. | Enabled |
| **Enable USB over IP** | Enables USB over IP protocol. | Disabled |
| **Enable Search Engine** | Enables the device’s search engine. Optionally, enable Dashboards. | Enabled |
| **Enable Dashboards** | If Search Engine is selected as enabled, it Enables the search engine’s dashboards by default. | Enabled |
| **Enable Telegraf** | Enables Telegraf service for data collection. | Disabled |
| **Enable Services Status Page** | Provides a status page at `<NG URL>/services/status` to determine functioning services. | Enabled |
| **Enable reboot on Services Status Page** | Allows device reboot via the services status page. | Enabled |
| **Enable keepalived** | Maintains a keepalive session for the Nodegrid device, ensuring it starts during system reboot. It is possible to also enable the keepalived setting via the CLI by entering the following command: ```plaintext [admin@nodegrid services]# set enable_keepalived=yes ``` | Disabled |
| **Show warning banner for expiring Root CA certificates** | Addresses the certificate expiring warning being always enabled for Root CA certificates, making it possible to enable it as required. When closing warning banners at the top of the WebUI, the dismissal is now stored as a cookie, preventing the same banner from being displayed again during that browser session. | Disabled |
| **Enable core dump collection** | Control whether core dumps are generated and collected during application execution. It is possible to also enable core dump collection setting via the CLI by entering the following command: ```plaintext [admin@nodegrid /]# cd /settings/services/ [admin@nodegrid services]# show ... enable_core_dump_collection = yes ``` | Enabled |

### Virtualization Services

| **Setting** | **Description** | **Default** |
| --- | --- | --- |
| **Enable Docker** | When you enable the field, the Docker directory location drop-down list is displayed. It lists all the suitable locations to which the Docker daemon and its files can be moved and lists any disk or partition that is formatted and mounted. The Default option points to the primary disk location; /var/lib. If there is not enough space in the selected folder, an error is displayed: ![](https://cdn.document360.io/763c5fb1-b9af-4ccd-9ad6-cf28ae4cd5a3/Images/Documentation/image-1698221798619.png) If there is an existing folder called **Docker,**an error is displayed: ![](https://cdn.document360.io/763c5fb1-b9af-4ccd-9ad6-cf28ae4cd5a3/Images/Documentation/image-1698221898844.png) | Enabled |
| **Enable Qemu/KVM** | Enables Qemu/KVM virtualization. | Enabled |
| **Enable VMware Manager** | Enables VMware Manager for virtualization management. | Enabled |
| **Cluster TCP Port** | Specify the Cluster TCP Port (default: 9966). | 9966 |
| **Enable Automatic Cluster Enrollment** | Enables automatic enrollment for clusters. | Disabled |
| **Search Engine TCP Port** | Specify the Search Engine TCP Port (default: 9300). | 9300 |
| **Enable VM Serial access** | Enables serial port for virtual machine access. |  |
| - **VM Serial Port** - **vMotion timeout(s)** | - Specify the VM Serial Port (default: 9977). - Configures the vMotion timeout for virtualization tasks. | - 9977 - 300 |
| **Enable Zero Touch Provisioning** | Enables ZTP for the device. | Enabled |
| **Enable Bluetooth** | Enables Bluetooth access to the Nodegrid device. > [!NOTE] > NOTE: > > Completely enables/disables Bluetooth on the device. When enabled, tethers the network connection via Bluetooth to the device without any configuration. This tethers the network connection via Bluetooth to be the first device deployed on the network. This temporary connection reaches ZPE Cloud to download its full configuration. | Disabled |
| - **Display name** - **Enable Bluetooth Discoverable mode** | - This name is displayed on other devices paired with this device via Bluetooth. - Enables discovery and pairing of this device to an external device. This tethers the network connection via Bluetooth to be the first device deployed on the network. This temporary connection reaches ZPE Cloud to download its full configuration. When a connection is established to a trusted device, this discoverable mode can be disabled to ensure other devices cannot pair with this device. | <ProductName_SerialNumber> |
| Disabled |
| **Enable PXE (Preboot eXecution Environment)** | Enables boot a software image retrieved at boot time from a network server. | Enabled |
| **Block Host with multiple authentication failures** | Blocks hosts when authentication fails multiple times. - Period Host will stay blocked (min) (default: 10). - Enter Timeframe to monitor authentication fails (min) (default: 10). - The number of authentication fails to block the host (default: 5). - Whitelisted IP Addresses (comma-separated). | Disabled |
| **Allow root console access** | Provides administrators the ability to control access to the primary console interface, which includes both the Console Serial Port and the Video VGA/HDMI and USB Keyboard ports. To allow root console access, select both **Enable console access** and **Allow root console access** fields. When you disable the console access: 1. Critical system components such as Console Live system authentication, Bootloaders, and root console access are not accessible anymore. 2. BIOS settings are accessible, to make it inaccessible use the **Password protected boot**feature. 3. Unchecking **Allow root console access** disables access to the root users as well and they will encounter a login incorrect error message as shown in the following example. ```plaintext login: root Login incorrect nodegrid login: Event Notification from nodegrid. Reported on 2024-04-17T11:51:04z. Event ID 202: User authentication failed. User: root on 'ttyS0'. ``` System Console Events is turned off. Note: **It's crucial to carefully consider the implications of disabling the main console port. This action may impact low-level maintenance tasks that necessitate direct access to the system. Make sure to evaluate your specific requirements for maintenance and security before disabling Console Access.** | Enabled |

### Manage devices

| **Setting** | **Description** | **Default** |
| --- | --- | --- |
| **Device access is enforced via user group authorization** | Enables users to only access devices listed in the user's authorization groups. If not enabled, all enrolled devices are available). | Disabled |
| **Enable the Autodiscovery** | Enables autodiscovery of the devices when connected to the network. | Enabled |

### FIPS

| **Setting** | **Description** | **Default** |
| --- | --- | --- |
| **Enable FIPS 140-3** | Enabling FIPS 140-3 on a Nodegrid device ensures FIPS compliance, limiting cryptographic services to the FIPS provider for the applications that rely on OpenSSL for these services. 1. Network services and ports that rely on OpenSSL for cryptographic services will be FIPS 140-3 compliant when enabled, including: - HTTPS (TCP port 443) - SSH client and server (TCP port 22) - SNMP (TCP port 161) - Cluster (TCP port 9966) For a more detailed list, refer to the FIPS 140-3 status page (Click on the FIPS 140-3 button on the top right of the web UI). NOTE Enabling or disabling FIPS 140-3 requires the Nodegrid device to be rebooted for all changes to take effect. 2. In the user interface, the Banner (right side) shows FIPS 140-3 is active. 3. Click the FIPS 140-3 button to display the status. ![](https://cdn.document360.io/763c5fb1-b9af-4ccd-9ad6-cf28ae4cd5a3/Images/Documentation/image-1678904638529.png) 4. You may also verify that FIPS is enabled from the root shell using the following command: root@nodegrid:~# openssl list -providers Providers: base name: OpenSSL Base Provider version: 3.0.12 status: active fips name: OpenSSL FIPS Provider version: 3.0.10 status: active | Enabled |

### SSH

| **Setting** | **Description** | **Default** |
| --- | --- | --- |
| **SSH allow root access** | - Enter **SSH TCP Port** (default: 22). - Enter **SSH Ciphers** (comma-separated) (default: blank). - Enter **SSH MACs** (comma-separated) (default: blank). - Enter **SSH Kex Algorithms**(comma-separated) (default: blank). | Disabled |

### Web Service

| **Setting** | **Description** | **Default** |
| --- | --- | --- |
| **Enable HTTP access** | Enables the HTTP access to the managed device. | Enabled, 80 |
| **Enable HTTPS access** | Enables the HTTPs access to the managed device. | Enabled, 443 |
| **Enable HTTP/S File Repository** | Enables HTTP/S file repository to store the software images. > [!NOTE] > NOTE > > When enabled, allows public access to files stored in the File Manager/datastore folder. Users can access files via a direct URL, formatted as https://<Nodegrid URL>/datastore/<filename.ext>. The file's exact path must be specified. Operations such as "list," "edit," and "post" commands are disabled. You can enable access to the Web UI using the CLI. To do this, access the Console and run the following commands. This method is useful if a user gets locked out of the Web UI and when HTTP and HTTPS are disabled. ```plaintext cd/settings/services enable_http_access = yes http_port = 80 enable_https_access = yes http_port = 443 redirect_http_to_https = no commit ``` | Disabled |

### FRR

| **Setting** | **Description** | **Default** |
| --- | --- | --- |
| **Enable BGP** | Activates Border Gateway Protocol (BGP) to manage routing between autonomous systems. | Enabled |
| **Enable ISIS** | Activates ISIS protocol to support routing capabilities | Disabled |
| **Enable OSPFv2** | Enables OSPFv2 for IPv4 routing in dynamic network environments. | Disabled |
| **Enable OSPFv3** | Activates OSPFv3 to support IPv6 routing capabilities. | Disabled |
| **Enable PATH** | Activates PATH daemon to handle installation and deletion of Segment Routing Policies | Disabled |
| **Enable RIP** | Turns on the Routing Information Protocol (RIP) for simple, distance-vector-based routing. | Disabled |
| **Enable VRRP** | Enables Virtual Router Redundancy Protocol (VRRP) to provide router failover and redundancy. | Disabled |

### Cryptographic Protocols

| **Setting** | **Description** | **Default** |
| --- | --- | --- |
| TLSv1.3 | Activates support for the TLS 1.3 protocol for secure communications. | Enabled |
| TLSv1.2 | Enables support for the TLS 1.2 protocol for backward compatibility. | Enabled |
| TLSv1.1 | Allows the use of TLS 1.1 protocol, but it is disabled by default for security reasons. | Disabled |
| TLSv1 | Enables TLS 1.0 protocol, disabled by default due to known vulnerabilities. | Disabled |
| Cipher Suite Level | - High: Sets the cipher suite level to prioritize maximum security, using the most robust algorithms. - Medium: Balances security and compatibility, selecting moderately strong ciphers. - Low: Allows weaker ciphers for broader compatibility but reduced security. - Custom: Enables a customizable dialog where you can specify a tailored cipher suite configuration. | Medium |

### Saving the Configuration

Click **Save**. ZPE Cloud ensures all deployment activity is done at the device location.