> For the complete documentation index, see [llms.txt](https://docs.vergeos-demo.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.vergeos-demo.com/knowledge-base/tenants/allow-root-to-tenant-site-connection.md). # Allow Root to Tenant Site Connection ## Overview {% hint style="warning" %} **Important** Adding this rule will allow tenants to connect on the DMZ network. By default, this is disabled for security reasons. {% endhint %} This guide provides instructions on how to connect a root system to a tenant site in VergeOS. The **Sites** feature is typically used to connect two VergeOS sites together, but to extend this functionality to a tenant site, you’ll need to add a specific rule on the root system's **External** network. ## Prerequisites * Access to the **Root** system with administrative privileges. * A basic understanding of network rules and DMZ interfaces in VergeOS. ## Steps 1. **Access External Networks** * In the **Root** system, navigate to the **Networks Dashboard** and then **Externals**. * Double-click on the **External** network. 2. **Add the Rule** * In the left menu, click on **Rules**. * Before adding a new rule, ensure it doesn’t already exist. * Click **New** in the left menu. * Enter the following details: * **Name**: Enter a descriptive name such as "Allow Tenant to Root". * **Action**: Translate. * **Protocol**: ANY. * **Direction**: Outgoing. * **Interface**: DMZ. * **Source**: Other Network Address (DMZ). * **Destination**: Any/None. * **Target**: My Router IP. ![Rule Configuration](/files/IddAunvAhWbtJac8RRRt) 3. **Submit and Apply** * Click **Submit**. * In the left menu or at the top, click **Apply Rules** to activate the new rule. After the rule is applied, the root system should now be able to connect to the tenant site. ## Testing the Rule To verify that the rule works, follow these steps: 1. From the top menu, navigate to: **Infrastructure** > **Nodes**. 2. **Double-click** on **Node1** or select **Node1** and click **View**. 3. In the left menu, click on **Diagnostics**. 4. Change the **Query** to **TCP Connection Test**. 5. Set **Host** to the **UI IP/Host** of the tenant system. 6. Set **Port** to **443**. 7. Click **Send**. The **Response** should say **Connection successful**. If the connection fails, review the rule to ensure accuracy, particularly ensuring that the **Interface** is set to **DMZ** rather than **Auto**. ## Troubleshooting {% hint style="warning" %} **Common Issues** * **Issue:** Connection test fails. * **Solution:** Double-check that the rule is configured correctly, especially the interface settings. Also, ensure there are no blocking rules that could prevent the connection. {% endhint %} ## Additional Resources * [Network Overview](/run-the-platform/networking/network-overview.md) * [Tenant Management](/run-the-platform/tenants/create-tenants.md) ## Feedback {% hint style="info" %} **Need Help?** If you encounter any issues while setting up the root-to-tenant site connection, or have any questions, feel free to contact our support team. {% endhint %} *** {% hint style="info" %} **Document Information** * Last Updated: 2023-09-12 * VergeOS Version: 4.12.6 {% endhint %} --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.vergeos-demo.com/knowledge-base/tenants/allow-root-to-tenant-site-connection.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.