The firstboot wizard (initial command-line configuration)

The first time you power on (boot) a Forcepoint appliance, a firstboot wizard prompts you to:

Select the security mode for the appliance – Forcepoint Email Security, Forcepoint Web Security, or Forcepoint URL Filtering.
Enter settings for the appliance management Ethernet interface (C) IP address, subnet mask, default gateway IP address, and DNS server IP addresses.
Define several basic configuration settings, such as hostname, admin password, and system time zone and time.

You are also asked whether you want to send feedback to Forcepoint. Feedback data improves URL categorization, making your Forcepoint solutions more effective. The default setting is “yes” (enabled). To disable feedback, enter “no” at the prompt. When you upgrade to a major new version, you may be prompted to confirm the setting.

You are given the opportunity to review and change settings before you exit the firstboot wizard. After you approve the settings, the appliance is provisioned and configured. The process can take 30 minutes or more.

Later, if you want to change settings, except the security mode, you can make changes using the command-line interface (CLI). To change the security mode, you must re-image the appliance with an image acquired from the Forcepoint Downloads page. After re-imaging, upon reboot, the firstboot wizard runs again.

Gather data for firstboot

Gather the following information before running the firstboot wizard. Some of this information may have been written down on the Quick Start poster during hardware setup.

Security mode	Chose the security mode that you want to install on the appliance: Forcepoint Email Security, Forcepoint Web Security, or Forcepoint URL Filtering. The security mode must correspond to the product to which you subscribed.
Hostname (example: appliance.example.com) 1 - 60 characters long. The first character must be a letter. Allowed: letters, numbers, dashes, or periods. The name cannot end with a period. If this is a Forcepoint Web Security appliance and Content Gateway will be configured to perform Integrated Windows Authentication, the hostname cannot exceed 11 characters, excluding the domain name. For more information, see the section titled Integrated Windows Authentication in Content Gateway Manager Help.
IP address for appliance management Ethernet interface C	Must be an IPv4 address. Choose an IP address that is not likely to change. Changing the C interface IP address can significantly impact the deployment. For more information, see the technical article, “Changing the C Interface IP Address”.
Subnet mask for network interface C
Default gateway for network interface C (IP address) Optional, except in version 8.5.0 Note: If you do not provide access to the Internet for interface C, use the Web Security module of the Forcepoint Security Manager to configure P1 to download the Master URL Database from Forcepoint servers. Email mode: Configure E1 or P1* to download antispam and antivirus database updates. Configuring these interfaces to access the Internet for database downloads is done through the CLI and through the Security Manager. See the CLI guide for information about configuring the interfaces. See the Administrator Help for the Web Security module and the Administrator Help for the Email Security module for information about configuring database downloads. *On a V5000, use P1; there is no E1 interface.
Primary DNS server for network interface C (IP address)
Secondary DNS server for network interface C (IP address) Optional
Tertiary DNS server for network interface C (IP address) Optional
Unified password With Forcepoint Email Security and Forcepoint URL Filtering, the password applies to the CLI. With Forcepoint Web Security the password applies to the CLI and Content Gateway manager. Password length: 8 to 15 characters Include at least one of each of the following: Uppercase character Lowercase character Number Special character, such as ! # % & + / [ ] < = > Exclude all of the following: The user name of any appliance service account (e.g., admin, root, tech-support, audit) Common appliance-related terms (e.g., appliance, filtering) The name of the appliance and Forcepoint services (e.g., PolicyBroker or NetworkAgent) The device’s hostname The special characters: space $ : ` \ " Do not repeat the previous 3 passwords
For sites using Forcepoint URL Filtering, the integration method. Choose one: Standalone (Network Agent only) Microsoft TMG Cisco ASA Citrix	Choose your third-party integration product, if any.
Send usage statistics?	Usage statistics from appliance modules can optionally be sent to Forcepoint to help improve the accuracy of URL categorization.
For sites using Forcepoint Web Security or Forcepoint URL Filtering, the policy mode of the appliance. Full policy mode User directory and filtering Filtering only	Important: There is only one full policy source machine per deployment. Most sites locate the full policy source installation on a Windows server (off-appliance). An alternative is to configure a V Series or X Series appliance (typically located in Slot-1). The policy mode of remaining appliances is chosen during each appliance’s firstboot.

Run firstboot

Access the appliance console.
- With V Series or X Series appliances, use one of these options.
  - iDRAC: Access the appliance iDRAC and open the virtual console. See Using the iDRAC.
  - Attach a USB keyboard and monitor directly to the appliance.
  - Attach a keyboard and monitor through the serial port.
    Note:
    For serial port activation, use:
    - 9600 baud rate
    - 8 data bits
    - no parity
- With a VMware virtual appliance, access the console with the vSphere Client. In vSphere Client, select the virtual machine, open the Console, and click into the window to give it focus.
When prompted, read and accept the subscription agreement.
At the first prompt, select the security mode. You must have a subscription for the mode you select.
On an X10G, V20000, or V10000 appliance, the choices are:
1. Forcepoint Web Security
2. Forcepoint Email Security
On a V5000 appliance, the choices are:
1. Forcepoint Web Security
2. Forcepoint Email Security
3. Forcepoint URL Filtering
On a VMWare virtual appliance, the choices can include:
1. Forcepoint Email Security
2. Forcepoint Web Security
Continue to follow the on-screen prompts using the information collected above.
At the prompt for setting the system time, you have the option to either configure an NTP server or set the time manually.
Note: If the appliance management interface (C), configured in firstboot, does not have connectivity to the Internet, set the time manually.

Because all Forcepoint servers in the deployment must be time-synchronized to within 2 minutes, it is recommended that an NTP service be configured for all Forcepoint servers. If necessary, you can configure NTP in the CLI after firstboot.

To configure DHCP for the C interface:

Enter yes to the firstboot prompt during network configuration. The network will be queried for a DHCP server and lease. A table will display, listing key DHCP lease values, including IP address, subnet mask, gateway, and DNS servers.
To continue with these values, enter yes. To query for another lease, enter no.
Continue following the on-screen firstboot prompts.
Note: DHCP is only supported on the virtual appliance platform for Email and DLP Analytics Engine.

After confirming the settings, the wizard applies the configuration and installs the Forcepoint security modules.

Note: Occasionally, due to an I/O timer in the virtual console software, during the software provisioning process firstboot output to the console may stop. To restart console output, simply press Enter.

After the wizard completes, stay in the console and log on to the CLI using the password you set during firstboot.

You are now ready for Task 4: Configure Appliances (post-firstboot).