Install the Management Server

Continue the installation in the Installation Wizard to configure the options for the Management Server.

Steps

  1. Configure the settings, then click Next.
    Option Description
    Select Management Server IP Address Select the server’s IP address from the drop-down list. If you use IP address binding, the server’s license must be generated with this IP address as the binding.
    Log Server IP Address Enter the IP address of the Log Server to which this server sends its log data.
    Advanced Management Server Options When selected, you can configure additional options on another page. Select this option if you want to:
    • Disable the use of 256-bit encryption for communication between the Management Server and the Secure SD-WAN Engines.
    • Enable the use of SMC Web Access to run the Management Client in a web browser.
    • (Linux only) Enable integrating NSX-V with Secure SD-WAN.
    Install as an Additional Management Server for High Availability When selected, you can configure additional options on another page.
    Enable FIPS Configuration Restrictions You must enable this option to use the SMC in FIPS mode.
    Install the Management Server as a Service When selected, the server starts automatically.
  2. If you selected Advanced Management Server Options on the previous page, select the features to enable, then click Next.
    Option Description
    Enable and Configure SMC Web Access When enabled, administrators can access the SMC in a web browser. You can run the Management Client in a web browser instead of installing the Management Client locally. On Linux platforms, xvfb-run must be installed under /usr/bin. You can specify another path in the Management Server properties after the installation has completed.
    Enable OWASP encoding When enabled, the SMC API uses the OWASP encoder in responses. Using the OWASP encoder reduces the risk of cross site scripting (XSS) attacks when you use the SMC API in a web browser.
    Note: When you enable this option, some strings in data returned by the SMC API, such as special characters inside JSON payloads, are also encoded. We recommend enabling this option only if you use the SMC API in a web browser.
    Enable NSX Service

    (Linux only)

    When enabled, allows integrating NSX-V with Secure SD-WAN.
    256-bit Security Strength When enabled, 256-bit encryption is used for communication between the Management Server and the Secure SD-WAN Engines. This option is selected by default.
  3. If you enabled SMC Web Access, configure the settings, then click Next.
    Option Description
    Port Number

    Enter the TCP port number that the service listens to.

    By default, port 8085 is used when SMC Web Access is enabled on the Management Server and port 8083 when enabled on the Web Portal Server.

    Note: Make sure that the listening port is not in use on the server.
    Host Name

    (Optional)

    Enter the host name that the service uses. Leave the field blank to allow requests to any of the server’s host names.
    Certificate Distinguished Name Administrators must use an HTTPS connection to access and use the Management Client. Enter the distinguished name in LDAP string format for the certificate used to secure the HTTPS connection. Example: dn=smc,dc=demo,dc=com
    Certificate Algorithm Select the algorithm and key length for the certificate used to secure the HTTPS connection.
    Certificate Signer Select the signer for the certificate used to secure the HTTPS connection. You can use the Internal Certificate Authority or the certificate can be self-signed.
  4. Enter a user name and password to create a superuser account, then click Next.
    Important: This is the only account that an administrator can use to log on after the installation has been completed.