6. Define engine elements

Use the Management Client to configure engine elements, then export the initial configuration.

Note: These steps describe the basic process for creating Single Engine, Single IPS, and Single Layer 2 Engine elements. For cluster or virtual elements, see the installation guide.

Steps

  1. Go to https://⁠stonesoftlicenses.forcepoint.com, then generate and download the license files for the engines.
    Note: Each engine requires a separate license. If you use the Plug and Play configuration method, you do not need to create the licenses manually.
  2. Select Menu > System Tools > Install Licenses.
  3. In the dialog box that opens, select one or more license files to install, then click Install.
  4. Add the Secure SD-WAN Engine.
    1. Select Configuration.
    2. Right-click Secure SD-WAN Engines, select New, then select the type of engine.
    3. Enter the name and Log Server information, then configure other options as needed.
  5. Add two or more interfaces.
    1. Select Interfaces, click Add, then select the type of interface (typically Physical).
    2. Configure the interface properties, then click OK.
    Note: Depending on the Secure SD-WAN appliance model, you might need to configure additional interfaces such as wireless interfaces, modem interfaces, or an integrated switch. See the installation guide and the hardware guide for your model.
  6. Add an IP address for each non-wireless interface.
    Note: You cannot add an IP address for modem interfaces. Modem interfaces use DHCP to retrieve an IP address.
    1. Right-click the interface, then select New > IPv4 Address or New > IPv6 Address.
    2. Configure the IP address settings, then click OK.
    3. Save your changes.
  7. If your Secure SD-WAN appliance has a wireless interface, add an IP address to the interface.
    1. Right-click the wireless interface, then select New SSID Interface.
    2. Configure the interface settings.
    3. Right-click the SSID interface, then select New > IPv4 Address or New > IPv6 Address.
    4. Configure the IP address settings, then click OK.
    5. Save your changes.
  8. If your Secure SD-WAN appliance has an integrated switch, add an IP address to the port group interface.
    1. Right-click the switch, then select New Port Group Interface.
    2. Configure the interface settings.
    3. Right-click the port group interface, then select New > IPv4 Address or New > IPv6 Address.
    4. Configure the IP address settings, then click OK.
    5. Save your changes.
  9. Configure routing.
  10. Save the initial configuration.
    1. Select Home.
    2. Right-click the engine, then select Configuration > Save Initial Configuration.
    3. Depending on your method, configure additional information.
      • Automatic — Select the time zone and keyboard layout, click Save As in the USB Drive Installation section, then save the configuration to the root directory of a USB drive.
      • Secure SD-WAN Configuration Wizard — Make note of the one-time password, the Management Server IP address, and the Management Server certificate fingerprint. Click View Details to view this information.
      • Plug and Play — (Single Engines only) Select the time zone and keyboard layout, then click Upload in the Installation Cloud section.
        Note: There are more considerations when selecting Plug and Play. For example, both the SMC and the engines must be registered for Plug and Play configuration before you configure the engines. See Knowledge Base article 9662.
    4. Click OK.