Reconfigure Secure SD-WAN Engine settings

On the command line of the Secure SD-WAN Engine, you can use the Secure SD-WAN Configuration Wizard to change settings that were defined during the installation of the Secure SD-WAN Engine.

The Secure SD-WAN Configuration Wizard also allows you to re-establish a trust relationship between the Secure SD-WAN Engine and the Management Server if the trust is lost.

Note: On Secure SD-WAN Engines that are fully configured, you can change each setting individually without changing the other settings. All steps are optional.

Steps

  1. Start the Secure SD-WAN Configuration Wizard using one of the following commands:
    • sg-reconfigure --no-shutdown — The Secure SD-WAN Configuration Wizard starts without shutting down the Secure SD-WAN Engine. You cannot change network interface settings in this mode.
    • sg-reconfigure — The Secure SD-WAN Engine shuts down and the Secure SD-WAN Configuration Wizard starts. All options are available if you have a local connection. If you have a remote SSH connection, you cannot change network interface settings.
  2. Change the general settings.
    • Change the keyboard layout for command-line use.
    • Change the time zone for command-line use.
    • Change the host name of the engine.
    • Enable or disable SSH access to the engine command line.
      Note: Unless you have a specific reason to enable SSH access to the engine command line, we recommend leaving it disabled.
  3. Change the password for the root user account.
    1. Highlight Change, then press Enter.
    2. Enter and confirm the new password for the root user account.
    3. Highlight OK, then press Enter.
  4. Change the bootloader password.
    The bootloader password prevents unauthorized editing of parameters in the second-level grub menu on the Secure SD-WAN Engine.
    1. Highlight Change, then press Enter.
    2. Enter and confirm the new bootloader password.
    3. Highlight OK, then press Enter.
  5. Change the network card settings and the mapping of network cards to Interface IDs.
  6. Change the settings on the Prepare for Management Contact screen.
    Note: The Management Server contact details are not used by the Secure SD-WAN Engine after a policy has been installed from the Management Server. They are shown for your reference only.
    • To re-establish the trust relationship between the Secure SD-WAN Engine and the Management Server, select Contact Management Server, then enter a new one-time password.
      Select this option when you want to replace a missing or expired certificate, or if the trust relationship with the Management Server is lost for any other reason, such as changing the Management Server’s IP address.
      CAUTION:
      If there is a Engine or Layer 2 Engine between a remote Secure SD-WAN Engine and the Management Server, you must allow the connection in the Engine or Layer 2 Engine Access rules. If there is a NAT device between a remote Secure SD-WAN Engine and the Management Server, you must also configure NAT rules for the connection in the Engine Policy. Otherwise, the Secure SD-WAN Engine cannot contact the Management Server.
    • To reset the Secure SD-WAN Engine to the post-installation state, select Switch to Initial Configuration.
      CAUTION:
      Selecting this option removes all configuration and policy information that has been transferred to the Secure SD-WAN Engine. The post-installation state uses a policy that allows communication only between the Secure SD-WAN Engine and the Management Server. You must install a policy on the Secure SD-WAN Engine before it can be operational again.