Save the initial configuration and generate the one-time password

Save the initial configuration to establish a management connection for Secure SD-WAN Engines.

Saving the initial configuration generates the one-time password required for manual configuration using the Secure SD-WAN Configuration Wizard. You can alternatively upload the configuration details to the Installation Server or save them, for example, on a USB drive.

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Select Dashboard > Engines.
  2. Save the initial configuration information:
    • For an individual Secure SD-WAN Engine node, right-click the node, then select Save Initial Configuration.
    • For all the Secure SD-WAN Engines in a cluster, right-click the top-level cluster element, then select Configuration > Save Initial Configuration.
  3. To manually enter details in the Secure SD-WAN Configuration Wizard or if the engine already has the correct configuration, select View Details, then write down the one-time password.
  4. Configure the settings.

Next steps

  • If you selected to upload the initial configuration to the Installation Server, connect the cables, then turn on the appliance. The appliance contacts the Installation Server and downloads the initial configuration.
  • To configure the appliance automatically using a USB drive, turn on the appliance with a USB drive inserted.
  • If you manually saved the details, turn on the appliance and import the configuration to the Secure SD-WAN Configuration Wizard.
For more information, see the Forcepoint FlexEdge Secure SD-WAN Installation Guide.

Save or Upload Initial Configuration dialog box

Use the information in the following table when you want to save the initial configuration of an Secure SD-WAN Engine.

Option Definition
View Details Opens the Initial Configuration Details dialog box. You can view and copy the one-time password that secures communication between the Management Server and the Secure SD-WAN Engine.
Initial Security Policy

(Optional)

The policy to be installed automatically. Click Select to select an element.
Local Time Zone Select a local time zone for commands you enter on the command line.
Note: This setting only applies to the local console. Secure SD-WAN Engines always use UTC (GMT) time internally. The clock on the local console is automatically synchronized with the Management Server time.
Keyboard Layout Select a language to specify the layout of the keyboard used with the local console.
Enable SSH Daemon

(Optional)

 When selected, allows remote access to the Secure SD-WAN Engine command line for troubleshooting purposes.
  • You can enable and disable remote command-line access at any time after management contact is established through the right-click menu of the Secure SD-WAN Engine. We recommend that you disable SSH access whenever it is not needed. Make sure that your Access rules allow SSH access to the Secure SD-WAN Engines from the administrators’ IP addresses only.
  • The Template policies do not allow these connections. However, the temporary policy activated immediately after the Secure SD-WAN Engine’s initial configuration (active until you install the working policy) allows SSH access from the Management Server’s IP address. Alternatively, you can upload a working policy to be automatically installed after it has contacted the Management Server.
CAUTION:
If you enable SSH, set the password for command-line access after the initial configuration either through the Management Client or by logging on to the command line. When the password is not set, anyone with SSH access to the Secure SD-WAN Engine can set the password.
USB Drive Installation Click Save As to save the configuration file to a USB drive. When you turn on the Secure SD-WAN appliance with the USB drive inserted, it automatically imports and installs the initial configuration and makes initial contact with the Management Server.
Installation Cloud

(Plug-and-play configuration method, only Single Engines that have a dynamic control IP address)

Click Upload to upload the initial configuration to the Installation Server. When you turn on the Secure SD-WAN appliance, it automatically downloads and installs the initial configuration and makes initial contact with the Management Server.
Note: There are special considerations when using plug-and-play configuration. For example, both the SMC and the Secure SD-WAN Engines must be registered for plug-and-play configuration before you configure the engines. See Knowledge Base article 9662.
Manual Installation Select from the following options.
  • Copy to Clipboard — Copies the configuration details to the clipboard.
  • Save As — Opens the Save Initial Configuration dialog box, where you can specify where to save the file that contains the configuration details.

Initial Configuration Details dialog box

Use this dialog box to view and copy the initial configuration details.

Option Definition
Engine Node Shows the name of the selected Secure SD-WAN Engine node.
One-Time Generated Password Shows the one-time password required when the Secure SD-WAN Engine connects to the Management Server. To copy the password, right-click the password, then select Copy Password. The password is required when the Secure SD-WAN Engine is configured manually using the Secure SD-WAN Configuration Wizard.
Management Server Addresses The IP address of the Management Server that the Secure SD-WAN Engine contacts after the initial configuration.
Management Server Certificate Fingerprint The certificate fingerprint that secures Management Server communications.