Prepare for automatic configuration

To use automatic configuration, save the initial configuration files on a USB drive.

When you save the initial configuration for an Secure SD-WAN Engine cluster, the Management Server generates initial configuration files for all nodes at the same time. You can save all the initial configuration files on the same USB drive. When you apply the initial configuration to individual nodes, each node uses the initial configuration files on the USB drive in order.

Note: If you are configuring multiple Secure SD-WAN Engine clusters, you must save the initial configuration files for each cluster on a separate USB drive.

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. In the Management Client, select Configuration.
  2. Right-click the Secure SD-WAN Engine for which you want to save the initial configuration, then select Configuration > Save Initial Configuration.
  3. (Optional) If you already have a policy you want to use for the engine, click Select, then select a policy as the initial security policy.
    The selected policy is automatically installed on the engine after the engine has contacted the Management Server.
  4. From the Local Time Zone drop-down list, select the time zone.
    The time zone selection is used only for converting the UTC time that the engines use internally for display on the command line. All internal operations use UTC time, which is synchronized with the Management Server’s time after the engine is configured. For external operations, engines use the time zone of their geographical location.
  5. From the Keyboard Layout drop-down list, select the keyboard layout used for the engine command line.
  6. (Optional) Select Enable SSH Daemon to allow remote access to the engine command line.
    • Enabling SSH in the initial configuration gives you remote command-line access in case the configuration is imported correctly, but the engine fails to establish contact with the Management Server.
    • After the engine is fully configured, you can set SSH access on or off using the Management Client. We recommend that you enable the SSH access in the Management Client when needed and disable the access again when you are finished. Make sure that your access rules allow SSH access to the engines from the administrators’ IP addresses only.
    CAUTION:
    If you enable SSH, set the password for command-line access after the initial configuration either through the Management Client or by logging on to the command line. When the password is not set, anyone with SSH access to the engine can set the password.
  7. Click Save As, then save the configuration file or files to the root directory of a USB drive.
    Do not change the default file name. Use a separate USB drive for each single Secure SD-WAN Engine or Secure SD-WAN Engine cluster.
    CAUTION:
    Handle the configuration files securely. They include the one-time password that allows establishing trust with your Management Server.
  8. Click Close.

Next steps

Configure the Secure SD-WAN Engine software using automatic configuration.