Provide the necessary information to allow the Secure SD-WAN Engine to establish contact with the
Management Server.
Before the engine can make initial contact with the Management Server, you activate the initial configuration on the engine. The initial
configuration contains the information that the engine requires to connect to the Management Server for the first time.
If the initial configuration was imported from a USB drive, most of the options on the
Prepare for Management Contact page are filled in.
Important: If there is
a firewall between this engine and the Management Server, make sure that the intermediate engine's policy allows the initial contact and all subsequent communications.
Steps
-
If the control IP address is dynamic, select
DHCPv4,
SLAAC (IPv6), or
DHCPv6.
Note: The same protocol must be selected in the IP address properties in the Management Client.
-
If the Secure SD-WAN Engine uses PPP for management contact, define the PPPoE settings.
-
Highlight the PPPoE v4 Settings or PPPoE v6 Settings as required, and then press Enter.
-
On the PPPoE Settings dialog-box, fill in the account details according to the information you have received from your service provider.
-
Highlight OK, then press Enter.
-
If the Secure SD-WAN Engine uses a modem for management contact, define the modem settings.
-
Highlight Settings, then press Enter.
-
On the Modem Settings page, enter the PIN code, then select OK.
The same PIN code must be configured in the properties of the modem interface in the Management Client.
-
Highlight OK, then press Enter.
-
If the control IP address is static, select Enter node IP address manually, then define the IP address of
the Secure SD-WAN node.
-
In the IP Address field, enter the IP address.
-
In the Netmask/Prefix Length field, enter the netmask (IPv4) or prefix length (IPv6) of the
network.
-
If the Management Server is not in a directly connected network, enter the IP address of the next-hop gateway in the
Gateway to management field.
-
If the control IP address is on a VLAN interface, select Use VLAN, Identifier, then enter the VLAN ID.
-
Select Contact or Contact at Reboot, then press the spacebar.
-
Enter the Management Server IP address or FQDN in the IP address/FQDN field.
-
(Optional) Enter the DNS server IP address for engine to use if Management Server was specified using FQDN.
-
Enter the Management Server one-time password.
Note: The one-time password is engine-specific and can be used only for one initial connection to the Management Server. After initial contact has been made, the engine receives a
certificate from the SMC for identification. If the certificate is deleted or expires, repeat the initial contact using a new
one-time password.
-
(Optional) To use 256-bit encryption for the connection to the Management Server, select 256-bit Security
Strength, then press the spacebar.
Note: 256-bit encryption must also be enabled for the Management Server in the SMC.
-
(Optional) Highlight Edit Fingerprint, then press Enter. Fill in the Management
Server’s certificate fingerprint (also shown when you saved the initial configuration).
Filling in the certificate fingerprint increases the security of the communications.
-
Highlight Finish, then press Enter.
The engine now tries to make initial contact with the Management Server. The progress is displayed on the command line. If you see a
connection refused message, make sure that the one-time password is correct and the Management Server IP address is reachable from
the node. Save a new initial configuration if you are unsure about the password.
Note: If the initial management contact fails for
any reason, you can start the configuration again with the sg-reconfigure command.
Result
After you see notification that Management Server contact has succeeded, the engine installation is complete and the engine is ready to
receive a policy. The engine element’s status changes in the Management Client from Unknown to No
Policy Installed. The connection state is Connected, indicating that the Management Server can
connect to the node.
Next steps
Install a policy on the engine using the Management Client