Contact the Management Server on the command line

Provide the necessary information to allow the Secure SD-WAN Engine to establish contact with the Management Server.

Before the engine can make initial contact with the Management Server, you activate the initial configuration on the engine. The initial configuration contains the information that the engine requires to connect to the Management Server for the first time.

If the initial configuration was imported from a USB drive, most of the options on the Prepare for Management Contact page are filled in.
Important: If there is a firewall between this engine and the Management Server, make sure that the intermediate engine's policy allows the initial contact and all subsequent communications.

Steps

  1. If the control IP address is dynamic, select DHCPv4, SLAAC (IPv6), or DHCPv6.
    Note: The same protocol must be selected in the IP address properties in the Management Client.
  2. If the Secure SD-WAN Engine uses PPP for management contact, define the PPPoE settings.
    1. Highlight the PPPoE v4 Settings or PPPoE v6 Settings as required, and then press Enter.
    2. On the PPPoE Settings dialog-box, fill in the account details according to the information you have received from your service provider.
    3. Highlight OK, then press Enter.
  3. If the Secure SD-WAN Engine uses a modem for management contact, define the modem settings.
    1. Highlight Settings, then press Enter.
    2. On the Modem Settings page, enter the PIN code, then select OK.
      The same PIN code must be configured in the properties of the modem interface in the Management Client.
    3. Highlight OK, then press Enter.
  4. If the control IP address is static, select Enter node IP address manually, then define the IP address of the Secure SD-WAN node.
    1. In the IP Address field, enter the IP address.
    2. In the Netmask/Prefix Length field, enter the netmask (IPv4) or prefix length (IPv6) of the network.
    3. If the Management Server is not in a directly connected network, enter the IP address of the next-hop gateway in the Gateway to management field.
  5. If the control IP address is on a VLAN interface, select Use VLAN, Identifier, then enter the VLAN ID.
  6. Select Contact or Contact at Reboot, then press the spacebar.
  7. Enter the Management Server IP address or FQDN in the IP address/FQDN field.
  8. (Optional) Enter the DNS server IP address for engine to use if Management Server was specified using FQDN.
  9. Enter the Management Server one-time password.
    Note: The one-time password is engine-specific and can be used only for one initial connection to the Management Server. After initial contact has been made, the engine receives a certificate from the SMC for identification. If the certificate is deleted or expires, repeat the initial contact using a new one-time password.
  10. (Optional) To use 256-bit encryption for the connection to the Management Server, select 256-bit Security Strength, then press the spacebar.
    Note: 256-bit encryption must also be enabled for the Management Server in the SMC.
  11. (Optional) Highlight Edit Fingerprint, then press Enter. Fill in the Management Server’s certificate fingerprint (also shown when you saved the initial configuration).
    Filling in the certificate fingerprint increases the security of the communications.
  12. Highlight Finish, then press Enter.
    The engine now tries to make initial contact with the Management Server. The progress is displayed on the command line. If you see a connection refused message, make sure that the one-time password is correct and the Management Server IP address is reachable from the node. Save a new initial configuration if you are unsure about the password.
    Note: If the initial management contact fails for any reason, you can start the configuration again with the sg-reconfigure command.

Result

After you see notification that Management Server contact has succeeded, the engine installation is complete and the engine is ready to receive a policy.

The engine element’s status changes in the Management Client from Unknown to No Policy Installed. The connection state is Connected, indicating that the Management Server can connect to the node.

Next steps

Install a policy on the engine using the Management Client