Options for initial configuration

You can configure the Security Engine software using plug-and-play configuration, automatic configuration, or the Security Engine Configuration Wizard.

Security Engine appliances come with Security Engine software installed. If you have an Security Engine license, you can configure the engine in any of the three Security Engine roles. If you have a license for a specific type of Security Engine with multiple purposes depending on the detailed configuration, you can only use the engine in that specific role.

There are three ways to configure the Security Engine software.
  • Plug-and-play configuration — The Security Engine appliance automatically connects to the Installation Server, downloads the initial configuration file, then contacts the Management Server.

    You must have Security Engine appliances and proof-of-serial codes to use plug-and-play configuration. Plug-and-play configuration is only supported for single Security Engines with Layer 3 Interfaces that have a dynamic control IP address.

    Note: There are special considerations when using plug-and-play configuration. For example, both the SMC and the Security Engines must be registered for plug-and-play configuration before you configure the engines. See Knowledge Base article 9662.
  • Automatic configuration — You can configure Security Engine appliances automatically with a USB drive that contains the initial configuration files.
  • Security Engine Configuration Wizard — If it is not possible to use plug-and-play configuration or automatic configuration, or you do not want to use them, you can use the Security Engine Configuration Wizard. You can use the Security Engine Configuration Wizard in two ways:
    • Connect a serial cable to the appliance and use the Security Engine Configuration Wizard on the command line.
    • Connect an Ethernet cable to the appliance and use the Security Engine Configuration Wizard in a web browser.

Before a policy can be installed on the appliance, you must configure some permanent and some temporary network settings for the engine.

To successfully complete the initial configuration:

  1. The SMC must be installed.
  2. The Security Engine elements (Engine, IPS, or Layer 2 Engine elements) must be defined in the SMC Client.
  3. Engine-specific configuration information must be available from the Management Server. The required information depends on the configuration method.
    • For plug-and-play configuration, the initial configuration file for the Security Engine must be uploaded to the Installation Server.
    • For automatic configuration, you must have saved the initial configuration file on a USB drive.
    • For the Security Engine Configuration Wizard, you must have a one-time password for the engine.

The appliance must contact the Management Server before it can be operational.