Connect Security Engines to the SMC

Saving an initial configuration allows you to establish a management connection for Security Engines for the first time. If you are installing a new Security Engine or want to replace a previous working configuration, you can save relevant parts of the configuration on a USB drive and import it during the Security Engine installation.

Saving an initial configuration also allows you to reconnect previously configured Security Engines that have lost the connection. This might be because of a missing or expired certificate or because the internal certificate authority that signs the Security Engine certificates has been renewed and the Security Engines have not yet received a new certificate signed by the new internal certificate authority.

When you save the initial configuration, a one-time password is created. This password is required if you use the Security Engine Configuration Wizard to configure Security Engines.

By default, one-time passwords expire after 30 days if they are not used. You can optionally configure the expiration time in the Global System Properties dialog box.

The one-time password that is created is specific to each Security Engine. Keep track of the passwords. If you mix them up or lose them, you can repeat the procedure and create new initial configurations.

If there is a Engine between the Security Engine and the Management Server, allow the connection in the Engine’s Access rules. If there is a NAT device between the Security Engine and the Management Server, also configure NAT rules for the connection.