Options for initial configuration

You can configure the Forcepoint NGFW software using plug-and-play configuration, automatic configuration, or the NGFW Configuration Wizard.

Forcepoint NGFW appliances come with Forcepoint NGFW software installed. If you have an NGFW Engine license, you can configure the engine in any of the three NGFW Engine roles. If you have a license for a specific type of engine (Firewall/VPN or IPS), you can only use the engine in that specific role.

There are three ways to configure the Forcepoint NGFW software.
  • Plug-and-play configuration — The Forcepoint NGFW appliance automatically connects to the Installation Server, downloads the initial configuration file, then contacts the Management Server.

    You must have Forcepoint NGFW appliances and proof-of-serial codes to use plug-and-play configuration. Plug-and-play configuration is only supported for single NGFW Engines in the Firewall/VPN role that have a dynamic control IP address.

    Note: There are special considerations when using plug-and-play configuration. For example, both the SMC and the NGFW Engines must be registered for plug-and-play configuration before you configure the engines. See Knowledge Base article 9662.
  • Automatic configuration — You can configure Forcepoint NGFW appliances automatically with a USB drive that contains the initial configuration files.
  • NGFW Configuration Wizard — If it is not possible to use plug-and-play configuration or automatic configuration, or you do not want to use them, you can use the NGFW Configuration Wizard. You can use the NGFW Configuration Wizard in two ways:
    • Connect a serial cable to the appliance and use the NGFW Configuration Wizard on the command line.
    • Connect an Ethernet cable to the appliance and use the NGFW Configuration Wizard in a web browser.

Before a policy can be installed on the appliance, you must configure some permanent and some temporary network settings for the engine.

To successfully complete the initial configuration:

  1. The SMC must be installed.
  2. The NGFW Engine elements (Firewall, IPS, or Layer 2 Firewall elements) must be defined in the Management Client.
  3. Engine-specific configuration information must be available from the Management Server. The required information depends on the configuration method.
    • For plug-and-play configuration, the initial configuration file for the NGFW Engine must be uploaded to the Installation Server.
    • For automatic configuration, you must have saved the initial configuration file on a USB drive.
    • For the NGFW Configuration Wizard, you must have a one-time password for the engine.

The appliance must contact the Management Server before it can be operational.