Install a Management Server
Continue the installation in the Installation Wizard to configure the options for the Management Server.
Steps
-
Configure the settings, then click Next.
Option Description Select Management Server IP Address Select the server’s IP address from the drop-down list. If you use IP address binding, the server’s license must be generated with this IP address as the binding. Log Server IP Address Enter the IP address of the Log Server to which this server sends its log data. Advanced Management Server Options When selected, you can configure additional options on another page. Select this option if you want to: - Disable the use of 256-bit encryption for communication between the Management Server and the NGFW Engines.
- Enable the use of SMC Web Access to run the Management Client in a web browser.
- (Linux only) Enable integrating NSX-V with Forcepoint NGFW.
Install as an Additional Management Server for High Availability When selected, you can configure additional options on another page. For more information, see the section about adding a Management Server for high availability. Enable FIPS Configuration Restrictions When selected, restrictions for a FIPS-compatible environment are enabled. Note: This option only is for environments that are required to follow FIPS standards. Do not enable this option unless you have a specific reason to do so.Use External Certificate Authority When selected, the SMC uses certificates issued by an external CA instead of certificates generated by the internal CA on the Management Server for internal TLS communication between system components. Note: In SMC 6.10, this feature is only available when you use the SMC Appliance.Note: Using this option requires additional configuration after installation. For more information, see Installing the SMC with external certificate management .Install the Management Server as a Service When selected, the server starts automatically. -
If you selected Advanced Management Server Options on the previous page, select the features to enable, then click Next.
Option Description Enable and Configure SMC Web Access When enabled, administrators can access the SMC in a web browser. You can run the Management Client in a web browser instead of installing the Management Client locally. On Linux platforms, xvfb-run must be installed under /usr/bin. You can specify another path in the Management Server properties after the installation has completed. Enable OWASP encoding When enabled, the SMC API uses the OWASP encoder in responses. Using the OWASP encoder reduces the risk of cross site scripting (XSS) attacks when you use the SMC API in a web browser. Note: When you enable this option, some strings in data returned by the SMC API, such as special characters inside JSON payloads, are also encoded. We recommend enabling this option only if you use the SMC API in a web browser.Enable NSX Service (Linux only)
When enabled, allows integrating NSX-V with Forcepoint NGFW. 256-bit Security Strength When enabled, 256-bit encryption is used for communication between the Management Server and the NGFW Engines. This option is selected by default. -
If you enabled SMC Web Access, configure the settings, then click Next.
Option Description Port Number Enter the TCP port number that the service listens to.
By default, port 8085 is used when SMC Web Access is enabled on the Management Server and port 8083 when enabled on the Web Portal Server.
Note: Make sure that the listening port is not in use on the server.Host Name (Optional)
Enter the host name that the service uses. Leave the field blank to allow requests to any of the server’s host names. Certificate Distinguished Name Administrators must use an HTTPS connection to access and use the Management Client. Enter the distinguished name in LDAP string format for the certificate used to secure the HTTPS connection. Example: dn=smc,dc=demo,dc=com Certificate Algorithm Select the algorithm and key length for the certificate used to secure the HTTPS connection. Certificate Signer Select the signer for the certificate used to secure the HTTPS connection. You can use the Internal Certificate Authority or the certificate can be self-signed. -
Enter a user name and password to create a superuser account, then click Next.
Important: This is the only account that an administrator can use to log on after the installation has been completed.