Contact the Management Server in a web browser

Provide the necessary information to allow the NGFW Engine to establish contact with the Management Server.

Note: If you imported a configuration file, the information is filled in automatically.
Important: If there is a firewall between this engine and the Management Server, make sure that the intermediate firewall’s policy allows the initial contact and all subsequent communications.

Steps

  1. Select when you want the appliance to make contact with the Management Server.
    • At the end of this session — The appliance makes contact after you confirm the entered information.
    • After the appliance restarts — The appliance makes contact after you confirm the entered information and the appliance restarts.
  2. Enter the one-time password generated by the SMC.
    Note: The one-time password is engine-specific and can be used only for one initial connection to the Management Server. After initial contact has been made, the engine receives a certificate from the SMC for identification. If the certificate is deleted or expires, repeat the initial contact using a new one-time password.
  3. (Optional if you set the appliance to attempt to make contact at the end of this session) Enter the SHA-512 fingerprint generated by the SMC.
    Filling in the certificate fingerprint increases the security of the communications.
  4. If the NGFW Engine uses a modem for management contact, define the modem settings.
    1. Highlight Settings, then press Enter.
    2. On the Modem Settings page, enter the PIN code, then select OK.
      The same PIN code must be configured in the properties of the modem interface in the Management Client.
    3. Highlight OK, then press Enter.
  5. Select Next.
  6. Review the configuration summary, then continue the configuration in one of the following ways:
    • If you set the initial contact to be made at the end of this session, select Finish and Contact the Management Server.
    • If you set the initial contact to be made after the appliance restarts, select Apply Configuration and Finish.
  7. If you set the initial contact to be made after the appliance restarts, after the configuration has been applied, select Finish and Turn Off.
    When you turn the appliance back on, the appliance makes the initial contact.
  8. If you set the initial contact to be made at the end of this session, and if you did not previously enter the SHA-512 fingerprint generated by the SMC, verify that the fingerprint shown matches, then select Finish and Proceed.
    Note: If you do not select Finish and Proceed within the timeout, the Reject option is used, and you must make the initial contact again.

Result

After the initial contact has been made successfully, the NGFW Configuration Wizard shuts down and the Ethernet port used to connect to the appliance is released for regular use.

If you set the initial contact to be made at the end of this session, a notification is shown in the web browser. If you set the initial contact to be made after the appliance restarts, the notification is not shown.

The engine element’s status changes in the Management Client from Unknown to No Policy Installed. The connection state is Connected, indicating that the Management Server can connect to the node.

Note: If the status remains Unknown, run the NGFW Configuration Wizard again, and review the settings. All settings can be changed, except for the engine role. To change the engine role, you must first reset the appliance to factory default settings.

Next steps

After the appliance has been configured, install a policy on the engine using the Management Client.