To use automatic configuration, save the initial configuration files on a USB drive.
When you save the initial configuration for an NGFW Engine cluster, the Management Server generates initial configuration files for all
nodes at the same time. You can save all the initial configuration files on the same USB drive. When you apply the initial configuration to individual nodes, each node uses the
initial configuration files on the USB drive in order.
Note: If you are configuring multiple NGFW Engine clusters, you must save the initial configuration files for each cluster on a separate USB
drive.
For more details about the product and how to configure features, click Help or
press F1.
Steps
-
In the Management Client, select Configuration.
-
Right-click the NGFW Engine for which you want to save the initial configuration, then select .
-
(Optional) If you already have a policy you want to use for the engine, click Select, then select a policy
as the initial security policy.
The selected policy is automatically installed on the engine after the engine has contacted the Management Server.
-
From the Local Time Zone drop-down list, select the time zone.
The time zone selection is used only for converting the UTC time that the engines use internally for display on the command line. All internal operations use UTC time, which is
synchronized with the Management Server’s time after the engine is configured. For external operations, engines use the time zone of their geographical location.
-
From the Keyboard Layout drop-down list, select the keyboard layout used for the engine command line.
-
(Optional) Select Enable SSH Daemon to allow remote access to the engine command line.
- Enabling SSH in the initial configuration gives you remote command-line access in case the configuration is imported
correctly, but the engine fails to establish contact with the Management Server.
- After the engine is fully configured, you can set SSH access on or off using the Management Client. We recommend that you enable the SSH access in the Management Client when needed and
disable the access again when you are finished. Make sure that your access rules allow SSH access to the engines from the administrators’ IP addresses only.
CAUTION:
If you enable SSH, set the password for command-line access after the initial configuration either through
the Management Client or by logging on to the command line. When the password is not set, anyone with SSH access to the engine
can set the password.
-
Click Save As, then save the configuration file or files to the root directory of a USB drive.
Do not change the default file name. Use a separate USB drive for each single
NGFW Engine or
NGFW Engine cluster.
CAUTION:
Handle the configuration files securely. They include the one-time password
that allows establishing trust with your Management Server.
-
Click Close.
Next steps
Configure the Forcepoint NGFW software using automatic configuration.