Prepare for NGFW Configuration Wizard configuration
To use the NGFW Configuration Wizard, save the initial configuration file or write down the configuration information for manual configuration.
For more details about the product and how to configure features, click Help or press F1.
Steps
- In the Management Client, select Configuration.
- Right-click the engine for which you want to save the initial configuration, then select Configuration > Save Initial Configuration.
-
To see the one-time passwords and fingerprints, click View Details.
If you plan to import the configuration information, you do not need to write down or copy these details.
-
From the One-Time Password field, write down or copy the one-time password for each engine node.
Make a note of which password belongs to which engine node.
- From the Management Server Addresses field, write down or copy the IP addresses of the Management Server.
- (Optional) From the Management Server Certificate Fingerprint (MD5) or Management Server Certificate Fingerprint (SHA-512) field, write down or copy the fingerprint of the Management Server's certificate.
- Click Close.
-
From the One-Time Password field, write down or copy the one-time password for each engine node.
-
Select the other configuration options.
-
(Optional) If you already have a policy you want to use for the engine, click Select, then select
a policy.
The selected policy is automatically installed on the engine after the engine has contacted the Management Server.
-
From the Local Time Zone drop-down list, select the time zone.
The time zone selection is used only for converting the UTC time that the engines use internally for display on the command line. All internal operations use UTC time, which is synchronized with the Management Server’s time once the engine is configured. For external operations, engines use the time zone of their geographical location.
- From the Keyboard Layout drop-down list, select the keyboard layout used for the engine command line.
-
Select Enable SSH Daemon to allow remote access to the engine command line.
Enabling SSH in the initial configuration gives you remote command-line access in case the configuration is imported correctly, but the engine fails to establish contact with the Management Server. After the engine is fully configured, you can set SSH access on or off using the Management Client. We recommend that you enable the SSH access in the Management Client when needed and disable the access again when you are finished. Make sure that your Access rules allow SSH access to the engines from the administrators’ IP addresses only.CAUTION:If you enable SSH, set the password for command-line access after the initial configuration either through the Management Client or by logging on to the command line. When the password is not set, anyone with SSH access to the engine can set the password.
-
Under Manual Installation, click Save As, then save the configuration file.
CAUTION:Handle the configuration files securely. They include the one-time password that allows establishing trust with your Management Server.Tip: Keep the Save or Upload Initial Configuration dialog box open while you configure the Forcepoint NGFW software.
-
(Optional) If you already have a policy you want to use for the engine, click Select, then select
a policy.