Install a Management Server on the command line

Configure the Management Server settings in a command line installation.

Steps

  1. Specify the IP address for the server.
    To use the default option, press Enter. You can also enter a different IP address, then press Enter.
    If IP address binding is used, the server’s license must be generated with this IP address as the binding.
  2. Specify the IP address for the Log Server to which the server sends its log data.
    To use the default option, press Enter. You can also enter a different IP address, then press Enter.
  3. To install as an additional Management Server for high availability, enter Y.
    To install as a standalone Management Server or as the primary Management Server in a high-availability environment, enter N.
  4. To enable OWASP encoding for the SMC API, enter Y. Otherwise, enter N.
    Note: When you enable this option, some strings in data returned by the SMC API, such as special characters inside JSON payloads, are also encoded. We recommend enabling this option only if you use the SMC API in a web browser.
  5. To enable and configure SMC Web Access, enter Y. Otherwise, enter N.
    When enabled, administrators can access the SMC in a web browser. You can run the Management Client in a web browser instead of installing the Management Client locally.
    On Linux platforms, xvfb-run must be installed under /usr/bin. You can specify another path in the Management Server properties after the installation has completed.
  6. If you enabled SMC Web Access, configure the settings.
    Administrators must use an HTTPS connection to access and use the Management Client.
    1. Enter the TCP port number that the service listens to.
      By default, port 8085 is used when SMC Web Access is enabled on the Management Server and port 8083 when enabled on the Web Portal Server.
      Note: Make sure that the listening port is not in use on the server.
    2. Enter the host name that the service uses. Leave the field blank to allow requests to any of the server’s host names.
    3. Enter the distinguished name in LDAP string format for the certificate used to secure the HTTPS connection.
      Example: dn=smc,dc=demo,dc=com
    4. Select the algorithm and key length for the certificate used to secure the HTTPS connection.
      To use the default option, press Enter. You can also select another option, then press Enter.
    5. Select the signer for the certificate used to secure the HTTPS connection.
      You can use the Internal Certificate Authority or the certificate can be self-signed. To use the default option, press Enter. You can also select another option, then press Enter.
  7. To enable 256-bit security strength for communication between the Management Server and NGFW Engines, enter Y. Otherwise, enter N.
  8. (256-Bit Security Strength only) If you are shown a compatibility warning, press Enter to continue, or type back to restart the Management Server configuration and disable 256-bit security strength.
  9. To enable integrating NSX-V with Forcepoint NGFW, enter Y. Otherwise, enter N.
  10. To enable FIPS restrictions, enter Y. Otherwise, enter N.
    Note: This option only is for environments that are required to follow FIPS standards. Do not enable this option unless you have a specific reason to do so.
  11. To install the server as a service, enter Y. Otherwise, enter N.
    When installed as a service, the server starts automatically.
  12. To create a superuser account, enter a user name, then enter and confirm the password.