Install the SMC Appliance

The SMC Appliance ships with the Management Server and a Log Server pre-installed on it. Starting the SMC Appliance initiates an installation wizard.

Before you begin

Prepare the appliance for installation:
  • Determine the appliance networking information:
    • IPv4 network addresses
    • IPv4 network masks
    • (Optional) Default gateway address
    • (Optional) DNS server addresses
  • Mount the appliance in a rack.
  • Connect the network and console cables.
  • Access the appliance through a KVM or the integrated Dell Remote Access Controller (iDRAC) port.
See the Forcepoint NGFW Security Management Center Appliance Hardware Guide for complete details.

Steps

  1. Turn on the SMC Appliance.
  2. Accept the EULA.
  3. Select Begin, then press Enter.
  4. Select the keyboard layout for accessing the SMC Appliance on the command line.
  5. Enter the administrator account name and password.
    Note: The administrator account and password are used for command line access to the SMC Appliance and for access to the Management Client. The administrator account is created with unrestricted permissions (superuser).
    1. Enter the account name.
      This field is case sensitive and limited to eight characters.
    2. Enter the password.
      The password is case sensitive. The password must be at least ten characters long and contain at least one number.
    3. Enter the password again.
  6. (Optional) Configure a bootloader password.
    If you configure a bootloader password, you must enter the bootloader password to edit the options that appear in the bootloader menu of the SMC Appliance.
    1. Press the space bar to configure a bootloader password.
    2. Enter the password.
    3. Enter the password again.
  7. Make your security selections.
    1. To run the appliance in FIPS mode, select Enable FIPS configuration restrictions.
      Note: This option only is for environments that are required to follow FIPS standards. Do not enable this option unless you have a specific reason to do so.
    2. To use 256-bit security strength, select Enable 256-bit security strength.
      This option is enabled by default.
      Note: The security strength is for the connection to the NGFW Engines. The engines must also use 256-bit security strength.
    3. To use external certificate management for internal communication between system components, select Use External Certificate Authority.
      When enabled, the appliance uses certificates issued by an external CA instead of certificates generated by the internal CA on the Management Server for internal TLS communication between system components.
      Note: Using this option requires additional configuration after installation. For more information, see Installing the SMC with external certificate management .
    4. To encrypt the disk, select Enable disk encryption.
    5. To use a restricted command line shell that prevents administrators from running arbitrary commands, select Enable restricted shell.
      The restricted shell has a limited set of commands that include patching utilities, appliance maintenance, service handling, and other basic functionality. When the restricted shell is enabled, all administrator accounts that you create in the SMC automatically use the restricted shell.
  8. To enable network interface configuration, select Disabled, then press Enter.
  9. Complete the network interface configuration for the primary network interface for management.
    1. Select Enable interface.
    2. Select Primary.
    3. Complete the network configuration fields for the interface.
  10. (Optional) Complete the network interface configuration for the secondary network interface for management.
    1. Select Enable interface.
    2. Select Secondary.
    3. Complete the network configuration fields for the interface.
  11. Enter a host name for the Management Server.
  12. (Optional) Enter one or more IPv4 or IPv6 addresses in the DNS server fields.
    Note: CIDR notation is not allowed.
  13. (Optional) If you do not want to use NTP, disable it in the NTP settings.
    Note: NTP settings that you configure in the installation wizard are not visible in the Management Client. Configuring NTP in the Management Client overrides the NTP settings that you configure here.
  14. Select the time zone.
  15. Set the date and time.
    You are prompted to review the configuration.
  16. Select Confirm, then press Enter.

Result

When the installation is complete, the SMC Appliance restarts.