Save the initial configuration details or upload them to Installation Server

Save the initial configuration details to complete the management contact. You can upload the configuration details to the Installation Server or save them, for example, on a USB drive.

Uploading the initial configuration details to the Installation Server is the simplest configuration method. However, this method can only be used with Forcepoint NGFW appliances that support plug-and-play configuration. The method is only available for Single Firewalls that have a dynamic control IP address.

Note: There are special considerations when using plug-and-play configuration. For example, both the SMC and the NGFW Engines must be registered for plug-and-play configuration before you configure the engines. See Knowledge Base article 9662.

Saving the initial configuration details on a USB drive allows automatic configuration by booting the appliance with the USB drive inserted. Alternatively, you can import the configuration details from a USB drive in the NGFW Initial Configuration Wizard.

You can also save the initial configuration details in some other suitable location or on the clipboard. You can then copy and paste them or enter them manually in the NGFW Initial Configuration Wizard.

CAUTION:

The information must be handled securely when saving the initial configuration details on a USB drive or in some other location. The initial configuration files include the one-time password for establishing the trust relationship between the Management Server and the engine.

For more details about the product and how to configure features, click Help or press F1.

Steps

(Optional) If you already have a policy you want to use for the engine, click Select, then select a policy as the initial security policy.
(Optional) Select the Local Time Zone and the Keyboard Layout for use on the command line.
The time zone setting is only for displaying the time on the local console; the engines always use UTC (GMT) time internally. The clock is automatically synchronized to match the Management Server’s time.
(Optional) In the Save or Upload Initial Configuration dialog box, select Enable SSH Daemon to allow remote access to the engine command line. SSH access can be helpful for remote troubleshooting.
- You can enable and disable remote command-line access to the engine at any time after management contact is established through the right-click menu of the engine. We recommend that you disable SSH access whenever it is not needed. Make sure that your Access rules allow SSH access to the engines from the administrators’ IP addresses only.
- The Firewall Template, IPS Template, and Layer 2 Template policies do not allow these connections. However, the temporary policy activated right after the engine’s initial configuration (in force until you install the working policy) allows SSH access from the Management Server’s IP address. Alternatively, you can upload a working policy to be installed on the engine after it has contacted the Management Server.
CAUTION:
If you enable SSH, set the password for command-line access after the initial configuration either through the Management Client or by logging on to the command line. When the password is not set, anyone with SSH access to the engine can set the password.
Save the initial configuration or upload it to the Installation Server:
- If you are using the automatic configuration method, click Save As in the USB Drive Installation section, then click Save to save the initial configuration file on a USB drive.
- (Single Firewalls that have a dynamic control IP address) If you are using the plug-and-play configuration method, select Upload in the Installation Cloud section to upload the initial configuration automatically to the Installation Server.
- If you want to copy and paste the initial configuration details in the NGFW Initial Configuration Wizard or in some other location, click Copy to Clipboard in the Manual Installation section.
- If you want to enter the initial configuration details manually in the NGFW Initial Configuration Wizard, click Save as in the Manual Installation section, then click Save to save the details in a suitable location.
Click Close.
Continue the configuration in one of the following ways:
- If you selected to upload the initial configuration to the Installation Server, connect the cables, then turn on the appliance. The appliance contacts the Installation Server and downloads the initial configuration.
- To configure the appliance automatically using a USB drive, turn on the appliance with a USB drive inserted.
- Otherwise, turn on the appliance and import the configuration to the NGFW Initial Configuration Wizard.
For more information, see the Forcepoint Next Generation Firewall Installation Guide.

Save or Upload Initial Configuration dialog box

Use the information in the following table when you want to save the initial configuration of an NGFW Engine.

Note: Select View Details to view and copy to the clipboard the one-time password that secures communication between the Management Server and the NGFW Engine.

Option	Definition
View Details	Opens the Initial Configuration Details dialog box.
Initial Security Policy (Optional)	Displays the policy to be installed automatically.
Select	Opens the Select Element dialog box, where you can select a policy to be automatically installed.
Local Time Zone (Optional)	Select a local time zone for commands you enter on the command line. Note: This setting only applies to the local console. Engines always use UTC (GMT) time internally. The clock on the local console is automatically synchronized with Management Server time.
Keyboard Layout (Optional)	Select a language to specify the layout of the keyboard used with the local console.
Enable SSH Daemon (Optional)	When selected, allows remote access to the NGFW Engine command line for troubleshooting purposes.
USB Drive Installation	Save As — Opens the Save Initial Configuration dialog box, where you can specify the location of a USB drive. Note: When the NGFW appliance is started with the USB drive inserted, it automatically imports and installs the initial configuration and makes initial contact with the Management Server.
Installation Cloud (Plug-and-play configuration method, only Single Firewalls that have a dynamic control IP address)	Upload — Uploads the initial configuration to the Installation Server. When the NGFW appliance is started, it automatically downloads and installs the initial configuration and makes initial contact with the Management Server. Note: There are special considerations when using plug-and-play configuration. For example, both the SMC and the NGFW Engines must be registered for plug-and-play configuration before you configure the engines. See Knowledge Base article 9662.
Manual Installation	Copy to Clipboard — Copies the configuration details to the clipboard. Save As — Opens the Save Initial Configuration dialog box, where you can specify where to save the file that contains the configuration details.

Initial Configuration Details dialog box

Use this dialog box to view and copy the initial configuration details.

Option	Definition
Engine Node	Displays the name of the selected NGFW Engine node.
One-Time Generated Password	Displays the one-time password required when the NGFW Engine connects to the Management Server. To copy the password, right-click the password, then select Copy Password. Note: The password is required when the NGFW Engine is configured manually using the NGFW Initial Configuration Wizard.
Management Server Addresses	Displays the IP address of the Management Server that the NGFW Engine contacts after the initial configuration.
Management Server Certificate Fingerprint (MD5)	Displays the certificate fingerprint that secures Management Server communications.
Close	Closes the dialog box.