Save the initial configuration and generate the one-time password

Save the initial configuration to establish a management connection for Firewall engines, IPS engines, Layer 2 Firewall engines, and Master NGFW Engines. Saving the initial configuration generates the one-time password required for manual engine configuration using the NGFW Initial Configuration Wizard.

Note: There are special considerations when using plug-and-play configuration. For example, both the SMC and the NGFW Engines must be registered for plug-and-play configuration before you configure the engines. See Knowledge Base article 9662.
Note: All communication between Virtual NGFW Engines and the SMC is proxied by the Master NGFW Engine. You cannot create a one-time password for a Virtual NGFW Engine.

The one-time password that is created is specific to each engine. Keep track of which engine has which password. If you mix them up or lose them, you can repeat the procedure and create new initial configurations for those engines.

  For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Save the initial configuration information:
    • For an individual engine: right-click the bottom-level node element, then select Save Initial Configuration.
    • For all engines in a cluster: right-click the top-level cluster element, then select Configuration > Save Initial Configuration.
    Note: If there is a Firewall between the engine and the Management Server, allow the connection in the Firewall’s IPv4 Access rules. If there is a NAT device between the engine and the Management Server, also configure NAT rules for the connection. Otherwise, the engine cannot contact the Management Server.
  2. (Optional) If you want to manually enter details in the NGFW Initial Configuration Wizard or if the engine already has the correct configuration, select View Details, then write down the one-time password.
    The password is mandatory and is used to authenticate the engine to the Management Server. The fingerprint can also be optionally used to make the engine verify the identity of the Management Server.

Next steps

To use plug-and-play configuration or automatic configuration, continue by uploading the initial configuration details to the Installation Server or saving them on a USB drive.

Save or Upload Initial Configuration dialog box

Use the information in the following table when you want to save the initial configuration of an NGFW Engine.

Note: Select View Details to view and copy to the clipboard the one-time password that secures communication between the Management Server and the NGFW Engine.
Option Definition
View Details Opens the Initial Configuration Details dialog box.
Initial Security Policy

(Optional)

Displays the policy to be installed automatically.
Select Opens the Select Element dialog box, where you can select a policy to be automatically installed.
Local Time Zone

(Optional)

Select a local time zone for commands you enter on the command line.
Note: This setting only applies to the local console. Engines always use UTC (GMT) time internally. The clock on the local console is automatically synchronized with Management Server time.
Keyboard Layout

(Optional)

Select a language to specify the layout of the keyboard used with the local console.
Enable SSH Daemon

(Optional)

When selected, allows remote access to the NGFW Engine command line for troubleshooting purposes.
USB Drive Installation Save As — Opens the Save Initial Configuration dialog box, where you can specify the location of a USB drive.
Note: When the NGFW appliance is started with the USB drive inserted, it automatically imports and installs the initial configuration and makes initial contact with the Management Server.
Installation Cloud

(Plug-and-play configuration method, only Single Firewalls that have a dynamic control IP address)

Upload — Uploads the initial configuration to the Installation Server.

When the NGFW appliance is started, it automatically downloads and installs the initial configuration and makes initial contact with the Management Server.

Note: There are special considerations when using plug-and-play configuration. For example, both the SMC and the NGFW Engines must be registered for plug-and-play configuration before you configure the engines. See Knowledge Base article 9662.
Manual Installation
  • Copy to Clipboard — Copies the configuration details to the clipboard.
  • Save As — Opens the Save Initial Configuration dialog box, where you can specify where to save the file that contains the configuration details.

Initial Configuration Details dialog box

Use this dialog box to view and copy the initial configuration details.

Option Definition
Engine Node Displays the name of the selected NGFW Engine node.
One-Time Generated Password Displays the one-time password required when the NGFW Engine connects to the Management Server. To copy the password, right-click the password, then select Copy Password.
Note: The password is required when the NGFW Engine is configured manually using the NGFW Initial Configuration Wizard.
Management Server Addresses Displays the IP address of the Management Server that the NGFW Engine contacts after the initial configuration.
Management Server Certificate Fingerprint (MD5) Displays the certificate fingerprint that secures Management Server communications.
Close Closes the dialog box.