Manually enable 256-bit security strength for NGFW Engines

When you start using a new internal ECDSA certificate authority, 256-bit encryption is automatically enabled for NGFW Engines. If an NGFW Engine cannot communicate with the Management Server, manually enable 256-bit encryption on the NGFW Engine, then make initial contact between the NGFW Engine and the Management Server.

Before you begin

Create a new internal ECDSA certificate authority.

Steps

  1. On the command line of the NGFW Engine, enter one of the following commands to start the NGFW Configuration Wizard:
    • sg-reconfigure --no-shutdown

      The NGFW Configuration Wizard starts without shutting down the NGFW Engine. Network interface settings cannot be changed in this mode.

    • sg-reconfigure

      The NGFW Engine shuts down, then the NGFW Configuration Wizard starts. All options are available if you have a local connection. If you have a remote SSH connection, you cannot change network interface settings because the NGFW Engine always uses the no-shutdown mode for SSH connections.

  2. Select Next on each page until the Prepare for Management Contact page opens.
  3. Select Contact or Contact at Reboot, then press the spacebar.
  4. Enter the Management Server IP address and the one-time password.
    Note: The one-time password is specific to each NGFW Engine and can be used only for one initial connection to the Management Server. After initial contact has been made, the NGFW Engine receives a certificate from the SMC for identification. If the certificate is deleted or expires, repeat the initial contact using a new one-time password.
  5. Select 256-bit Security Strength, then press the spacebar to use 256-bit encryption for the connection to the Management Server.
  6. (Optional) Enter the fingerprint for the Management Server.
    1. Select Edit Fingerprint, then press Enter.
    2. Enter the Management Server’s certificate fingerprint.
      The fingerprint is shown in the Management Client when you save the initial configuration.
  7. Select Finish, then press Enter.

Result

The NGFW Engine tries to make initial Management Server contact. The progress is shown on the command line.