Considerations for working on the NGFW Engine command line
Nearly all engine configuration is done through the Management Client, but some engine settings and options must be defined and configured on the command line.
What you can do on the NGFW Engine command line
- Reconfigure the engine’s keyboard layout, time zone, network card settings, and network card to Interface ID mapping.
- Create scripts that run when the engine changes its state.
- Establish contact between the engine and the Management Server.
- Manually revert to the previous configuration.
- Run various troubleshooting tools, both general and specific to Forcepoint NGFW.
Limitations of the NGFW Engine command line
Changes made on the engine command line apply only to the node on which they were made. If you want to change settings for other engines, such as all nodes in a cluster, you must make the same changes separately on the command line of each engine.
Some engine configuration options, such as network interface settings, cannot be changed through an SSH console. To be able to change these settings, you must connect using a serial cable or connect a display and keyboard directly to the engine hardware.
The Management Server contact settings that are displayed in the NGFW Configuration Wizard (sg-reconfigure) do not show the engine’s actual working configuration (transferred whenever the engine’s policy is installed or refreshed). The NGFW Configuration Wizard displays the values that were set when the node was initialized.
If you are not a root user on the engine, your permissions to execute commands might be limited. This might be the case if your SMC account has been replicated on the engine and your permissions have been limited in the local sudo configuration file.