Save the initial configuration and generate the one-time password

Save the initial configuration to establish a management connection for NGFW Engines.

Saving the initial configuration generates the one-time password required for manual configuration using the NGFW Configuration Wizard. You can alternatively upload the configuration details to the Installation Server or save them, for example, on a USB drive.

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Select Home.
  2. Save the initial configuration information:
    • For an individual NGFW Engine node, right-click the node, then select Save Initial Configuration.
    • For all the NGFW Engines in a cluster, right-click the top-level cluster element, then select Configuration > Save Initial Configuration.
  3. To manually enter details in the NGFW Configuration Wizard or if the engine already has the correct configuration, select View Details, then write down the one-time password.
  4. Configure the settings.

Next steps

  • If you selected to upload the initial configuration to the Installation Server, connect the cables, then turn on the appliance. The appliance contacts the Installation Server and downloads the initial configuration.
  • To configure the appliance automatically using a USB drive, turn on the appliance with a USB drive inserted.
  • If you manually saved the details, turn on the appliance and import the configuration to the NGFW Configuration Wizard.
For more information, see the Forcepoint Next Generation Firewall Installation Guide.

Save or Upload Initial Configuration dialog box

Use the information in the following table when you want to save the initial configuration of an NGFW Engine.

Option Definition
View Details Opens the Initial Configuration Details dialog box. You can view and copy the one-time password that secures communication between the Management Server and the NGFW Engine.
Initial Security Policy

(Optional)

The policy to be installed automatically. Click Select to select an element.
Local Time Zone Select a local time zone for commands you enter on the command line.
Note: This setting only applies to the local console. NGFW Engines always use UTC (GMT) time internally. The clock on the local console is automatically synchronized with the Management Server time.
Keyboard Layout Select a language to specify the layout of the keyboard used with the local console.
Enable SSH Daemon

(Optional)

 When selected, allows remote access to the NGFW Engine command line for troubleshooting purposes.
  • You can enable and disable remote command-line access at any time after management contact is established through the right-click menu of the NGFW Engine. We recommend that you disable SSH access whenever it is not needed. Make sure that your Access rules allow SSH access to the NGFW Engines from the administrators’ IP addresses only.
  • The Template policies do not allow these connections. However, the temporary policy activated immediately after the NGFW Engine’s initial configuration (active until you install the working policy) allows SSH access from the Management Server’s IP address. Alternatively, you can upload a working policy to be automatically installed after it has contacted the Management Server.
CAUTION:
If you enable SSH, set the password for command-line access after the initial configuration either through the Management Client or by logging on to the command line. When the password is not set, anyone with SSH access to the NGFW Engine can set the password.
USB Drive Installation Click Save As to save the configuration file to a USB drive. When you turn on the NGFW appliance with the USB drive inserted, it automatically imports and installs the initial configuration and makes initial contact with the Management Server.
Installation Cloud

(Plug-and-play configuration method, only Single Firewalls that have a dynamic control IP address)

Click Upload to upload the initial configuration to the Installation Server. When you turn on the NGFW appliance, it automatically downloads and installs the initial configuration and makes initial contact with the Management Server.
Note: There are special considerations when using plug-and-play configuration. For example, both the SMC and the NGFW Engines must be registered for plug-and-play configuration before you configure the engines. See Knowledge Base article 9662.
Manual Installation Select from the following options.
  • Copy to Clipboard — Copies the configuration details to the clipboard.
  • Save As — Opens the Save Initial Configuration dialog box, where you can specify where to save the file that contains the configuration details.

Initial Configuration Details dialog box

Use this dialog box to view and copy the initial configuration details.

Option Definition
Engine Node Shows the name of the selected NGFW Engine node.
One-Time Generated Password Shows the one-time password required when the NGFW Engine connects to the Management Server. To copy the password, right-click the password, then select Copy Password. The password is required when the NGFW Engine is configured manually using the NGFW Configuration Wizard.
Management Server Addresses The IP address of the Management Server that the NGFW Engine contacts after the initial configuration.
Management Server Certificate Fingerprint The certificate fingerprint that secures Management Server communications.