Reconfigure NGFW Engine settings

On the command line of the NGFW Engine, you can use the NGFW Configuration Wizard to change settings that were defined during the installation of the NGFW Engine.

The NGFW Configuration Wizard also allows you to re-establish a trust relationship between the NGFW Engine and the Management Server if the trust is lost.

Note: On NGFW Engines that are fully configured, you can change each setting individually without changing the other settings. All steps are optional.

Steps

  1. Start the NGFW Configuration Wizard using one of the following commands:
    • sg-reconfigure --no-shutdown — The NGFW Configuration Wizard starts without shutting down the NGFW Engine. You cannot change network interface settings in this mode.
    • sg-reconfigure — The NGFW Engine shuts down and the NGFW Configuration Wizard starts. All options are available if you have a local connection. If you have a remote SSH connection, you cannot change network interface settings.
  2. Change the general settings.
    • Change the keyboard layout for command-line use.
    • Change the time zone for command-line use.
    • Change the host name of the engine.
    • Enable or disable SSH access to the engine command line.
      Note: Unless you have a specific reason to enable SSH access to the engine command line, we recommend leaving it disabled.
  3. Change the password for the root user account.
    1. Highlight Change, then press Enter.
    2. Enter and confirm the new password for the root user account.
    3. Highlight OK, then press Enter.
  4. Change the bootloader password.
    The bootloader password prevents unauthorized editing of parameters in the second-level grub menu on the NGFW Engine.
    1. Highlight Change, then press Enter.
    2. Enter and confirm the new bootloader password.
    3. Highlight OK, then press Enter.
  5. Change the network card settings and the mapping of network cards to Interface IDs.
  6. Change the settings on the Prepare for Management Contact screen.
    Note: The Management Server contact details are not used by the NGFW Engine after a policy has been installed from the Management Server. They are shown for your reference only.
    • To re-establish the trust relationship between the NGFW Engine and the Management Server, select Contact Management Server, then enter a new one-time password.
      Select this option when you want to replace a missing or expired certificate, or if the trust relationship with the Management Server is lost for any other reason, such as changing the Management Server’s IP address.
      CAUTION:
      If there is a Firewall or Layer 2 Firewall between a remote NGFW Engine and the Management Server, you must allow the connection in the Firewall or Layer 2 Firewall Access rules. If there is a NAT device between a remote NGFW Engine and the Management Server, you must also configure NAT rules for the connection in the Firewall Policy. Otherwise, the NGFW Engine cannot contact the Management Server.
    • To reset the NGFW Engine to the post-installation state, select Switch to Initial Configuration.
      CAUTION:
      Selecting this option removes all configuration and policy information that has been transferred to the NGFW Engine. The post-installation state uses a policy that allows communication only between the NGFW Engine and the Management Server. You must install a policy on the NGFW Engine before it can be operational again.