Installation guide
107
Configuring the Engine in the Engine Configuration Wizard
Contacting the Management Server
The Prepare for Management Contact page opens. If the initial configuration was imported,
most of this information is automatically filled in.
Before the engine can make initial contact with the Management Server, you activate an initial
configuration on the engine. The initial configuration contains the information that the engine
needs to connect to the Management Server for the first time.
Filling in the Management Server Information
In the second part of the configuration, you define the information needed for establishing a
trust relationship between the engine and the Management Server.
If you do not have a one-time password for this engine, see the Saving the Initial Configuration
(page 83).
To fill in the Management Server information
1. Select Contact or Contact at Reboot and press the spacebar.
2. Enter the Management Server IP address and the one-time password.
3. (Optional) Select 256-bit Security Strength and press the spacebar to use 256-bit
encryption for the connection to the Management Server. 256-bit encryption must also be
enabled for the Management Server. See the McAfee SMC Installation Guide for more
information.
4. (Optional) Highlight Edit Fingerprint and press Enter. Fill in the Management Server’s
certificate fingerprint (also shown when you saved the initial configuration). Filling in the
certificate fingerprint increases the security of the communications.
5. Highlight Finish and press Enter. The engine now tries to make initial Management Server
contact.
Note – If there is an intermediate firewall between this engine and the Management
Server, make sure that the intermediate firewall’s policy allows the initial contact and all
subsequent communications. See Default Communication Ports (page 149) for a listing of
the ports and protocols used.
What’s Next?
If the control IP address is assigned by a DHCP server, select Obtain Node IP address
from a DHCP server and continue in Filling in the Management Server Information
(page 107).
If the control IP address is static, select Enter node IP address manually and fill in the
IP address and Netmask (always), and Gateway to management (if the Management
Server is not in a directly connected network).
Note – The one-time password is engine-specific and can be used only for one initial
connection to the Management Server. Once initial contact has been made, the engine
receives a certificate from the Management Server for identification. If the certificate is
deleted or expires, you must repeat the initial contact using a new one-time password.