Manualshelf

Installation guide

ManualsBrandsMcafee ManualsOtherFIREWALL 2.1-GETTING STARTED
81828384858687888990
85
Saving the Initial Configuration
Preparing for Automatic Configuration
To prepare for automatic configuration
1. (Optional) Select Enable SSH Daemon to allow remote access to the engine command line.
Enabling SSH in the initial configuration gives you remote command line access in case
the configuration is imported correctly, but the engine fails to establish contact with the
Management Server.
Once the engine is fully configured, SSH access can be set on or off using the
Management Client. We recommend that you enable the SSH access in the Management
Client when needed and disable the access again when you are finished. Make sure your
Access rules allow SSH access to the engines from the administrators’ IP addresses
only.
2. Select the Local Time Zone and Keyboard Layout.
The time zone selection is used only for converting the UTC time that the engines use
internally for display on the command line. All internal operations use UTC time, which is
synchronized with the Management Server’s time once the engine is configured. For
external operations, engines use the time zone of their geographical location.
3. (Optional) Click Select and select the appropriate policy if you already have a policy you
want to use for the IPS engine, Layer 2 Firewall, or Master Engine. The selected policy is
automatically installed after the engine has contacted the Management Server. See
Installing the Initial Policy (page 92) for descriptions of the available pre-defined policies.
4. Click Save As and save the configuration on the root of a USB memory stick, so that the
engine can boot from it.
5. Click Close.
Caution – If you enable SSH, set the password for command line access after the initial
configuration either through the Management Client or by logging in to the command line.
When the password is not set, anyone with SSH access to the engine can set the
password.
Caution – Handle the configuration files securely. They include the one-time password that
allows establishing trust with your Management Server.
What’s Next?
Transferring the Initial Configuration to the Engines (page 87)