Manualshelf

Installation guide

ManualsBrandsMcafee ManualsOtherFIREWALL 2.1-GETTING STARTED
81828384858687888990
86
Chapter 9 Saving the Initial Configuration
Preparing for Configuration Using the Engine Configuration
Wizard
To prepare for configuration using the Engine Configuration Wizard
1. If you plan to enter the information manually, write down or copy the One-Time Password
for each engine. Keep track of which password belongs to which engine node.
2. If you plan to enter the information manually, write down or copy the Management Server
Addresses.
3. (Optional) If you plan to enter the information manually, write down or copy the
Management Server Certificate Fingerprint for additional security.
4. (Optional) If you plan to import the configuration in the Engine Configuration Wizard, select
Enable SSH Daemon to allow remote access to the engine command line.
Enabling SSH in the initial configuration gives you remote command line access in case
the configuration is imported correctly, but the engine fails to establish contact with the
Management Server.
Once the engine is fully configured, SSH access can be set on or off using the
Management Client. We recommend that you enable the SSH access in the Management
Client when needed and disable the access again when you are finished. Make sure your
Access rules allow SSH access to the engines from the administrators’ IP addresses
only.
5. (Optional) If you plan to import the configuration in the Engine Configuration Wizard, select
the Local Time Zone and Keyboard Layout.
The time zone selection is used only for converting the UTC time that the engines use
internally for display on the command line. All internal operations use UTC time, which is
synchronized with the Management Server’s time once the engine is configured. For
external operations, engines use the time zone of their geographical location.
6. (Optional) Click Select and select the appropriate policy if you already have a policy you
want to use for the IPS engine, Layer 2 Firewall, or Master Engine. The selected policy is
automatically installed after the engine has contacted the Management Server. See
Installing the Initial Policy (page 92) for descriptions of the available pre-defined policies.
7. If you plan to import the configuration in the Engine Configuration Wizard, click Save As and
save the configuration on a USB memory stick.
8. Click Close.
Caution – If you enable SSH, set the password for command line access after the initial
configuration either through the Management Client or by logging in to the command line.
When the password is not set, anyone with SSH access to the engine can set the
password.
Caution – Handle the configuration files securely. They include the one-time password that
allows establishing trust with your Management Server.
What’s Next?
Transferring the Initial Configuration to the Engines (page 87)