KB Article | Forcepoint Support

Problem Description

To use the plug-and-play installation method with Installation Cloud for initial configuration of the NGFW engine, ensure that the following prerequisites are met:
  • Plug-and-play installation can be used only with single node engines running in Layer 3 FW/VPN role.
  • Plug-and-play installation requires that Ethernet port 0 is connected to the Internet and can receive IP address and DNS server addresses via DHCP.
  • Plug-and-play installation can use ADSL or 3G interfaces, but the connection must not require authentication.
  • Plug-and-play installation requires that the engine be able to connect to the Internet using HTTPS (on TCP port 443).
  • Plug-and-play installation requires that the engine be able to connect to the Management server on port 3021.
  • After the engine receives the initial configuration details from the Installation Cloud, it must be able to connect to the configured SMC contact address at TCP port 8906.
  • After the engine has the policy installed, it must be able to use ports 3020 and 3023 for log and monitoring connections.
  • When you use modular NGFW appliances, the installed software version must be 5.5.5 or later.

Resolution

To use Installation Cloud for NGFW initial configuration, follow the steps below:
  1. Order the NGFW appliances and/or licenses.
  2. In case you have multiple NGFW appliances and you intend to use the Installation Cloud-based deployment, collect list of appliance POS codes (Proof of Serial).
  3. Log in to the License Center with your SMC POL code and register the NGFW appliances for Installation Cloud service:
    1. Select Register your appliances for Plug & Play installation on NGFW Installation Cloud.
    2. Enter your Appliance POS codes and your contact information.
    3. Submit the registration.
  4. Create the engine elements in SMC. You must enter the Proof-of-Serial code on new NGFW appliances when you use plug-and-play installation. You can do either of the following:
    • Run the Multiple Single Firewalls wizard and utilize the POS list collected.
    • Create the elements one by one. You will need to add the POS code to engine element General -tab here before first time saving the element, after which the Proof-of-Serial field no longer is modifiable.
      Note You can also define the initial policy name as part of initial configuration. 
  5. Upload the initial configuration to Installation Cloud from the Save Initial Configuration dialog.
  6. After you publish the initial configuration, power up the NGFW appliance.
  7. The NGFW appliance automatically connects to the Installation Cloud and receives its initial configuration and contacts the SMC.
  8. After the initial contact is made, SMC will push the predefined policy to the NGFW appliance automatically.
If you encounter any issues related to Installation Cloud deployments, open the SMC and select File > System Tools > View Appliance Configuration Status.

Note Technical Support also has access to view the configuration status for all customer deployments through the Installation Cloud.

Article Feedback



Thank you for the feedback and comments.