I have been curious about how to configure these devices without an SMC as I will have a couple of spares from my deployment which I would like to manage independantly.
You use a serial connection to connect to the console port and use putty (or other utils) to log in and configure it.
There are options for configuring the interfaces when you run the first-time configuration wizard from here or sg-reconfigure if already run. From the CLI you can also verify the current interface configuration using "netstat -inet".
I hope this helps.
there isn't much documentation since the Local Manager has thus far mostly been aimed at PoC usage. This article describes how to connect to it: https://kc.mcafee.com/corporate/index?page=content&id=KB85470
It is only supported on 64bit NGF appliances, so if you cannot connect check first the actual appliance model. NGF-325 and FWL-325 have different hardware and the latter cannot run Local Manager. If it is NGF-325, see with "sg-status" command what software image is installed, "x86-64" or "x86-64-small", the small image does not contain Local Manager. If you have the small image, you'd need to do a CD re-install to switch to normal image.
Some notes about Local Manager (list may not be exhaustive):
- Policy configuration has limitations: e.g. no file filtering or QoS
- Site-to-site VPN is only possible between Forcepoint NGFWs with PSK
- client VPN is not available
- clustering is not available
- no AD integration available for user authentication
The only thing you can configure on commandline over SSH or serial console is the interface config, plus connecting the appliance to an SMC. Rules etc can only be configured via Local Manager or SMC. Due to limitations in the Local Manager we would recommend using SMC instead in most cases.