2 Replies Latest reply on Mar 21, 2016 9:06 AM by lnurmi

    NGF325 - First time user



      My company just bought NGF-325 without SMC. Since we only have two device, I plan to use Local Manager.

      I have try to use web base Local Manager, connected using DHCP.


      My problem is how to configure ethernet port using Local Manager. There is no ethernet port to be configure.

      Is there any document for Local Manager? How can I configure ethernet port? Is there any CLI that I can use?


      Is there any posibility that I have missed some step configuring NGF325, i.e. license etc.?



        • 1. Re: NGF325 - First time user

          Hi Ahmad

          I have been curious about how to configure these devices without an SMC as I will have a couple of spares from my deployment which I would like to manage independantly.

          You use a serial connection to connect to the console port and use putty (or other utils) to log in and configure it.

          There are options for configuring the interfaces when you run the first-time configuration wizard from here or sg-reconfigure if already run. From the CLI you can also verify the current interface configuration using "netstat -inet".

          I hope this helps.



          • 2. Re: NGF325 - First time user



            there isn't much documentation since the Local Manager has thus far mostly been aimed at PoC usage. This article describes how to connect to it: https://kc.mcafee.com/corporate/index?page=content&id=KB85470


            It is only supported on 64bit NGF appliances, so if you cannot connect check first the actual appliance model. NGF-325 and FWL-325 have different hardware and the latter cannot run Local Manager. If it is NGF-325, see with "sg-status" command what software image is installed, "x86-64" or "x86-64-small", the small image does not contain Local Manager. If you have the small image, you'd need to do a CD re-install to switch to normal image.


            Some notes about Local Manager (list may not be exhaustive):

            - Policy configuration has limitations: e.g. no file filtering or QoS

            - Site-to-site VPN is only possible between Forcepoint NGFWs with PSK

            - client VPN is not available

            - clustering is not available

            - no AD integration available for user authentication


            The only thing you can configure on commandline over SSH or serial console is the interface config, plus connecting the appliance to an SMC. Rules etc can only be configured via Local Manager or SMC. Due to limitations in the Local Manager we would recommend using SMC instead in most cases.