Pre-configurations

3Pre-configurations

3.1Pre-configure the mGuard appliances

Please follow the steps described in the User Manual “Installing and starting up the mGuard hardware“, available at: phoenixcontact.net/products, for starting up and configuring the device (IP addresses of the interfaces etc.).

For further information, please refer also to the Software Reference Manual “Configuration of the mGuard security appliances Firmware“, available at: phoenixcontact.net/products.

Enable SSH access

The mdm installs the configuration files on the mGuards using SSH. Therefore SSH access has to be permitted on the mGuards if mdm is using the external (untrusted) interface to upload the configuration.

Select Management » System Settings » Shell Access in the menu of the Web user interface and enable SSH remote access. For more detailed information on SSH remote access please consult the mGuard Reference Manuals.

If you enable remote SSH access, make sure that you change the default admin and root passwords to secure passwords.

mdm is using the admin password to log into the mGuard. If the password was changed locally on the device please change the password setting in mdm accordingly using the Set Current Device Passwords option in the context menu of the device overview table. Otherwise mdm is not able to log into the device.

The current root password is part of the configuration file. If the password was changed locally on the device please change the password setting in mdm accordingly. Otherwise the mGuard will reject the configuration.

3.2Pre-configure the HTTPS configuration pull server

To transmit information on the configuration status of an mGuard, the HTTPS pull server has to send SYSLOG messages to the mdm server (pull feedback).

Please make sure that neither the communication between the HTTPS server and the mdm server nor the communication between the HTTPS pull server and the mGuards is blocked by a firewall or a NAT device.