Logging in for the first time and accepting agreements

To log in to Kaspersky NGFW for the first time immediately after installation, you can use the default user name and password:

• User name: root
• Password: ngfwadmin

After logging in to the Kaspersky NGFW command line interface for the first time, you need to change the password.

The password must satisfy the following requirements:

• The password must be at least 8 characters long.
• The password must contain at least one uppercase letter, one lowercase letter, one numeral, and one special character.
• The password must not be a palindrome.
• The password must not be derived from the previous password by changing the character case.
• The password must differ from the old one by at least one character (character replacement, deletion, or addition).
• The password must not be derived from a previous password by inverting the order of characters.
• The password must not contain the user name.
• The password must not contain words that are present in the standard cracklib dictionary (for example, qwerty, password).

After 4 attempts to log in with a password, the user account is locked out. A locked-out user account can be unlocked by the administrator or automatically after a specified time. You can configure the number of attempts before lockout and the automatic unlock timeout on the command line. The stored authentication information is protected from unauthorized access.

To change the root password on the command line:

1. Proceed to manage Kaspersky NGFW settings on the command line by running the following command:

   knsh

2. Enter the command to change the password:

   ngfw> system password

   A message is displayed, followed by a prompt to enter a new password:

   Changing password for root

   New password:

3. Enter the new password.

   A message is displayed, followed by a prompt to enter a new password:

   Retype password:

4. Enter the new password again.

The password is changed. The following password change message is displayed:

password: password for root changed by root

You can change the root user password in the KUMA web interface and in the KSC web console.

To continue to use Kaspersky NGFW solution, you must read the End User License Agreement, the Privacy Policy, and the Kaspersky Security Network Statement and accept the mandatory agreements or all agreements.

To accept the agreements and start managing Kaspersky NGFW:

1. Go to the directory with distribution kit of the solution.
2. Read the following agreements:
   • End User License Agreement and Privacy Policy for Kaspersky products and services (in the license_NGFW_en.rtf file).

     You cannot continue to use Kaspersky NGFW without accepting these agreements.

   • Kaspersky Security Network Statement (in the file ksn_NGFW_en.rtf).

     You must accept this agreement if you want to send data (requests and statistics) to Kaspersky Security Network. If this is not the case, you do not need to accept this agreement.

3. Proceed to manage Kaspersky NGFW settings on the command line by running the following command:

   knsh

   A welcome message is displayed, followed by a request to accept the End User License Agreement:

   Do you confirm that you have fully read, understand, and accept the terms and conditions of End User License Agreement? (Yes/No)

4. If you accept the End User License Agreement, enter Yes.

   If you refuse to accept the End User License Agreement, enter No. In this case, you cannot continue using Kaspersky NGFW.

   A prompt to accept the Privacy Policy is displayed:

   Do you confirm that you have fully read, understand, and accept the terms and conditions of Privacy Policy? (Yes/No)

5. If you accept the Privacy Policy, enter Yes.

   If you refuse to accept the Privacy Policy, enter No. In this case, you cannot continue using Kaspersky NGFW.

   A prompt to accept the Kaspersky Security Network Statement is displayed:

   Do you confirm that you have fully read, understand, and accept the terms and conditions of Kaspersky Security Network Statement, and agree to send all types of data mentioned in KSN Statement (security requests, statistical data) to KSN services?

6. If you accept the Kaspersky Security Network Statement, enter Yes.

   If you refuse to accept the Kaspersky Security Network Statement, enter No. In this case, you can continue to use Kaspersky NGFW, but data (requests and statistics) cannot be sent to Kaspersky Security Network.

Agreements are accepted. You can start managing Kaspersky NGFW.

In the future, you can accept the Kaspersky Security Network Statement or withdraw your acceptance of the Statement using the ksn family of commands on the command line. To accept the Kaspersky Security Network Statement, use the ksn statistics command. To withdraw your acceptance of the Kaspersky Security Network Statement, use the no ksn statistics command. For a description of command families and a link to the complete list of Kaspersky NGFW configuration commands, see the Managing Kaspersky NGFW using the command line document.

When installing the orchestrator and the user identity service, you must also accept the Kaspersky NGFW End User License Agreement. If you refuse to accept the End User License Agreement, you cannot use these components.

Page top