Daemon and Victor explaniert very well whats to do.
Configure everything of the local configuration, enable cluster membership with same cluster ID, set SIC password, install all needed hotfixes. At this point the gateway starts with initial policy. This allows ssh, webUI and connections from management to the system. Routing is disabled at this point.
Then you can install it into your rack, connect to the network and establish SIC with management. Install policy and everything is fine.
You can edit initial_policy.pf to get more secure policy in the initial state, but this is a hard work to do.
Wolfgang