diff --git a/salt/common/init.sls b/salt/common/init.sls
index 93f76c3b3..f7a4d6731 100644
--- a/salt/common/init.sls
+++ b/salt/common/init.sls
@@ -51,6 +51,11 @@ sosaltstackperms:
     - gid: 939
     - dir_mode: 770
 
+so_log_perms:
+  file.directory:
+    - name: /opt/so/log
+    - dir_mode: 755
+
 # Create a state directory
 statedir:
   file.directory:
@@ -304,9 +309,14 @@ sostatusdir:
     - user: 0
     - group: 0
     - makedirs: True
+
+sostatus_log:
+  file.managed:
+    - name: /opt/so/log/sostatus/status.log
+    - mode: 644
     
 # Install sostatus check cron
-/usr/sbin/so-status -q && echo $? > /opt/so/log/sostatus/status.log 2>&1:
+'/usr/sbin/so-status -q; echo $? > /opt/so/log/sostatus/status.log 2>&1':
   cron.present:
     - user: root
     - minute: '*/5'
diff --git a/setup/so-functions b/setup/so-functions
index ba815e57f..f7084fca9 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -162,6 +162,25 @@ check_hive_init() {
 	docker rm so-thehive
 }
 
+check_manager_state() {
+	echo "Checking state of manager services. This may take a moment..."
+	retry 2 15 "__check_so_status" >> $setup_log 2>&1 && retry 2 15 "__check_salt_master" >> $setup_log 2>&1 && return 0 || return 1
+}
+
+__check_so_status() {
+	local so_status_output
+	so_status_output=$($sshcmd -i /root/.ssh/so.key soremote@"$MSRV" cat /opt/so/log/sostatus/status.log)
+	[[ -z $so_status_output ]] && so_status_output=1
+	return $so_status_output
+}
+
+__check_salt_master() {
+	local salt_master_status
+	salt_master_status=$($sshcmd -i /root/.ssh/so.key soremote@"$MSRV" systemctl is-active --quiet salt-master)
+	[[ -z $salt_master_status ]] && salt_master_status=1
+	return $salt_master_status
+}
+
 check_network_manager_conf() {
 	local gmdconf="/usr/lib/NetworkManager/conf.d/10-globally-managed-devices.conf"
 	local nmconf="/etc/NetworkManager/NetworkManager.conf"
diff --git a/setup/so-setup b/setup/so-setup
index 5b1a7417c..ad210048a 100755
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -264,7 +264,7 @@ elif [ "$install_type" = 'ANALYST' ]; then
 fi
 
 # Check if this is an airgap install
-if [[ ( $is_manager || $is_import ) && $is_iso ]]; then
+if [[ $is_iso || $is_minion ]]; then
 	whiptail_airgap
 	if [[ "$INTERWEBS" == 'AIRGAP' ]]; then
 		is_airgap=true
@@ -339,7 +339,7 @@ if ! [[ -f $install_opt_file ]]; then
 			"HOSTNAME=$HOSTNAME" \
 			"MSRV=$MSRV" \
 			"MSRVIP=$MSRVIP" \
-			"NODE_DESCRIPTION=$NODE_DESCRIPTION" > "$install_opt_file"
+			"NODE_DESCRIPTION=\"$NODE_DESCRIPTION\"" > "$install_opt_file"
 		[[ -n $so_proxy ]] && echo "so_proxy=$so_proxy" >> "$install_opt_file"
 		download_repo_tarball
 		exec bash /root/manager_setup/securityonion/setup/so-setup "${original_args[@]}"
@@ -574,6 +574,11 @@ if [[ $is_manager || $is_import ]]; then collect_so_allow; fi
 # This block sets REDIRECTIT which is used by a function outside the below subshell
 set_redirect >> $setup_log 2>&1
 
+if [[ $is_minion ]] && ! check_manager_state; then
+	echo "Manager was not in a good state" >> "$setup_log" 2>&1
+	whiptail_manager_error
+fi
+
 whiptail_end_settings
 
 # From here on changes will be made.
diff --git a/setup/so-whiptail b/setup/so-whiptail
index 493ae7a68..6127a174a 100755
--- a/setup/so-whiptail
+++ b/setup/so-whiptail
@@ -19,13 +19,18 @@ whiptail_airgap() {
 
 	[ -n "$TESTING" ] && return
 
-	INTERWEBS=$(whiptail --title "Security Onion Setup" --radiolist \
-	"Choose your install conditions:" 20 75 4 \
-	"STANDARD" "This manager has internet accesss" ON  \
-	"AIRGAP" "This manager does not have internet access" OFF 3>&1 1>&2 2>&3 )
+	local node_str='node'
+	[[ $is_manager || $is_import ]] && node_str='manager'
+
+	INTERWEBS=$(whiptail --title "Security Onion Setup" --menu \
+	"How should this $node_str be installed?" 10 60 2 \
+	"Standard    " "This $node_str has internet accesss"  \
+	"Airgap      " "This $node_str does not have internet access" 3>&1 1>&2 2>&3 )
 
 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus
+
+	INTERWEBS=$(echo "${INTERWEBS^^}" | tr -d ' ')
 }
 
 whiptail_avoid_default_hostname() {
@@ -79,7 +84,7 @@ whiptail_bond_nics_mtu() {
 
 whiptail_cancel() {
 
-	whiptail --title "Security Onion Setup" --msgbox "Cancelling Setup. No changes have been made." 8 75
+	whiptail --title "Security Onion Setup" --msgbox "Cancelling Setup." 8 75
 	if [ -d "/root/installtmp" ]; then
 		{
 			echo "/root/installtmp exists";
@@ -88,7 +93,7 @@ whiptail_cancel() {
 		} >> $setup_log 2>&1
 	fi
 
-	title "User cancelled setup, no changes made."
+	title "User cancelled setup."
 	
 	exit
 }
@@ -1140,6 +1145,22 @@ whiptail_manager_adv_service_zeeklogs() {
 
 }
 
+whiptail_manager_error() {
+
+	[ -n "$TESTING" ] && return
+
+	local msg
+	read -r -d '' msg <<- EOM
+	Setup could not determine if the manager $MSRV is in a good state.
+
+	Continuing without verifying all services on the manager are running may result in a failure.
+
+	Would you like to continue anyway?
+	EOM
+
+	whiptail --title "Security Onion Setup" --yesno "$msg" 13 75 || whiptail_check_exitstatus 1
+}
+
 whiptail_manager_updates() {
 
 	[ -n "$TESTING" ] && return