diff --git a/setup/so-functions b/setup/so-functions
index 9fa5fbfeb..8353bb7fd 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -40,9 +40,12 @@ accept_salt_key_remote() {
 
 add_admin_user() {
 	# Add an admin user with full sudo rights if this is an ISO install. 
-	useradd "$ADMINUSER"
-	echo "$ADMINUSER":"$ADMINPASS1" | chpasswd --crypt-method=SHA512
-	usermod -aG wheel "$ADMINUSER"
+	{
+		useradd "$ADMINUSER";
+		echo "$ADMINUSER":"$ADMINPASS1" | chpasswd --crypt-method=SHA512;
+		usermod -aG wheel "$ADMINUSER";
+	} >> "$setup_log" 2>&1
+	
 }
 
 add_master_hostfile() {
@@ -74,11 +77,11 @@ so_add_user() {
 }
 
 add_socore_user_master() {
-	so_add_user "socore" "939" "939" "/opt/so"
+	so_add_user "socore" "939" "939" "/opt/so" >> "$setup_log" 2>&1
 }
 
 add_soremote_user_master() {
-	so_add_user "soremote" "947" "947" "/home/soremote" "$SOREMOTEPASS1"
+	so_add_user "soremote" "947" "947" "/home/soremote" "$SOREMOTEPASS1" >> "$setup_log" 2>&1
 }
 
 wait_for_file() {
@@ -250,9 +253,11 @@ clear_master() {
 	# Clear out the old master public key in case this is a re-install.
 	# This only happens if you re-install the master.
 	if [ -f /etc/salt/pki/minion/minion_master.pub ]; then
-		echo "Clearing old master key" >> "$setup_log" 2>&1
-		rm -f /etc/salt/pki/minion/minion_master.pub
-		sytemctl -q restart salt-minion
+		{
+			echo "Clearing old master key";
+			rm -f /etc/salt/pki/minion/minion_master.pub;
+			sytemctl -q restart salt-minion;
+		} >> "$setup_log" 2>&1
 	fi
 
 }
@@ -342,7 +347,7 @@ configure_minion() {
 		"  - module.run"\
 		"log_file: /opt/so/log/salt/minion" >> "$minion_config"
 
-	service salt-minion restart
+	systemctl restart salt-minion >> "$setup_log" 2>&1
 
 	echo "Enabling checkin at boot" >> "$setup_log" 2>&1
 	echo "startup_states: highstate" >> "$minion_config"
@@ -352,13 +357,13 @@ copy_master_config() {
 
 	# Copy the master config template to the proper directory
 	if [ "$INSTALLMETHOD" = 'iso' ]; then
-		cp /root/SecurityOnion/files/master /etc/salt/master
+		cp /root/SecurityOnion/files/master /etc/salt/master >> "$setup_log" 2>&1
 	else
-		cp "../files/master" /etc/salt/master
+		cp "../files/master" /etc/salt/master >> "$setup_log" 2>&1
 	fi
 
 	# Restart the service so it picks up the changes
-	systemctl restart salt-master
+	systemctl restart salt-master >> "$setup_log" 2>&1
 }
 
 copy_minion_tmp_files() {
@@ -617,22 +622,25 @@ docker_seed_registry() {
 				"so-strelka-filestream:$VERSION" 
 			)
 		fi
-		local initial_percent=26
+		local initial_percent=30
 		for i in "${TRUSTED_CONTAINERS[@]}"; do
 			if [ "$install_type" != 'HELIXSENSOR' ]; then ((intial_percent++)); else ((initial_percent+=6)); fi
 			# Pull down the trusted docker image
 			set_progress_str "$initial_percent" "Downloading $i"
-			docker pull --disable-content-trust=false docker.io/soshybridhunter/"$i"
-			# Tag it with the new registry destination
-			docker tag soshybridhunter/"$i" "$HOSTNAME":5000/soshybridhunter/"$i"
-			docker push "$HOSTNAME":5000/soshybridhunter/"$i"
+			{
+				docker pull --disable-content-trust=false docker.io/soshybridhunter/"$i"
+				# Tag it with the new registry destination
+				docker tag soshybridhunter/"$i" "$HOSTNAME":5000/soshybridhunter/"$i"
+				docker push "$HOSTNAME":5000/soshybridhunter/"$i"
+			} >> "$setup_log" 2>&1
+			
 		done
 
 		# Prune any images that aren't used by containers
-		docker image prune -af
+		docker image prune -af >> "$setup_log" 2>&1
 	else
-		tar xvf /nsm/docker-registry/dockerso-dockers-$VERSION.tar
-		rm /nsm/docker-registry/docker/so-dockers-$VERSION.tar
+		tar xvf /nsm/docker-registry/dockerso-dockers-$VERSION.tar >> "$setup_log" 2>&1
+		rm /nsm/docker-registry/docker/so-dockers-$VERSION.tar >> "$setup_log" 2>&1
 	fi
 
 }
@@ -851,7 +859,7 @@ network_setup() {
 		fi
 
         echo "... Copying 99-so-checksum-offload-disable";
-        cp "$SCRIPTDIR"/install_scripts/99-so-checksum-offload-disable /etc/NetworkManager/dispatcher.d/pre-up.d/99-so-checksum-offload-disable ;
+        cp ./install_scripts/99-so-checksum-offload-disable /etc/NetworkManager/dispatcher.d/pre-up.d/99-so-checksum-offload-disable ;
 
 		echo "... Modifying 99-so-checksum-offload-disable";
 		sed -i "s/\$MNIC/${MNIC}/g" /etc/NetworkManager/dispatcher.d/pre-up.d/99-so-checksum-offload-disable;
@@ -1143,6 +1151,7 @@ set_progress_str() {
 
 	percentage_str="XXX\n${percentage}\n${progress_bar_text}\nXXX"
 	echo -e "$percentage_str"
+	sleep 5
 }
 
 sensor_pillar() {
@@ -1218,6 +1227,9 @@ set_initial_firewall_policy() {
 
   set_main_ip
 
+  mkdir -p /opt/so/saltstack/pillar/firewall
+  mkdir -p /opt/so/saltstack/pillar/data
+
 	case "$install_type" in
 		'MASTER')
 			printf "  - %s\n" "$MAINIP" | tee /opt/so/saltstack/pillar/firewall/minions.sls /opt/so/saltstack/pillar/firewall/masterfw.sls
diff --git a/setup/so-setup b/setup/so-setup
index 2a340f35e..ec4ca82b3 100755
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -252,6 +252,7 @@ fi
 
 if [[ $is_minion ]]; then
 	set_updates
+	copy_ssh_key
 fi
 
 # Begin install
@@ -265,15 +266,24 @@ fi
 		sensor_pillar >> "$setup_log" 2>&1
 	fi
 
-	set_progress_str 2 'Installing Salt and dependencies'
+	set_progress_str 3 'Installing Salt and dependencies'
 	saltify
 	
-	set_progress_str 10 'Installing Docker and dependencies'
+	set_progress_str 8 'Installing Docker and dependencies'
 	docker_install
+
+	set_progress_str 9 'Configuring firewall'
+	set_initial_firewall_policy
+
+	set_progress_str 10 "$(print_salt_state_apply 'firewall')"
+	salt-call state.apply -l info firewall >> $setup_log 2>&1
 	
-	set_progress_str 12 'Initializing Salt minion'
+	set_progress_str 11 'Initializing Salt minion'
 	configure_minion "$minion_type"
 
+	set_progress_str 12 'Generating CA'
+	gen_ca
+
 	if [[ $is_master || $is_helix ]]; then
 		set_progress_str 13 'Configuring Salt master'
 		copy_master_config
@@ -287,7 +297,7 @@ fi
 		
 		set_progress_str 17 'Generating master pillar'
 		master_pillar
-
+		
 		set_progress_str 18 'Accepting Salt key'
 		salt-key -ya "$MINION_ID" >> "$setup_log" 2>&1
 	fi
@@ -308,12 +318,6 @@ fi
 	set_progress_str 21 'Running intial Salt highstate'
 	salt-call state.highstate -l info >> "$setup_log" 2>&1
 
-	set_progress_str 23 'Configuring firewall'
-	set_initial_firewall_policy
-
-	set_progress_str 25 'Generating CA'
-	gen_ca
-
 	if [[ $is_node ]]; then
 		set_progress_str 25 'Setting node type'
 		set_node_type
@@ -344,7 +348,7 @@ fi
 
 	set_progress_str 65 "$(print_salt_state_apply 'common')"
 	salt-call state.apply -l info common >> $setup_log 2>&1
-
+	
 	if [[ "$OSQUERY" = 1 ]]; then
 		set_progress_str 66 "$(print_salt_state_apply 'fleet')"
 		salt-call state.apply -l info fleet >> $setup_log 2>&1
@@ -384,7 +388,7 @@ fi
 		salt-call state.apply -l info utility >> $setup_log 2>&1
 	fi
 
-	if [[ $is_helix || $is_master || $is_node ]]; then
+	if [[ ( $is_helix || $is_master || $is_node ) && ! $is_eval ]]; then
 		set_progress_str 75 "$(print_salt_state_apply 'logstash')"
 		salt-call state.apply -l info logstash >> $setup_log 2>&1