diff --git a/setup/so-functions b/setup/so-functions
index 9e72f227d..ed7644986 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -2180,6 +2180,12 @@ set_initial_firewall_policy() {
 	fi
 }
 
+set_initial_firewall_access() {
+	if [[ ! -z "$ALLOW_CIDR" ]]
+		$default_salt_dir/salt/common/tools/sbin/so-firewall --role=analyst --ip=$ALLOW_CIDR --apply=true
+	fi
+}
+
 # Set up the management interface on the ISO
 set_management_interface() {
 	title "Setting up the main interface"
diff --git a/setup/so-setup b/setup/so-setup
index 3966d6d3d..74da11ec3 100755
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -565,6 +565,7 @@ if ! [[ -f $install_opt_file ]]; then
 		title "Setting up Playbook"
 		logCmd "so-playbook-reset"
 		checkin_at_boot
+		set_initial_firewall_access
 		whiptail_setup_complete
 	else
 		es_heapsize
diff --git a/setup/so-whiptail b/setup/so-whiptail
index 7b50a0b28..d7f3bd535 100755
--- a/setup/so-whiptail
+++ b/setup/so-whiptail
@@ -1267,7 +1267,7 @@ whiptail_so_allow_yesno() {
 	[ -n "$TESTING" ] && return
 
 	whiptail --title "$whiptail_title" \
-		--yesno "Do you want to run so-allow to allow other machines to access this Security Onion installation via the web interface?" \
+		--yesno "Do you want to allow access to this Security Onion installation via the web interface?" \
 		8 75
 }
 
@@ -1280,7 +1280,7 @@ whiptail_so_allow() {
 		10 75 "$1" 3>&1 1>&2 2>&3)
 	local exitstatus=$?
 	
-	export ALLOW_ROLE='a'
+	export ALLOW_ROLE='analyst'
 	export ALLOW_CIDR
 
 	whiptail_check_exitstatus $exitstatus