diff --git a/README.md b/README.md
index 62ce30f1277ae02717e55eb6c2b4813ea1325c43..8c28bb9f3691ae08235b9224452de748153f6022 100644
--- a/README.md
+++ b/README.md
@@ -6,20 +6,37 @@ SOCTools is a set of tools that can be used by a SOC for collecting and analyzin
 Installation
 ------------
 
-Edit soctools-inventory and add the desired docker containers to be deployed. The playbook has been tested on CentOS 7.
-Review *all* settings in group_vars/all/main.yml.
+Do a minimal installation of CentOS 7.
+
+Log in and install ansible:
+# yum -y install epel-release
+# yum -y install ansible git
+# ansible-galaxy collection install ansible.posix
+
+Clone soctools:
+# git clone --single-branch --branch dev1 https://scm.uninett.no/geant-wp8-t3.1/soctools.git
+# cd soctools
+
+Install soctools:
+Edit group_vars/all/main.yml and change 'dslproxy' so that it point to the FQDN of the server.
+# vi group_vars/all/main.yml
 The first entry in the soctools_users variable is the user with full admin privileges in NiFi and Kibana.
 
+To configure the server running soctools, run the ansible playbook:
+# ansible-playbook -i soctools-inventory soctools_server.yml
+
 To build the Docker images needed, run the ansible playbook:
-`ansible-playbook -i soctools-inventory buildimages.yml`
+# ansible-playbook -i soctools-inventory buildimages.yml
 
 To build the CA needed for host and user certificates, run the ansible playbook:
-`ansible-playbook -i soctools-inventory buildca.yml`
-User certificates are exported in roles/ca/files/CA/private.
+# ansible-playbook -i soctools-inventory buildca.yml
+User certificates are can be found in the directory roles/ca/files/CA/private. Import into browser for authentication.
+
+To start the cluster, run the ansible playbook soctools.yml:
+# ansible-playbook -i soctools-inventory soctools.yml -t start
 
-To start and stop the cluster, run the ansible playbook soctools.yml:
-`ansible-playbook -i soctools-inventory soctools.yml -t start` to start the cluster.
-`ansible-playbook -i soctools-inventory soctools.yml -t stop` to stop the cluster.
+To stop the cluster, run the ansible playbook soctools.yml:
+# ansible-playbook -i soctools-inventory soctools.yml -t stop
 
 The NiFi interface should now be available on port 9443 on the server.
 The OpenDistro for Elasticsearch interface should now be available on port 5601 on the server.
diff --git a/group_vars/all/main.yml b/group_vars/all/main.yml
index 93108efea3c99f3e92a8ca1f9e994eb16adf3ad3..ec6afaa0a5f2848cd13f1f423f92de7b5c229f45 100644
--- a/group_vars/all/main.yml
+++ b/group_vars/all/main.yml
@@ -2,6 +2,22 @@
 
 dslproxy: "<CHANGE_ME:hostname>"
 
+soctools_users:
+  - firstname: "Arne"
+    lastname: "Oslebo"
+    username: "arne.oslebo"
+    email: "arne.oslebo@uninett.no"
+    DN: "CN=Arne Oslebo"
+    CN: "Arne Oslebo"
+    password: "Pass002"
+  - firstname: "Bozidar"
+    lastname: "Proevski"
+    username: "bozidar.proevski"
+    email: "bozidar.proevski@finki.ukim.mk"
+    DN: "CN=Bozidar Proevski"
+    CN: "Bozidar Proevski"
+    password: "Pass001"
+
 # TheHive Button plugin
 THEHIVE_URL: "https://hive.gn4-3-wp8-soc.sunet.se/"
 THEHIVE_API_KEY: "5LymseWiurZBrQN8Kqp8O+9KniTL5cE0"
@@ -42,21 +58,6 @@ nifi_repo: "https://archive.apache.org/dist"
 
 ca_cn: "SOCTOOLS-CA"
 
-soctools_users:
-  - firstname: "Arne"
-    lastname: "Oslebo"
-    username: "arne.oslebo"
-    email: "arne.oslebo@uninett.no"
-    DN: "CN=Arne Oslebo"
-    CN: "Arne Oslebo"
-    password: "Pass002"
-  - firstname: "Bozidar"
-    lastname: "Proevski"
-    username: "bozidar.proevski"
-    email: "bozidar.proevski@finki.ukim.mk"
-    DN: "CN=Bozidar Proevski"
-    CN: "Bozidar Proevski"
-    password: "Pass001"
 
 odfees_img: "{{repo}}/odfees:{{version}}{{suffix}}"
 odfekibana_img: "{{repo}}/odfekibana:{{version}}{{suffix}}"
diff --git a/roles/nifi/templates/users.xml.j2 b/roles/nifi/templates/users.xml.j2
index a57969859498c5610ab26a83ae05e53ca093d264..92adb5da1f91db8b4bc0d618766c40dc39f9ea6d 100644
--- a/roles/nifi/templates/users.xml.j2
+++ b/roles/nifi/templates/users.xml.j2
@@ -17,7 +17,7 @@
         <user identifier="c78caf19-016f-1000-0001-{{'%012d'|format(loop.index) }}" identity="CN={{ nifi }}"/>
         {% endfor %}
 	{% for user in soctools_users %}
-        <user identifier="c78caf19-016f-1000-0002-{{'%012d'|format(loop.index) }}" identity="{{ user.username }}"/>
+        <user identifier="c78caf19-016f-1000-0002-{{'%012d'|format(loop.index) }}" identity="{{ user.DN }}"/>
         {% endfor %}        
     </users>
 </tenants>
diff --git a/roles/soctools-server/tasks/main.yml b/roles/soctools-server/tasks/main.yml
index 7b5739e8cb488315827b222e6cedf581e32a6f4e..57cb4b4ba0b478f70ebbbd5fe1ee00258753a790 100644
--- a/roles/soctools-server/tasks/main.yml
+++ b/roles/soctools-server/tasks/main.yml
@@ -36,8 +36,7 @@
 
 - name: Configure fw
   ansible.posix.firewalld:
-    source: "{{ soctools_network }}"
-    zone: public
+    rich_rule: "rule family=ipv4 source address={{ soctools_network }} accept"
     permanent: yes
     state: enabled