Cisco 1600 User manual

Cisco Firepower Management Center 1600, 2600,

and 4600 Getting Started Guide

First Published: 2019-06-26

Last Modified: 2022-05-31

Firepower Management Center 1600, 2600, and 4600 Getting Started Guide

The Firepower Management Center 1600, 2600, and 4600 Getting Started Guide explains installation, login,

setup, initial administrative settings, and configuration for your secure network. This document also describes

maintenance activities such as establishing alternative means of management center access, adding managed

devices to the management center, factory reset, saving and loading configurations, erasing the hard drive,

and performing shutdown or restart.

In a typical deployment on a large network, you install multiple managed devices on network segments. Each

device controls, inspects, monitors, and analyzes traffic, and then reports to a management center. The

management center provides a centralized management console with a web interface that you can use to

perform administrative, management, analysis, and reporting tasks in service to securing your local network.

About the Firepower Management Center Models 1600, 2600, and 4600

The following topics provide information about front and rear panel features that you need to follow the

instructions in this document.

Rear Panel Features

The following figure illustrates the rear panel of the Firepower Management Center 1600, 2600, and 4600.

For more information on the rear-panel features, see the Cisco Firepower Management Center 1600, 2600,

and 4600 Hardware Installation Guide.

Figure 1: Rear Panel

USB 3.0 Type A (USB 2)

You can connect a keyboard, and along with a

monitor on the VGA port, you can access the

console.

2USB 3.0 Type A (USB 1)

You can connect a keyboard, and along with a

monitor on the VGA port, you can access the

console.

Cisco Firepower Management Center 1600, 2600, and 4600 Getting Started Guide

eth1 management interface (labeled 2)

Gigabit Ethernet 100/1000/10000 Mbps interface,

RJ-45, LAN2

4eth0 management interface (labeled 1)

Supports 100/1000/10000 Mbps depending on

link partner capability.

CIMC interface (labeled M)

Supported only for Lights-Out Management

access.

6VGA video port (DB-15 connector)5

Unit identification button8Serial console port (RJ-45 connector)

Disabled by default.

770-W AC power supply (PSU 2)10770-W AC power supply (PSU 1)9

eth2 management interface

10-Gigabit Ethernet SFP+ support

SFP-10G-SR and SFP-10G-LR are qualified for

use on the management center.

12Threaded holes for dual-hole grounding lug11

Riser handle

Not supported

14eth3 management interface

10-Gigabit Ethernet SFP+ support

SFP-10G-SR and SFP-10G-LR are qualified for

use on the management center.

Front Panel LEDs and their States

The following figure illustrates the front panel of the Firepower Management Center 1600, 2600, and 4600,

identifies the LED lights, and provides the information you need to determine appliance status based on the

LEDs. The Firepower Management Center 2600 has four SAS drives, and the Firepower Management Center

4600 has six SAS drives, each with the same drive fault and drive activity LEDs as shown in the diagram.

For information on all the front-panel features, see the Cisco Firepower Management Center 1600, 2600, and

4600 Hardware Installation Guide.

Cisco Firepower Management Center 1600, 2600, and 4600 Getting Started Guide

Firepower Management Center 1600, 2600, and 4600 Getting Started Guide

Front Panel LEDs and their States

Figure 2: Front Panel LEDs and their States

Drive activity LED:

• Off—There is no drive in the drive tray (no

access, no fault).

• Green—The drive is ready.

• Green, flashing—The drive is reading or

writing data.

2Drive fault LED:

• Off—The drive is operating properly.

• Amber—Drive fault detected.

• Amber, flashing—The drive is rebuilding.

• Amber, flashing with 1-second

interval—Drive locate function activated in

the software.

Unit identification LED:

• Off—The unit identification function is not

in use.

• Blue, flashing—The unit identification

function is activated.

4Power LED:

• Off—There is no AC power to the chassis.

• Amber—The chassis is in standby mode.

• Green—The chassis is in main power mode.

Power is supplied to all components.

Cisco Firepower Management Center 1600, 2600, and 4600 Getting Started Guide

Firepower Management Center 1600, 2600, and 4600 Getting Started Guide

Front Panel LEDs and their States

Power supply status LED:

• Green—All power supplies are operating

normally.

• Amber—One or more power supplies are in

a degraded operational state.

• Amber, flashing—One or more power

supplies are in a critical fault state.

6System status LED:

• Green—The chassis is running in normal

operating condition.

• Green, flashing—The chassis is performing

system initialization and memory check.

• Amber—The chassis is in a degraded

operational state (minor fault).

• Power supply redundancy is lost.

• CPUs are mismatched.

• At least one CPU is faulty.

• At least one DIMM is faulty.

• At least one drive in a RAID

configuration failed.

• Amber, two flashes—There is a major fault

with the system board.

•Amber, three flashes—There is a major fault

with the DIMMs.

• Amber, four flashes—There is a major fault

with the CPUs.

Network link activity LED:

• Off—The Ethernet port link is idle.

• Green—One or more Ethernet ports are

link-active, but there is no activity.

•Green, flashing—One or more Ethernet ports

are link-active with activity.

8Fan status LED:

• Green—All fans are operating properly.

• Amber, flashing—One or more fans

breached the unrecoverable threshold.

Temperature status LED:

• Green—The chassis is operating at normal

temperature.

• Amber—One or more temperature sensors

breached the critical threshold.

• Amber, flashing—One or more temperature

sensors breached the unrecoverable

threshold.

Cisco Firepower Management Center 1600, 2600, and 4600 Getting Started Guide

Firepower Management Center 1600, 2600, and 4600 Getting Started Guide

Front Panel LEDs and their States

Related Documentation

For virtual devices, refer to the documentation for your virtual platform. For VMware in particular, custom

power options are part of VMware Tools.

Tip

Do not shut off the management center using the power button; this may cause data loss. Using the web

interface or shutdown commands prepares the system to be safely powered off and restarted without losing

configuration data.

Caution

Procedure

Step 1 Choose System >Configuration> Process

Step 2 Choose one of the following:

•Shutdown Management Center to initiate a graceful shutdown of the management center.

•Reboot Management Center to shutdown and restart the management center gracefully.

•Restart Management Center Console to restart the communications, database, and HTTP server

processes. This is typically used during troubleshooting, and may cause deleted hosts to reappear in the

network map.

Install the Management Center for Versions 6.5 and Later

Follow these instructions to install the management center that will run Versions 6.5 and later.

Review Network Deployment for Versions 6.5 and Later

To deploy the management center you need information about the environment within which it will operate.

The following figure shows an example network configuration for a firewall deployment.

Cisco Firepower Management Center 1600, 2600, and 4600 Getting Started Guide

Firepower Management Center 1600, 2600, and 4600 Getting Started Guide

Install the Management Center for Versions 6.5 and Later

Figure 3: Example Network Deployment

By default the management center connects to your local management network through its management

interface (eth0). Through this connection the management center communicates with a management computer;

managed devices; services such as DHCP, DNS, NTP; and the internet.

The management center requires internet access to support Smart Licensing, Secure Firewall threat intelligence

director, and malware defense services. Depending on services provided by your local management network,

the management center may also require internet access to reach an NTP or DNS server. You can configure

your network to provide internet access to the management center directly or through a firewall device.

You can upload updates for system software, as well as the Vulnerability Database (VDB), Geolocation

Database (GEoDB), and intrusion rules directly to the management center from an internet connection or from

a local computer that has previously downloaded these updates from the internet.

Cisco Firepower Management Center 1600, 2600, and 4600 Getting Started Guide

Firepower Management Center 1600, 2600, and 4600 Getting Started Guide

Review Network Deployment for Versions 6.5 and Later

To establish the connection between the management center and one of its managed devices, you need the IP

address of at least one of the devices: the management center or the managed device. We recommend using

both IP addresses if available. However, you may only know one IP address. For example, managed devices

may be using private addresses behind NAT, so you only know the management center address. In this case

you can specify the management center address on the managed device plus a one-time, unique password of

your choice called a NAT ID. On the management center, you specify the same NAT ID to identify the

managed device.

The initial setup and configuration process described in this document assumes the management center will

have internet access. If you are deploying a management center in an air-gapped environment, see the Cisco

Secure Firewall Management Center Administration Guide for your version for alternative methods you can

use to support certain features such as configuring a proxy for HTTP communications, or using a Smart

Software Satellite Server for Smart Licensing. In a deployment where the management center has internet

access, you can upload updates for system software, as well as the Vulnerability Database (VDB), Geolocation

Database (GEoDB), and intrusion rules directly to the management center from an internet connection. But

if the management center does not have internet access, the management center can upload these updates from

a local computer that has previously downloaded them from the internet. Additionally, in an air-gapped

deployment you might use the management center to serve time to devices in your deployment.

Initial Network Configuration for Management Centers Using Versions 6.5+:

• Management Interface

By default the management center seeks out a local DHCP server for the IP address, network mask, and

default gateway to use for the management interface (eth0). If the management center cannot reach a

DHCP server, it uses the default IPv4 address 192.168.45.45, netmask 255.255.255.0, and gateway

192.168.45.1. During initial setup you can accept these defaults or specify different values.

If you choose to use IPv6 addressing for the management interface, you must configure this through the

web interface after completing the initial setup.

• DNS Server(s)

Specify the IP addresses for up to two DNS servers. If you are using an evaluation license you may

choose not to use DNS. (During initial configuration you can also provide a hostname and domain to

faciliate communications between the management center and other hosts through DNS; you can configure

additional domains after completing intial setup.)

• NTP Server(s)

Synchronizing the system time on your management center and its managed devices is essential to

successful operation of your System; setting management center time synchronization is required during

initial configuration. You can accept the default (0.sourcefire.pool.ntp.org and 1.sourcefire.pool.ntp.org

as the primary and secondary NTP servers, respectively), or supply FQDNs or IP addresses for one or

two trusted NTP servers reachable from your network. (If you are not using DNS you may not use FQDNs

to specify NTP servers.)

End to End Procedure to Install the Management Center for Versions 6.5 and Later

See the following tasks to deploy and configure a management center that will run Versions 6.5 and later.

Cisco Firepower Management Center 1600, 2600, and 4600 Getting Started Guide

Firepower Management Center 1600, 2600, and 4600 Getting Started Guide

End to End Procedure to Install the Management Center for Versions 6.5 and Later

Review Network Deployment for Versions 6.5 and Later, on page 6Pre-Configuration

Connect Cables Turn On Power Verify Status for Versions 6.5 and Later, on

page 9

Pre-Configuration

Use one of the following:

•Perform Initial Setup at the Web Interface for Versions 6.5 and Later, on

page 12

•Management Center Initial Setup Using the CLI for Versions 6.5 and Later,

on page 15

Management Center

Review Automatic Initial Configuration for Versions 6.5 and Later, on page

Management Center

Configure Management Center Administrative Settings, on page 29Management Center

Add Managed Devices to the Management Center, on page 38Management Center

Connect Cables Turn On Power Verify Status for Versions 6.5 and Later

This procedure references the rear panel ports of the Firepower Management Center 1600, 2600, and 4600.

AC power supplies have internal grounding so no additional chassis grounding is required when the supported

AC power cords are used. For more information about supported power cords, see the Cisco Firepower

Management Center 1600, 2600, and 4600 Hardware Installation Guide.

We recommend that you establish a connection to support alternate access to the management center for

troubleshooting in case of network outage or other problems that prevent you from accessing the management

center web interface. You can establish one or more of the three connections listed below; console messages

will appear in the output you select in the management center web interface under System >Configuration >

Console Configuration.

•Connect a keyboard and monitor to the management center as described in steps 5 and 6. (The management

center sends console messages to the VGA port by default.)

Cisco Firepower Management Center 1600, 2600, and 4600 Getting Started Guide

Firepower Management Center 1600, 2600, and 4600 Getting Started Guide

Connect Cables Turn On Power Verify Status for Versions 6.5 and Later

• Connect a local computer to the management center serial port as described in Step 7. (To use this

connection see Set Up Serial Access, on page 40.)

• Connect the management center CIMC port to a local network reachable from a local computer where

you will run an IPMI utility for Lights-Out Management, as described in Step 8. (To use this connection

see Set Up Lights-Out Management, on page 41.)

After rack-mounting the chassis, follow these steps to connect cables, turn on power, and verify connectivity.

Use the following figure to identify the rear panel ports.

Figure 4: Cable Connections

Before you begin

Read the Regulatory and Compliance Safety Information document before installing the management center

chassis.

Important

• Rack-mount the appliance as described in the Cisco Firepower Management Center 1600, 2600, and

4600 Hardware Installation Guide.

Procedure

Step 1 eth0 management interface (labeled "1" on the rear panel) — Using an Ethernet cable, connect the eth0

interface to the default management network reachable from your management PC. This interface is the default

management interface and is enabled by default. Confirm that the link LED is on for both the network interface

on the local computer and the management center management interface.

You can use this connection to configure network settings and perform initial setup using HTTPS. You can

also use this connection to perform routine management, and to manage devices from the management center

web interface.

Step 2 (Optional) eth1 management interface (labeled "2" on the rear panel)—Connect this management interface

to the same or different network from your other management interfaces depending on your network needs.

For more information about management interfaces, see the Cisco Secure Firewall Management Center

Administration Guide and about network topology, see the Cisco Secure Firewall Management Center Device

Configuration Guide.

Cisco Firepower Management Center 1600, 2600, and 4600 Getting Started Guide

Firepower Management Center 1600, 2600, and 4600 Getting Started Guide

Connect Cables Turn On Power Verify Status for Versions 6.5 and Later

Step 3 (Optional) eth2 management interface —Install any management center-supported SFP+ transceiver and cable

in this 10-Gigabit Ethernet SFP+ interface as needed. You can connect this interface to the same or different

network from your other management interfaces depending on your network needs. For more information

about management interfaces, see the Cisco Secure Firewall Management Center Administration Guide and

about network topology, see the Cisco Secure Firewall Management Center Device Configuration Guide.

Each management center-supported SFP+ transceiver (SFP-10G-SR and SFP-10G-LR) has an internal serial

EEPROM that is encoded with security information. This encoding allows us to identify and validate that the

SFP transceiver meets the requirements for the chassis.

Only management center-supported SFP+ transceivers are compatible with the 10-Gb interfaces.

Cisco TAC may refuse support for any interoperability problems that result from using an untested

third-party SFP transceiver.

Note

Step 4 (Optional) eth3 management interface —Install any management center-supported SFP+ transceiver and cable

in this 10-Gigabit Ethernet SFP+ interface as needed. You can connect this interfaces to the same or different

network from your other management interfaces depending on your network needs. For more information

about management interfaces, see the Cisco Secure Firewall Management Center Administration Guide and

about network topology, see the Cisco Secure Firewall Management Center Device Configuration Guide.

Each management center-supported SFP+ transceiver (SFP-10G-SR and SFP-10G-LR) has an internal serial

EEPROM that is encoded with security information. This encoding allows us to identify and validate that the

SFP transceiver meets the requirements for the chassis.

Only management center-supported SFP+ transceivers are compatible with the 10-Gb interfaces.

Cisco TAC may refuse support for any interoperability problems that result from using an untested

third-party SFP transceiver.

Note

Step 5 (Optional) USB port —Connect a keyboard to the USB port..

You can use this connection and a monitor connected to the VGA port to configure network settings and

perform initial setup at the CLI; see Management Center Initial Setup Using the CLI for Versions 6.5 and

Later, on page 15.

Step 6 (Optional) VGA port —Connect a monitor to the VGA port.

The management center sends console messages to the VGA port by default. You can use this connection and

a keyboard connected to a USB port to configure network settings and perform initial setup at the CLI; see

Management Center Initial Setup Using the CLI for Versions 6.5 and Later, on page 15.

Step 7 (Optional) Use the RJ-45 to DB-9 console cable supplied with the appliance (Cisco part number 72-3383-XX)

to connect a local computer to the management center serial port. (You may need a DB-9-to-USB adaptor to

connect to the local computer.) You can use this connection for serial access (see Set Up Serial Access, on

page 40) and to configure network settings and perform initial setup at the CLI (see Management Center

Initial Setup Using the CLI for Versions 6.5 and Later, on page 15).

Step 8 (Optional) Use an ethernet cable to connect the CIMC port to a local network reachable from a computer

where you will run an IPMI utility for Lights-Out Management. See Set Up Lights-Out Management, on page

41 more information.

Step 9 Power supply—Use one of the supported power cords to connect the power supplies of the chassis to your

power source. For more information about supported power cords, see the Cisco Firepower Management

Center 1600, 2600, and 4600 Hardware Installation Guide.

We recommend connecting both power supplies on the management center to provide redundancy

protection. The appliance generates a health alert if only one power supply is connected.

Note

Cisco Firepower Management Center 1600, 2600, and 4600 Getting Started Guide

Firepower Management Center 1600, 2600, and 4600 Getting Started Guide

Connect Cables Turn On Power Verify Status for Versions 6.5 and Later

Step 10 Power—Press the Power button on the front of the chassis, and verify that the power status LED is on.

Step 11 Verify— Use the diagram in Front Panel LEDs and their States, on page 2 to check that the front-panel

LEDs reflect a good status.

Perform Initial Setup at the Web Interface for Versions 6.5 and Later

If you have HTTPS access to the management center IP address (either the address obtained from DHCP or

the default 192.168.45.45), you can perform initial setup using HTTPS at the appliance web interface. If you

need to manually set the management center IP address, see Management Center Initial Setup Using the CLI

for Versions 6.5 and Later, on page 15.

When you log into the management center web interface for the first time, the management center presents

an Initial Configuration Wizard to enable you to quickly and easily configure basic settings for the appliance.

This wizard consists of three screens and one pop-up dialog box:

•The first screen forces you to change the password for the admin user from the default value of Admin123.

• The second screen presents the End User License Agreement (EULA), which you are required to accept

before using the appliance.

• The third screen allows you to change network settings for the appliance management interface. This

page is prepopulated with current settings, which you may change.

If you are setting up an appliance after restoring it to factory defaults (see About the Restore Process, on

page 50) and you did not delete the appliance's license and network settings, the prompts will be

pre-populated with the retained values.

• The wizard performs validation on the values you enter on this screen to confirm the following:

• Syntactical correctness

• Compatibility of the entered values (for instance, compatible IP address and gateway, or DNS

provided when NTP servers are specified using FQDNs)

• Network connectivity between the management center and the DNS and NTP servers

The wizard displays the results of these tests in real time on the screen, which allows you to make

corrections and test the viability of your configuration before clicking Finish at the bottom of the screen.

The NTP and DNS connectivity tests are nonblocking; you can click Finish before the wizard completes

the connectivity tests. If the system reports a connectivity problem after you click Finish, you cannot

change the settings in the wizard, but you can configure these connections using the web interface after

completing the initial setup.

The system does not perform connectivity testing if you enter configuration values that would result in

cutting off the existing connection between the management center and the browser. In this case the

wizard displays no connectivity status information for DNS or NTP.

• After you have completed the three wizard screens, a pop-up dialog box appears that offers you the

opportunity to (optionally) quickly and easily set up Smart Licensing.

When you have completed the Initial Configuration Wizard and completed or dismissed the Smart Licensing

dialog, the system displays the device management page, described in “Device Management” in the Cisco

Secure Firewall Management Center Device Configuration Guide for your version.

Cisco Firepower Management Center 1600, 2600, and 4600 Getting Started Guide

Firepower Management Center 1600, 2600, and 4600 Getting Started Guide

Perform Initial Setup at the Web Interface for Versions 6.5 and Later

Before you begin

• Install the management center as described in Connect Cables Turn On Power Verify Status for Versions

6.5 and Later, on page 9.

• Be sure you have the following information needed for the management center to communicate on your

management network:

• An IPv4 management IP address.

The management center interface is preconfigured to accept an IP4 address assigned by DHCP.

Consult with your system administrator to determine what IP address your DHCP has been configured

to assign to the management center MAC address. In scenarios where no DHCP is available, the

management center interface uses the IPv4 address 192.168.45.45.

• A network mask and a default gateway (if not using DHCP).

• If you are not using DHCP, configure a local computer with the following network settings:

• IP address: 192.168.45.2

• Netmask: 255.255.255.0

• Default gateway: 192.168.45.1

Disable any other network connections on this computer.

Procedure

Step 1 Use a web browser to navigate to the management center's IP address: https://<Firepower Management

Center-IP>.

The login page appears.

Step 2 Log into the management center using admin as the username and Admin123 as the password for the admin

account. (The password is case-sensitive.)

Step 3 At the Change Password screen:

a) (Optional) Check the Show password check box to see the password while using this screen.

b) (Optional) Click the Generate Password button to have the system create a password for you that complies

with the listed criteria. (Generated passwords are nonmnemonic; take careful note of the password if you

choose this option.)

c) To set a password of your choosing, enter a new password in the New Password and Confirm Password

text boxes.

The password must comply with the criteria listed in the dialog.

The management center compares your password against a password cracking dictionary that

checks not only for many English dictionary words but also other character strings that could

be easily cracked with common password hacking techniques. For example, the initial

configuration script may reject passwords such as "abcdefg" or "passw0rd".

Note

Cisco Firepower Management Center 1600, 2600, and 4600 Getting Started Guide

Firepower Management Center 1600, 2600, and 4600 Getting Started Guide

Perform Initial Setup at the Web Interface for Versions 6.5 and Later

On completion of the initial configuration process the system sets the passwords for the two

admin accounts (one for web access and the other for CLI access) to the same value. The

password must comply with the strong password requirements described in the Cisco Secure

Firewall Management Center Administration Guide for your version. If you change the password

for either admin account thereafter, they will no longer be the same, and the strong password

requirement can be removed from the web interface admin account.

Note

d) Click Next.

Once you click Next on the Change Password screen and the wizard has accepted the new admin

password, that password is in effect for both the web interface and CLI admin accounts even if you do

not complete the remaining wizard activities.

Step 4 At the User Agreement screen, read the EULA and click Accept to proceed.

If you click Decline the wizard logs you out of the management center.

Step 5 Click Next.

Step 6 At the Change Network Settings screen:

a) Enter a Fully Qualified Domain Name. If default value is shown, you may use that if it is compatible

with your network configuration. Otherwise, enter a fully qualified domain name (syntax

<hostname>.<domain>) or hostname.

b) Choose the boot protocol for the Configure IPv4 option, either Using DHCP or Using Static/Manual.

c) Accept the displayed value, if one is shown, for IPv4 Address or enter a new value. Use dotted decimal

form (for example, 192.168.45.45).

If you change the IP address during initial configuration, you need to reconnect to the

management center using the new network information.

Note

d) Accept the displayed value, if one is shown, for Network Mask or enter a new value. Use dotted decimal

form (for example, 255.255.0.0).

If you change the network mask during initial configuration, you need to reconnect to the

management center using the new network information.

Note

e) You can accept the displayed value, if one is shown, for Gateway or enter a new default gateway. Use

dotted decimal form (for example, 192.168.0.1).

If you change the gateway address during initial configuration, you may need to reconnect to

the management center using the new network information.

Note

f) (Optional) For DNS Group you can accept the default value, Cisco Umbrella DNS.

To change the DNS settings, choose Custom DNS Servers from the drop-down list, and enter IPv4

addresses for the Primary DNS and Secondary DNS. If your management center does not have internet

access you cannot use a DNS outside of your local network. Configure no DNS Server by choosing

Custom DNS Servers from the drop-down list and leaving the Primary DNS and Secondary DNS fields

blank.

If you use FQDNs rather than IP addresses to specify NTP servers, you must specify DNS at

this time. If you are using an evaluation license DNS is optional, but DNS is required to use

permanent licenses for your deployment.

Note

Cisco Firepower Management Center 1600, 2600, and 4600 Getting Started Guide

Firepower Management Center 1600, 2600, and 4600 Getting Started Guide

Perform Initial Setup at the Web Interface for Versions 6.5 and Later

g) For NTP Group Servers you can accept the default value, Default NTP Servers. In this case the system

uses 0.sourcefire.pool.ntp.org as the primary NTP server, and 1.sourcefire.pool.ntp.org as the secondary

NTP server.

To configure other NTP servers, choose Custom NTP Group Servers from the drop-down list and enter

the FQDNs or IP addresses of one or two NTP servers reachable from your network. If your management

center does not have internet access you cannot use an NTP server outside of your local network.

If you change network settings during initial configuration, you need to reconnect to the management

center using the new network information.

Note

Step 7 Click Finish.

The wizard performs validation on the values you enter on this screen to confirm syntactical correctness,

compatibility of the entered values, and network connectivity between the management center and the DNS

and NTP servers. If the system reports a connectivity problem after you click Finish, you cannot change the

settings in the wizard, but you can configure these connections using the management center web interface

after completing the initial setup.

What to do next

• If you changed network settings during initial configuration, you need to reconnect to the management

center using the new network information.

• The system displays a pop-up dialog box that offers you the opportunity to quickly and easily set up

Smart Licensing. Using this dialog box is optional; if your management center will be managing threat

defenses and you are familiar with Smart Licensing, use this dialog. Otherwise dismiss this dialog and

refer to ”Licensing” in the Cisco Secure Firewall Management Center Administration Guide for your

version.

• Review the weekly maintenance activites the management center configures automatically as a part of

the initial configuration process. These activities are designed to keep your system up-to-date and your

data backed up. See Review Automatic Initial Configuration for Versions 6.5 and Later, on page 18 .

• When you have completed the Initial Configuration Wizard and completed or dismissed the Smart

Licensing dialog, the system displays the device management page, described in the Cisco Firepower

Management Center Device Configuration Guide. Establish basic configuration for your management

center as described in Configure Management Center Administrative Settings, on page 29.

• You can configure the management center for IPv6 addressing after completing the initial setup using

the web interface as described in the Cisco Secure Firewall Management Center Device Configuration

Guide for your version.

• You can optionally configure the management center for Serial over LAN or Lights-Out-Management

access as described in Set Up Alternate Management Center Access, on page 40.

Management Center Initial Setup Using the CLI for Versions 6.5 and Later

You can perform initial setup using the CLI as an alternative to using the web interface. You must complete

an Initial Configuration Wizard that configures the new appliance to communicate on your trusted management

network. The wizard requires that you accept the end user license agreement (EULA) and change the

administrator password.

Cisco Firepower Management Center 1600, 2600, and 4600 Getting Started Guide

Firepower Management Center 1600, 2600, and 4600 Getting Started Guide

Management Center Initial Setup Using the CLI for Versions 6.5 and Later

Before you begin

• Install the management center as described in Connect Cables Turn On Power Verify Status for Versions

6.5 and Later, on page 9.

• Be sure you have the following information needed for the management center virtual to communicate

on your management network:

• An IPv4 management IP address.

The management center interface is preconfigured to accept an IP4 address assigned by DHCP.

Consult with your system administrator to determine what IP address your DHCP has been configured

to assign to the management center MAC address. In scenarios where no DHCP is available, the

management center interface uses the IPv4 address 192.168.45.45.

• A network mask and a default gateway (if not using DHCP).

• Connect to the management center using one of three methods:

• Establish an SSH connection using the IPv4 management IP address.

• Connect a USB keyboard and VGA monitor to the management center for console access.

• Connect a local computer to the management center serial port with an RJ-45 to DP-9 console cable.

Use SSH to connect to the management center using the IPv4 management IP address.

Procedure

Step 1 Log into the management center virtual at the console using admin as the username and Admin123 as the

password for the admin account. Note that the password is case-sensitive.

Step 2 When prompted, press Enter to display the End User License Agreement (EULA).

Step 3 Review the EULA. When prompted, enter yes,YES, or press Enter to accept the EULA.

You cannot proceed without accepting the EULA. If you respond with anything other than yes,

YES, or Enter, the system logs you out.

Important

Step 4 To ensure system security and privacy, the first time you log in to the management center you are required

to change the admin password. When the system prompts for a new password, enter a new password complying

with the restrictions displayed, and enter the same password again when the system prompts for confirmation.

The management center compares your password against a password cracking dictionary that checks

not only for many English dictionary words but also other character strings that could be easily

cracked with common password hacking techniques. For example, the initial configuration script

may reject passwords such as "abcdefg" or "passw0rd".

Note

On completion of the initial configuration process the system sets the passwords for the two admin

accounts (one for web access and the other for CLI access) to the same value, complying with the

strong password requirements described in the Cisco Secure Firewall Management Center

Administration Guide for your version. If you change the password for either admin account

thereafter, they will no longer be the same, and the strong password requirement can be removed

from the web interface admin account.

Note

Cisco Firepower Management Center 1600, 2600, and 4600 Getting Started Guide

Firepower Management Center 1600, 2600, and 4600 Getting Started Guide

Management Center Initial Setup Using the CLI for Versions 6.5 and Later

Step 5 Answer the prompts to configure network settings.

When following the prompts, for multiple-choice questions, your options are listed in parentheses, such as

(y/n). Defaults are listed in square brackets, such as [y]. Note the following when responding to prompts:

• If you are setting up an appliance after restoring it to factory defaults (see About the Restore Process, on

page 50) and you did not delete the appliance's license and network settings, the prompts will be

pre-populated with the retained values.

• Press Enter to accept the default.

• For hostname, supply a fully qualified domain name (<hostname>.<domain>) or host name. This field

is required.

• If you choose to configure IPv4 manually, the system prompts for IPv4 address, netmask, and default

gateway. If you choose DHCP, the system uses DHCP to assign these values. If you choose not to use

DHCP, you must supply values for these fields; use standard dotted decimal notation.

• Configuring a DNS server is optional; to specify no DNS server enter none. Otherwise specify IPv4

addresses for one or two DNS servers. If you specify two addresses, separate them with a comma. (If

you specify more than two DNS servers, the system ignores the additional entries.) If your management

center does not have internet access you cannot use a DNS outside of your local network.

If you are using an evaluation license, specifying DNS is optional at this time, but DNS is

required to use permanent licenses for your deployment.

Note

• You must enter the fully qualified domain name or IP address for at least one NTP server reachable from

your network. (You may not specify FQDNs for NTP servers if you are not using DHCP.) You may

specify two servers (a primary and a secondary); separate their information with a comma. (If you specify

more than two DNS servers, the system ignores the additional entries.) If your management center does

not have internet access you cannot use an NTP server outside of your local network.

Example:

Enter a hostname or fully qualified domain name for this system [firepower]: fmc

Configure IPv4 via DHCP or manually? (dhcp/manual) [DHCP]: manual

Enter an IPv4 address for the management interface [192.168.45.45]: 10.10.0.66

Enter an IPv4 netmask for the management interface [255.255.255.0]: 255.255.255.224

Enter the IPv4 default gateway for the management interface [ ]: 10.10.0.65

Enter a comma-separated list of DNS servers or 'none' [CiscoUmbrella]:

208.67.222.222,208.67.220.220

Enter a comma-separated list of NTP servers [0.sourcefire.pool.ntp.org,

1.sourcefire.pool.ntp.org]:

Step 6 The system displays a summary of your configuration selections. Review the settings you have entered.

Example:

Hostname: fmc

IPv4 configured via: manual configuration

Management interface IPv4 address: 10.10.0.66

Management interface IPv4 netmask: 255.255.255.224

Management interface IPv4 gateway: 10.10.0.65

DNS servers: 208.67.222.222,208.67.220.220

NTP servers: 0.sourcefire.pool.ntp.org, 1.sourcefire.pool.ntp.org

Step 7 The final prompt gives you the opportunity to confirm the settings.

• If the settings are correct, enter yand press Enter to accept the settings and continue.

Cisco Firepower Management Center 1600, 2600, and 4600 Getting Started Guide

Firepower Management Center 1600, 2600, and 4600 Getting Started Guide

Management Center Initial Setup Using the CLI for Versions 6.5 and Later

• If the settings are incorrect, enter nand press Enter. The system prompts for the information again,

beginning with hostname.

Example:

Are these settings correct? (y/n) y

If your networking information has changed, you will need to reconnect.

Updated network configuration.

Step 8 After you have accepted the settings, you can enter exit to exit the management center CLI.

What to do next

• You can connect to the management center web interface using the network information you have just

configured.

• Review the weekly maintenance activites the management center configures automatically as a part of

the initial configuration process. These activities are designed to keep your system up-to-date and your

data backed up. See Review Automatic Initial Configuration for Versions 6.5 and Later, on page 18 .

• You can configure the management center for IPv6 addressing after completing the initial setup using

the web interface as described in the Cisco Secure Firewall Management Center Device Configuration

Guide for your version.

• You can optionally configure the management center for Serial over LAN or Lights-Out-Management

access as described in Set Up Alternate Management Center Access, on page 40.

Review Automatic Initial Configuration for Versions 6.5 and Later

As a part of initial configuration (whether performed through the Initial Configuration Wizard or through the

CLI), the management center automatically configures maintenance tasks to keep your system up-to-date and

your data backed up.

These tasks are scheduled in UTC, which means that when they occur locally depends on the date and your

specific location. Also, because tasks are scheduled in UTC, they do not adjust for daylight saving time,

summer time, or any such seasonal adjustments that you may observe in your location. If you are affected,

scheduled tasks occur one hour "later" in the summer than in the winter, according to local time.

We strongly recommend you review the auto scheduled configurations, confirm that the management center

has established them successfully, and adjust them if necessary.

Note

• Weekly GeoDB Updates

The management center automatically schedules GeoDB updates to occur each week at the same randomly

selected time. You can observe the status of this update using the web interface Message Center. You

can see the configuration for this automatic update in the web interface under System >Updates >

Geolocation Updates>Recurring Geolocation Updates. If the system fails to configure the update and

your management center has internet access, we recommend you configure regular GeoDB updates as

described in the Cisco Secure Firewall Management Center Administration Guide for your version.

Cisco Firepower Management Center 1600, 2600, and 4600 Getting Started Guide

Firepower Management Center 1600, 2600, and 4600 Getting Started Guide

Review Automatic Initial Configuration for Versions 6.5 and Later

• Weekly Management Center Software Updates

The management center automatically schedules a weekly task to download the latest software for the

management center and its managed devices. This task is scheduled to occur between 2 and 3 AM UTC

on Sunday mornings; depending on the date and your specific location this can occur any time from

Saturday afternoon to Sunday afternoon local time. You can observe the status of this task using the web

interface Message Center. You can see the configuration for this task in the web interface under System >

Tools >Scheduling. If the task scheduling fails and your management center has internet access, we

recommend you schedule a recurring task for downloading software updates as described in the Cisco

Secure Firewall Management Center Administration Guide for your version.

This task only downloads software patch and hotfix updates for the version your appliances are currently

running; it it your responsibility to install any updates this task downloads. See the Cisco Management

Center Upgrade Guide for more information.

• Weekly Management Center Configuration Backup

The management center automatically schedules a weekly task to perform a locally-stored

configuration-only backup at 2 AM UTC on Monday mornings; depending on the date and your specific

location this can occur any time from Saturday afternoon to Sunday afternoon local time. You can observe

the status of this task using the web interface Message Center. You can see the configuration for this

task in the web interface under System >Tools >Scheduling. If the task scheduling fails, we recommend

you schedule a recurring task to perform backups as described in the Cisco Secure Firewall Management

Center Administration Guide for your version.

• Vulnerability Database Update

In Versions 6.6+, the management center downloads and installs the latest vulnerability database (VDB)

update from the Cisco support site. This is a one-time operation. You can observe the status of this update

using the web interface Message Center. To keep your system up to date, if your management center has

internet access, we recommend you schedule tasks to perform automatic recurring VDB update downloads

and installations as described in the Cisco Secure Firewall Management Center Administration Guide

for your version.

• Daily Intrusion Rule Update

In Versions 6.6+, the management center configures a daily automatic intrusion rule update from the

Cisco support site. The management center deploys automatic intrusion rule upates to affected managed

devices when it next deploys affected policies. You can observe the status of this task using the web

interface Message Center. You can see the configuration for this task in the web interface under System >

Updates >Rule Updates. If configuring the update fails and your management center has internet access,

we recommend you configure regular intrusion rule updates as described in the Cisco Secure Firewall

Management Center Administration Guide for your version.

Install the Management Center for Software Versions 6.3 - 6.4

Follow these instructions to install the management center that will run Versions 6.3 - 6.4.

Review Network Deployment for Versions 6.3-6.4

To deploy the management center you need information about the environment within which it will operate.

The following figure shows an example network configuration for a firewall deployment.

Cisco Firepower Management Center 1600, 2600, and 4600 Getting Started Guide

Firepower Management Center 1600, 2600, and 4600 Getting Started Guide

Install the Management Center for Software Versions 6.3 - 6.4

Figure 5: Example Network Deployment

By default the management center connects to your local management network through its management

interface (eth0). Through this connection the management center communicates with a management computer;

managed devices; services such as DHCP, DNS, NTP; and the internet.

The management center requires internet access to support Smart Licensing, threat intelligence director, and

malware defense services. Depending on services provided by your local management network, the management

center may also require internet access to reach an NTP or DNS server. You can configure your network to

provide internet access to the management center directly or through a firewall device.

You can upload updates for system software, as well as the Vulnerability Database (VDB), Geolocation

Database (GEoDB), and intrusion rules directly to the management center from an internet connection or from

a local computer that has previously downloaded these updates from the internet.

Cisco Firepower Management Center 1600, 2600, and 4600 Getting Started Guide

Firepower Management Center 1600, 2600, and 4600 Getting Started Guide

Review Network Deployment for Versions 6.3-6.4

This manual suits for next models

Other Cisco Server manuals

Cisco

Cisco MXE 3500 Manual

Cisco

Cisco UCS Invicta C3124SA Manual

Cisco

Cisco UCS C200 Installation and maintenance instructions

Cisco

Cisco ONS 15454 Series User manual

Cisco

Cisco UCS B200 M3 Manual

Cisco

Cisco C880 M4 Mounting instructions

Cisco

Cisco UCS C460 M2 User manual

Cisco

Cisco AS5300 - Universal Access Server User manual

Cisco

Cisco APP1000 - One Application Server Appliance Instruction Manual

Cisco

Cisco UCS B200 M3 Manual

Cisco

Cisco ONS 15454 SDH User manual

Cisco

Cisco UCS C22 Installation and maintenance instructions

Cisco

Cisco CSACS-1121-K9 User manual

Cisco

Cisco UCS C460 Installation and maintenance instructions

Cisco

Cisco SNS-3415 series User manual

Cisco

Cisco UCS C240 M4 Installation and maintenance instructions

Cisco

Cisco UCS C24 M3 User manual

Cisco

Cisco TelePresenceMCU 5300 Series User manual

Cisco

Cisco UCS C260 Installation and maintenance instructions

Cisco

Cisco UCS B200 Manual

Cisco

Cisco TelePresence Server 7010 Reference guide

Cisco

Cisco UCS C220 M3 Installation and maintenance instructions

Cisco

Cisco Secure Network Server 3600 Series Manual

Cisco

Cisco C460 M4 User manual

Popular Server manuals by other brands

Supermicro

Supermicro SuperStorageSystem SSG-2028R-DN2R40L user manual

AudioCodes

AudioCodes Mediant 1000B SBA Installation and maintenance manual

Biamp

Biamp Tesira SERVER Operation manual

HP D5970A - NetServer - LCII installation guide

Dell

Dell PowerEdge 650 Replacement instructions

HP D7171A - NetServer - LPr Frequently asked questions

ANTAIRA

ANTAIRA STE-501C quick start guide

Fujitsu

Fujitsu Primergy TX120 user guide

HP ProLiant DL388e user guide

HPE

HPE ProLiant MicroServer Gen10 user guide

Supero

Supero SUPERSERVER 5015B-T user manual

Supermicro

Supermicro A+ SERVER 1012C-MRF user manual

Asus

Asus AP2500 Hardware reference guide

Viavi

Viavi G4-ObserverONE manual

Fujitsu

Fujitsu SPARC Enterprise T2000 Product notes

Synology

Synology DiskStation DS410j Brochure & specs

Lenovo

Lenovo System x3850 X6 Installation and service guide

Digital Equipment

Digital Equipment PRIORIS HX user guide