hit counter script
Download
Share
Print this page
Cisco Firepower Management Center 1000 Getting Started Manual
  1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Gateway
  5. Firepower Management Center 1000
  6. Getting started manual
Cisco Firepower Management Center 1000 Getting Started Manual

Cisco Firepower Management Center 1000 Getting Started Manual

Hide thumbs

Advertisement

Quick Links

Download this manual
Cisco Firepower Management Center 1000, 2500,
and 4500 Getting Started Guide
First Published: 2017-02-21
Last Modified: 2020-04-06
Cisco Firepower Management Center 1000, 2500, and 4500 Getting Started
Guide
The Firepower Management Center (FMC) 1000, 2500, and 4500 Getting Started Guide explains FMC
installation, login, setup, initial administrative settings, and configuration for your secure network. This
document also describes maintenance activities such as establishing alternative means of FMC access, adding
managed devices to the FMC, FMC factory reset, saving and loading configurations, erasing the hard drive,
and performing an appliance shutdown or restart.
In a typical deployment on a large network, you install multiple managed devices on network segments. Each
device controls, inspects, monitors, and analyzes traffic, and then reports to a managing FMC. The FMC
provides a centralized management console with a web interface that you can use to perform administrative,
management, analysis, and reporting tasks in service to securing your local network.
About the Firepower Management Center Models 1000, 2500, and 4500
The following topics provide information about front and rear panel features that you need to follow the
instructions in this document.
Physical Interfaces
The following figure illustrates the rear panel of the FMC 1000, and identifies ports you need to follow the
instructions in this document. For information on all the rear-panel ports, see the
Center 1000, 2500, and 4500 Hardware Installation
Figure 1: FMC 1000 Rear Panel
Guide.
Cisco Firepower Management Center 1000, 2500, and 4500 Getting Started Guide
Cisco Firepower Management
1

Advertisement

loading

Related Manuals for Cisco Firepower Management Center 1000

Summary of Contents for Cisco Firepower Management Center 1000

  • Page 1 For information on all the rear-panel ports, see the Cisco Firepower Management Center 1000, 2500, and 4500 Hardware Installation Guide. Figure 1: FMC 1000 Rear Panel Cisco Firepower Management Center 1000, 2500, and 4500 Getting Started Guide...
  • Page 2 Cisco Firepower Management Center 1000, 2500, and 4500 Getting Started Guide Front Panel LEDs and their States 2 USB keyboard ports Serial console port You can connect a keyboard, and along with a monitor on the VGA port, you can access the console.
  • Page 3 Cisco Firepower Management Center 1000, 2500, and 4500 Getting Started Guide Front Panel LEDs and their States Figure 3: Front Panel LEDs, Buttons, and their States Drive fault LED Drive activity LED • Off—The drive is operating properly. • Off—There is no drive in the drive tray (no access, no fault).
  • Page 4 Cisco Firepower Management Center 1000, 2500, and 4500 Getting Started Guide Front Panel LEDs and their States System status LED Fan status LED • Green—The chassis is running in normal • Green—All fans are operating properly. operating condition. • Amber—One or more fans breached the •...
  • Page 5 Accessing the FMC CLI or the Linux shell requires a different sequence of steps depending on what Firepower version the FMC is running. Caution We strongly recommend that you do not use the Linux shell unless directed by Cisco TAC or explicit instructions in the user documentation. Before you begin Establish a direct physical connection with the FMC using the serial port, a keyboard and monitor, or establish an SSH session with the FMC's management interface.
  • Page 6 Cisco Firepower Management Center 1000, 2500, and 4500 Getting Started Guide Install the FMC for Versions 6.5 and Later For virtual devices, refer to the documentation for your virtual platform. For VMware in particular, custom power options are part of VMware Tools.
  • Page 7 Cisco Firepower Management Center 1000, 2500, and 4500 Getting Started Guide Review Network Deployment for Versions 6.5 and Later Figure 4: Example Network Deployment By default the FMC connects to your local management network through its management interface (eth0). Through this connection the FMC communicates with a management computer; managed devices; services such as DHCP, DNS, NTP;...
  • Page 8 Cisco Firepower Management Center 1000, 2500, and 4500 Getting Started Guide End to End Procedure to Install the FMC for Versions 6.5 and Later To establish the connection between the FMC and one of its managed devices, you need the IP address of at least one of the devices: the FMC or the managed device.
  • Page 9 Cisco Firepower Management Center 1000, 2500, and 4500 Getting Started Guide Connect Cables Turn On Power Verify Status for Versions 6.5 and Later Pre-Configuration Review Network Deployment for Versions 6.5 and Later, on page 6 Pre-Configuration Connect Cables Turn On Power Verify Status for Versions 6.5 and Later, on...
  • Page 10 Cisco Firepower Management Center 1000, 2500, and 4500 Getting Started Guide Connect Cables Turn On Power Verify Status for Versions 6.5 and Later Figure 5: Cable Connections (Models 2500 and 4500 only.) (Models 2500 and 4500 only.) eth2 management interface...
  • Page 11 CLI. Step 4 (Optional) Use the RJ-45 to DP-9 console cable supplied with the appliance (Cisco part number 72-3383-XX) to connect a local computer to the FMC serial port. You can use this connection for serial or Lights Out Management access to the FMC;...
  • Page 12 Cisco Firepower Management Center 1000, 2500, and 4500 Getting Started Guide Perform Initial Setup at the Web Interface for Versions 6.5 and Later Step 10 Verify— Use the diagram in Front Panel LEDs and their States, on page 2 to check that the front-panel LEDs reflect a good status.
  • Page 13 Cisco Firepower Management Center 1000, 2500, and 4500 Getting Started Guide Perform Initial Setup at the Web Interface for Versions 6.5 and Later Before you begin • Install the FMC as described in Connect Cables Turn On Power Verify Status for Versions 6.5 and Later, on page •...
  • Page 14 If you change the gateway address during initial configuration, you may need to reconnect to the FMC using the new network information. f) (Optional) For DNS Group you can accept the default value, Cisco Umbrella DNS. To change the DNS settings, choose Custom DNS Servers from the drop-down list, and enter IPv4 addresses for the Primary DNS and Secondary DNS.
  • Page 15 Cisco Firepower Management Center 1000, 2500, and 4500 Getting Started Guide FMC Initial Setup Using the CLI for Versions 6.5 and Later To configure other NTP servers, choose Custom NTP Group Servers from the drop-down list and enter the FQDNs or IP addresses of one or two NTP servers reachable from your network. If your FMC does not have internet access you cannot use an NTP server outside of your local network.
  • Page 16 Cisco Firepower Management Center 1000, 2500, and 4500 Getting Started Guide FMC Initial Setup Using the CLI for Versions 6.5 and Later • Be sure you have the following information needed for the FMC to communicate on your management network: •...
  • Page 17 Cisco Firepower Management Center 1000, 2500, and 4500 Getting Started Guide FMC Initial Setup Using the CLI for Versions 6.5 and Later • If you are setting up an appliance after restoring it to factory defaults (see About the Restore Process, on...
  • Page 18 Cisco Firepower Management Center 1000, 2500, and 4500 Getting Started Guide Review Automatic Initial Configuration for Versions 6.5 and Later Example: Are these settings correct? (y/n) y If your networking information has changed, you will need to reconnect. Updated network configuration.
  • Page 19 In Versions 6.6+, the FMC downloads and installs the latest vulnerability database (VDB) update from the Cisco support site. This is a one-time operation. You can observe the status of this update using the web interface Message Center. To keep your system up to date, if your FMC has internet access, we...
  • Page 20 Cisco Firepower Management Center 1000, 2500, and 4500 Getting Started Guide Review Network Deployment for Versions 6.2-6.4 Figure 6: Example Network Deployment By default the FMC connects to your local management network through its management interface (eth0). Through this connection the FMC communicates with a management computer; managed devices; services such as DHCP, DNS, NTP;...
  • Page 21 Cisco Firepower Management Center 1000, 2500, and 4500 Getting Started Guide End to End Procedure to Install an FMC to Run Software Versions 6.2 - 6.4 To establish the connection between the FMC and one of its managed devices, you need the IP address of at least one of the devices: the FMC or the managed device.
  • Page 22 Cisco Firepower Management Center 1000, 2500, and 4500 Getting Started Guide Connect Cables, Turn On Power, Verify Status for Versions 6.2 - 6.4 Pre-Configuration Review Network Deployment for Versions 6.2-6.4, on page 19 Pre-Configuration Connect Cables, Turn On Power, Verify Status for Versions 6.2 - 6.4, on page...
  • Page 23 Cisco Firepower Management Center 1000, 2500, and 4500 Getting Started Guide Connect Cables, Turn On Power, Verify Status for Versions 6.2 - 6.4 Figure 7: Cable Connections (Models 2500 and 4500 only.) (Models 2500 and 4500 only.) eth2 management interface...
  • Page 24 FMC before performing initial setup using the web interface. Step 4 (Optional) Use the RJ-45 to DP-9 console cable supplied with the appliance (Cisco part number 72-3383-XX) to connect a local computer to the FMC serial port. You can use this connection for serial or Lights Out Management access to the FMC;...
  • Page 25 Cisco Firepower Management Center 1000, 2500, and 4500 Getting Started Guide (Optional) Configure Network Settings Using a Physical Connection for Software Versions 6.2 - 6.4 Step 10 Verify— Use the diagram in Front Panel LEDs and their States, on page 2 to check that the front-panel LEDs reflect a good status.
  • Page 26 Cisco Firepower Management Center 1000, 2500, and 4500 Getting Started Guide FMC Initial Setup Using the Web Interface for Software Versions 6.2 - 6.4 • For an FMC connected to a computer with an Ethernet cable, direct the browser on that computer to the default management interface IPv4 address: https://192.168.45.45/.
  • Page 27 Configure Classic Licensing, on page • For FTD physical and virtual devices, you must use Smart Licenses. If you plan to manage devices that use Cisco Smart Software Licensing, you must add smart licenses after completing initial setup, as described in...
  • Page 28 Before you begin Before you add a classic license to the FMC, make sure you have the Product Authorization Key (PAK) provided by Cisco when you purchased the license. If you have a legacy, pre-Cisco license, contact Cisco TAC. Procedure Step 1 Obtain the License Key for your chassis from the License Settings section on the Initial Setup page.
  • Page 29 Cisco Firepower Management Center 1000, 2500, and 4500 Getting Started Guide Configure FMC Administrative Settings If you ordered additional licenses, you can enter the PAKs for those licenses at the same time, Note separating them with commas. Step 3 Follow the on-screen instructions to generate a license or licenses, which will be emailed to you.
  • Page 30 Cisco Firepower Management Center 1000, 2500, and 4500 Getting Started Guide Configure Time Settings Note The admin accounts for accessing an FMC using the shell and accessing an FMC using the web interface are not the same, and may use different passwords.
  • Page 31 Versions 6.2 - 6.4. For Firepower Versions 6.2 - 6.4: Add Smart licenses after completing initial setup. For each license: • Obtain a product license registration token for Smart Licensing from the Cisco Smart Software Manager (CSSM). Consult the...
  • Page 32 • Ensure that the FMC can reach the Cisco Smart Software Manager (CSSM) server at tools.cisco.com:443. • Make sure the FMC has established a connection with an NTP server. During registration, a key exchange occurs between the NTP server and the Cisco Smart Software Manager, so time must be in sync for proper registration.
  • Page 33 Cisco Firepower Management Center 1000, 2500, and 4500 Getting Started Guide Configure Classic Licensing • Enable Cisco Success Network is enabled by default. You can click sample data to see the kind of data Cisco collects. To help you make your decision, read the Cisco Success Network information block.
  • Page 34 Generate a Classic License and Add it to the Firepower Management Center Before you begin • Confirm you have access to the Cisco Product License Registration Portal at https://cisco.com/go/license. • Review the information about types of Classic licenses in the...
  • Page 35 Schedule Weekly GeoDB Updates The Cisco Geolocation Database (GeoDB) is a database of geographical data (such as country, city, coordinates) and connection-related data (such as Internet service provider, domain name, connection type) associated with routable IP addresses.
  • Page 36 Use these instructions to create a scheduled weekly task to automatically download the latest FMC software updates from Cisco. Keeping your FMC software up to date ensures optimum performance. Installing updates after they have been downloaded is your responsibility. See the...
  • Page 37 Use these instructions to schedule regular automatic downloads and installations of the latest VDB update. The Cisco Talos Intelligence Group (Talos) issues periodic VDB updates no more than once daily. We strongly recommend you always maintain the latest VDB update on your FMC.
  • Page 38 Cisco Firepower Management Center 1000, 2500, and 4500 Getting Started Guide Add Managed Devices to the FMC Caution When a VDB update includes changes applicable to managed devices, the first manual or scheduled deploy after installing a new VBD update may result in a small number of packets dropping without inspection.
  • Page 39 Cisco Firepower Management Center 1000, 2500, and 4500 Getting Started Guide Add Managed Devices to the FMC • If your environment uses DNS, note the hostname that resolves to a valid IP address for the device. If your environment uses DHCP to assign IP addresses, use a host name to identify the device rather than an IP address.
  • Page 40 Cisco Firepower Management Center 1000, 2500, and 4500 Getting Started Guide Set Up Alternate FMC Access Set Up Alternate FMC Access After you have completed the initial setup process, you can establish alternate means of accessing the FMC by doing one of the following: •...
  • Page 41 Cisco Firepower Management Center 1000, 2500, and 4500 Getting Started Guide Set Up Lights-Out Management Step 2 Use the RJ-45 to DB-9 console cable supplied with the appliance (Cisco part number 72-3383-XX) to connect a local computer to the FMC serial port. Step 3 Use terminal emulation software (such as HyperTerminal or XModem) on the local computer to interact with the FMC.
  • Page 42 Cisco Firepower Management Center 1000, 2500, and 4500 Getting Started Guide IPMI Utility Installation Procedure Step 1 Enable LOM for the FMC. See Enable Lights-Out Management, on page Step 2 Enable LOM for users who will use the feature. See...
  • Page 43 Cisco Firepower Management Center 1000, 2500, and 4500 Getting Started Guide Enable Lights-Out Management IPMItool (Linux/Mac) ipmiutil (Windows) Description command command The command you want to issue to the appliance. Note that where you issue the command depends on the utility: •...
  • Page 44 Cisco Firepower Management Center 1000, 2500, and 4500 Getting Started Guide Enable Lights-Out Management Users Step 5 Click Save. What to do next You must explicitly grant LOM permissions to users who will use the feature. See Enable Lights-Out Management Users, on page...
  • Page 45 Cisco Firepower Management Center 1000, 2500, and 4500 Getting Started Guide Use the Shell to Redirect the Console Output Procedure Step 1 Choose System > Configuration. Step 2 Choose Console Configuration. Step 3 Select a remote console access option: • Choose VGA to use the appliance’s VGA port. (This is the default.) •...
  • Page 46 Cisco Firepower Management Center 1000, 2500, and 4500 Getting Started Guide Required Preconfiguration Information Note Save all packing materials and include all reference material and power cords when repackaging the appliance. Required Preconfiguration Information Before preconfiguring the appliance, collect the network settings, licenses, and other pertinent information for the staging location and the target location.
  • Page 47 Cisco Firepower Management Center 1000, 2500, and 4500 Getting Started Guide Preconfigure Time Management Preconfigure Time Management Procedure Step 1 Synchronize time to a physical NTP server. Step 2 Set the IP addresses for the DNS and NTP servers using one of the following methods: •...
  • Page 48 Utility The FMC provides a system restore utility that you can use to perform the a number of maintenance functions: • Restore an FMC to factory settings using an ISO image Cisco provides on its Support Site. See About the Restore Process, on page •...
  • Page 49 Cisco Firepower Management Center 1000, 2500, and 4500 Getting Started Guide The Restore Utility Menu The Restore Utility Menu The restore utility for FMCs uses an interactive menu to guide you through the restoration process. The menu displays the options listed in the following table:...
  • Page 50 About the Restore Process The ISO image you use to restore an appliance depends on when Cisco introduced support for that appliance model. Unless the ISO image was released with a minor version to accommodate a new appliance model, ISO images are usually associated with major versions of the system software (for example, 6.1 or 6.2).
  • Page 51 Cisco Firepower Management Center 1000, 2500, and 4500 Getting Started Guide Restore a Firepower Management Center to its Factory Defaults Physical Interfaces, on page 1 to identify the serial port. To interact with the appliance, use terminal emulation software such as HyperTerminal or XModem.
  • Page 52 Cisco Firepower Management Center 1000, 2500, and 4500 Getting Started Guide Restore a Firepower Management Center to its Factory Defaults When restoring a device to factory settings for Versions 6.3+ using LOM, if you do not have Caution physical access to the appliance and you delete the license and network settings, you will be unable to access the appliance after the restore.
  • Page 53 Obtain the Restore ISO and Update Files • If you deregistered the FMC from the Cisco Smart Software Manager, register the appliance to the Cisco Smart Software Manager. Choose System > Licenses > Smart Licenses and click the register icon.
  • Page 54 Cisco Firepower Management Center 1000, 2500, and 4500 Getting Started Guide Start the Restore Utility Using KVM or Physical Serial Port Do not transfer ISO or update files using email; the files can become corrupted. Also, do not change Caution the names of the files;...
  • Page 55 Cisco Firepower Management Center 1000, 2500, and 4500 Getting Started Guide Start the Restore Utility Using Lights-Out Management Start the Restore Utility Using Lights-Out Management If you need to restore an appliance to factory defaults and do not have physical access, you can use LOM to perform the restore process.
  • Page 56 Cisco Firepower Management Center 1000, 2500, and 4500 Getting Started Guide Identify the Appliance's Management Interface The display mode menu gives you only a few seconds to make your selection before timing out. If Important you miss your window of opportunity and accidentally reboot the appliance into system restore mode with Option 1 (for a keyboard and monitor connection), you must obtain physical access to the appliance, wait until the reboot is complete, then the power down the appliance.
  • Page 57 Use the series of pages presented by the restore utility to provide the necessary information for the protocol you chose; see Restore Files Download Configuration, on page If your information was correct, the appliance connects to the server and displays a list of the Cisco ISO images in the location you specified. Step 4 Choose the ISO image you want to use.
  • Page 58 Cisco Firepower Management Center 1000, 2500, and 4500 Getting Started Guide Select System Software and Rule Updates during Restore To use... You must provide... • IP address for the SCP server • Authorized username for the SCP server • Full path to the ISO image directory •...
  • Page 59 Cisco Firepower Management Center 1000, 2500, and 4500 Getting Started Guide Download the ISO and Update Files and Mount the Image Download the ISO and Update Files and Mount the Image Before you begin Be sure you have have completed the appropriate previous steps in the restore process as described in...
  • Page 60 Cisco Firepower Management Center 1000, 2500, and 4500 Getting Started Guide Install the New System Software Version What to do next Complete the tasks in the second pass of the restore process. See Install the New System Software Version, on page...
  • Page 61 Cisco Firepower Management Center 1000, 2500, and 4500 Getting Started Guide Save and Load Firepower Management Center Configurations Always reimage your appliances during a maintenance window. Note Save and Load Firepower Management Center Configurations You can use the restore utility to save a configuration should you need to restore an FMC. Although the restore...
  • Page 62 Cisco Firepower Management Center 1000, 2500, and 4500 Getting Started Guide Load a Saved Firepower Management Center Configuration Load a Saved Firepower Management Center Configuration You can load a previously-saved configuration to restore an FMC. Procedure Step 1 From the restore utility main menu, choose 7 Load Configuration.
  • Page 63 Cisco Firepower Management Center 1000, 2500, and 4500 Getting Started Guide Erase the Hard Drive Step 2 From the restore utility main menu, choose 8 Wipe Contents of Disk. Step 3 When prompted, confirm that you want to erase the hard drive. The process may take several hours to complete;...
  • Page 64 Cisco has more than 200 offices worldwide. Addresses and phone numbers are listed on the Cisco website at www.cisco.com/go/offices. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: https://www.cisco.com/c/en/us/about/legal/trademarks.html.

This manual is also suitable for:

Firepower management center 2500Firepower management center 4500