Launch Firepower Device Manager
When you initially log into Firepower Device Manager, you are taken through the device set up wizard to complete the initial system configuration.
Before You Begin
Ensure that you connect a data interface to your gateway device, for example, a cable modem or router. For edge deployments, this would be your Internet-facing gateway. For data center deployments, this would be a back-bone router. Use the default “outside” interface identified in Deploy the Firepower Threat Defense in Your Network.
Then, connect your management computer to the default “inside” interface. Alternatively, you can connect to the Management physical interface.
1. Open a browser and log into Firepower Device Manager. Assuming you did not go through initial configuration in the CLI, open Firepower Device Manager at https: //ip-address, where the address is one of the following:
–If you are connected to the inside interface: https://192.168.1.1.
–If you are connected to the Management physical interface: https://192.168.45.45.
2. Log in with the username admin, password Admin123.
3. If this is the first time you are logging into the system, and you did not use the CLI set up wizard, you are prompted to read and accept the End User License Agreement and change the admin password. You must complete these steps to continue.
Note: You can choose to skip the device set up wizard if you want to manually configure the security appliance.
4. Configure the following options for the outside and management interfaces and click Next.
Note: Your settings are deployed to the security appliance when you click Next. The interface will be named “outside” and it will be added to the “outside_zone” security zone. Ensure that your settings are correct.
a. Outside Interface —This is the data port that you connected to your gateway modem or router. You cannot select an alternative outside interface during initial device set up. The first data interface is the default outside interface.
Configure IPv4 —The IPv4 address for the outside interface. You can use DHCP or manually enter a static IP address, subnet mask, and gateway. You can also select Off to not configure an IPv4 address.
Configure IPv6 —The IPv6 address for the outside interface. You can use DHCP or manually enter a static IP address, prefix, and gateway. You can also select Off to not configure an IPv6 address.
b. Management Interface
DNS Servers —The DNS server for the system's management address. Enter one or more addresses of DNS servers for name resolution. The default is the OpenDNS public DNS servers. If you edit the fields and want to return to the default, click Use OpenDNS to reload the appropriate IP addresses into the fields.
Firewall Hostname —The hostname for the system's management address.
Note: When you configure the Firepower Threat Defense security appliance using the device set up wizard, the system provides two default access rules for outbound and inbound traffic. You can edit these access rules after initial set up.
5. Configure the system time settings and click Next.
a. Time Zone —Choose the time zone for the system.
b. NTP Time Server —Choose whether to use the default NTP servers or to manually enter the addresses of your NTP servers. You can add multiple servers to provide backups.
6. Configure the smart licenses for the system.
You must have a smart license account to obtain and apply the licenses that the system requires. Initially, you can use the 90-day evaluation license and set up smart licensing later.
To register the security appliance now, click the link to log into your Smart Software Manager account, generate a new token, and copy the token into the edit box.
To use the evaluation license, click Start 90 day evaluation period without registration. To later register the security appliance and obtain smart licenses, click the name of the device in the menu to get to the Device Dashboard, then click the link in the Smart Licenses group.
7. Click Finish.
What to Do Next
Once you complete the device set up wizard, a pop-up window presents you with your next options.
- If you connected other interfaces to networks, choose Configure Interfaces to configure each of the connected interfaces.
- If you want to modify the default access rules, choose Configure Policy to configure and manage traffic policies.
You can select either option, or dismiss the pop-up window to return to the Device Dashboard.
(Optional) Launch the Firepower Threat Defense CLI Wizard
At first boot, or after a system reimage, you can use the CLI set up wizard for initial configuration instead of the Firepower Device Manager, and you can use the CLI for troubleshooting. When you use the CLI to set up the system, you only configure the IP address for the Management interface. However, you cannot configure policies through a CLI session. You still use the Firepower Device Manager to configure, manage, and monitor the system; see Launch Firepower Device Manager.
To log into the CLI, do one of the following:
- Use the console cable included with the security appliance to connect your PC to the console using a terminal emulator set for 9600 baud, 8 data bits, no parity, 1 stop bit, no flow control. See the hardware guide for your security appliance for more information about the console cable.
Note: The CLI on the console port defaults to the FXOS CLI login prompt. You can get to the Firepower Threat Defense CLI using the connect ftd command.
- Use an SSH client to make a connection to the management IP address (the default is 192.168.45.45). Log in using the admin username (default password is Admin123).
After logging in, for information on the commands available in the CLI, enter help or ?.
1. At the firepower login prompt, log in with the default credentials of username admin and the password Admin123.
Cisco Firepower Extensible Operating System (FX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (c) 2009-2015, Cisco Systems, Inc. All rights reserved.
2. Connect to the Firepower Threat Defense application.
3. When the Firepower Threat Defense system boots, a set up wizard prompts you for the following information required to configure the system:
–Accept EULA (End User License Agreement)
–New admin password
–IPv4 or IPv6 configuration
–IPv4 or IPv6 DHCP settings
–Management port IPv4 address and subnet mask, or IPv6 address and prefix
–Default gateway IPv4, IPv6, or data interface set up
–DNS set up
–Management mode (local management required)
4. Review the set up wizard settings. Defaults or previously entered values appear in brackets. To accept previously entered values, press Enter.
Please enter 'YES' or press <ENTER> to AGREE to the EULA:
System initialization in progress. Please stand by.
You must change the password for 'admin' to continue.
You must configure the network to continue.
You must configure at least one of IPv4 or IPv6.
Do you want to configure IPv4? (y/n) [y]: y
Do you want to configure IPv6? (y/n) [n]: y
Configure IPv4 via DHCP or manually? (dhcp/manual) [manual]: manual
Enter an IPv4 address for the management interface [192.168.45.45]: 192.168.0.43
Enter an IPv4 netmask for the management interface [255.255.255.0]: 255.255.255.0
Enter the IPv4 default gateway for the management interface [data-interfaces]: data-interfaces
Configure IPv6 via DHCP, router, or manually? (dhcp/router/manual) [disable]: manual
Enter the IPv6 address for the management interface : 2001:420:1402:200f:e400::22
Enter the IPv6 address prefix for the management interface : 76
Enter the IPv6 gateway for the management interface [data-interfaces]: data-interfaces
Enter a fully qualified hostname for this system [firepower]: FDM-FP2100
Enter a comma-separated list of DNS servers or 'none' [220.127.116.11,18.104.22.168]: 22.214.171.124
Enter a comma-separated list of search domains or 'none' : cisco.com
If your networking information has changed, you will need to reconnect.
Setting IPv6: 2001:420:1402:200f:e400::22 prefix: 76 gateway: 2001:420:1402:200f:e400::1 on management0
Setting DNS servers: 126.96.36.199
Setting DNS domains:cisco.com
Setting hostname as FDM-FP2100
Setting static IPv4: 192.168.0.43 netmask: 255.255.255.0 gateway: 192.168.0.254 on management0
Updating routing tables, please wait...
All configurations applied to the system. Took 3 Seconds.
Saving a copy of running network configuration to local disk.
For HTTP Proxy configuration, run 'configure network http-proxy'
Manage the device locally? (yes/no) [yes]: yes
Configuring firewall mode to routed
Update policy deployment information
- add device configuration
Successfully performed firstboot initial configuration steps for Firepower Device Manager for Firepower Threat Defense.
What to Do Next
Use the Firepower Device Manager to configure, manage, and monitor the system. The features that you can configure through the browser are not configurable through the CLI; you must use the web interface to implement your security policies.