Cisco Secure Firewall Management Center Virtual Getting Started Guide

PDF

Deploy the Firewall Management Center Virtual

Updated: February 5, 2026

Want to summarize with AI?

Log in

Overview

Learn how to deploy Management Center Virtual on AWS using Amazon Marketplace and the EC2 console. Configure instance details, storage, security groups, key pairs, and Elastic IPs, then verify deployment status and access the appliance using SSH or HTTPS.

Before you begin

  • Configure AWS VPC and EC2 elements as described in Configuring Your AWS Environment.

  • Confirm that an AMI is available for the Firewall Management Center Virtual instances.

Note

The default admin password is the AWS Instance ID, unless you define a default password with user data (Advanced Details > User Data) during the initial deployment.

Procedure

1.

Go to https://aws.amazon.com/marketplace (Amazon Marketplace) and sign in.

2.

After you are logged in to the Amazon Marketplace, click the link provided for the Firewall Management Center Virtual.

Note

If you were previously in AWS, you may need to sign out and then sign back in for the link to work.
3.

Click Continue, then click the Manual Launch tab.

4.

Click Accept Terms.

5.

Click Launch with EC2 Console in your desired region

6.

Choose an Instance Type supported by the Firewall Management Center Virtual; see About Deployment On the AWS Cloud for the supported instance types.

7.

Click the Next: Configure Instance Details button at the bottom of the screen:

  1. Change the Network to match your previously created VPC.

  2. Change the Subnet to match your previously created management subnet. You can specify an IP address or use auto-generate.

  3. Under Advanced Details > User Data, add the default login information.

    Modify the example below to match your requirements for device name and password.

    Sample login configuration:

    
#FMC
{
"AdminPassword": "<enter_your_password>",
"Hostname": "<Hostname-vFMC>"
}
    Caution

    Use only plain text when entering data in the Advanced Details field. If you copy this information from a text editor, make sure you copy only as plain text. If you copy any Unicode data into the Advanced Details field, including white space, the instance may be corrupted and you will have to terminate the instance and re-create it.

    In Version 7.0 and greater, the default admin password is the AWS Instance ID, unless you define a default password with user data (Advanced Details > User Data) during the initial deployment.

    In earlier releases the default admin password was Admin123.
8.

Click Next: Add Storage to configure your storage device settings.

Edit the settings of the root volume so the volume Size (GiB) is 250 GiB. Less than 250 GiB will limit event storage and is not supported.
9.

Click Next: Tag Instance.

A tag consists of a case-sensitive key-value pair. For example, you could define a tag with Key = Name and Value = Management.

10.

Select Next: Configure Security Group.

11.

Click Select an existing Security Group and choose the previously configured Security Group, or create a new Security Group; see AWS documentation for more information on creating Security Groups.

12.

Click Review and Launch.

13.

Click Launch.

14.

Select an existing key pair or create a new key pair.

Note

You can select an existing key pair, or create a new key pair. The key pair consists of a public key that AWS stores and a private key file that the user stores. Together they allow you to connect to your instance securely. Be sure to save the key pair to a known location, as it will may be required to connect to the instance.
15.

Click Launch Instances.

16.

Click EC2 Dashboard > Elastic IPs and find a previously allocated IP, or allocate a new one.

17.

Select the elastic IP, right-click and select Associate Address.

Locate the Instance or Network Interface to select, then click Associate.

18.

Click EC2 Dashboard > Instances.
19.

The Firewall Management Center Virtual Instance state will show “running” and Status checks will show pass for “2/2 checks” after only a few minutes. However, deployment and initial setup processes will take approximately 30 to 40 minutes to complete. To view the status, right-click the Instance, then select Instance Settings > Get Instance Screenshot.

When setup is complete (after approximately 30 to 40 minutes), the Instance Screenshot should show a message similar to “Cisco Secure Firewall Management Center for AWS vW.X.Y (build ZZ)” and possibly followed by some additional lines of output.

You should then be able to log in to the newly created the Firewall Management Center Virtual using SSH or HTTPs. Actual deployment times may vary depending on the AWS load in your region.

You can access the Firewall Management Center Virtual using SSH:


ssh -i <key_pair>.pem admin@<Public_Elastic_IP>

SSH authentication is handled by a key pair. No password is required. If you are prompted for a password then setup is still running.

You can also access the Firewall Management Center Virtual using HTTPS:


https//<Public_Elastic_IP>
Note

If you see a “system startup processes are still running” then setup is not yet complete.

If you get no response from SSH or HTTPS, double check these items:

  • Make sure deployment is complete. The Firewall Management Center Virtual VM Instance Screenshot should show a message similar to “Cisco Secure Firewall Management Center for AWS vW.X.Y (build ZZ)” and possibly followed by some additional lines of output.

  • Make sure you have an Elastic IP and that it is associated with the Firewall Management Center's management network interface (eni) and that you are connecting to that IP address.

  • Make sure there is an Internet Gateway (igw) associated with your VPC.

  • Make sure your management subnet has a route table associated with it.

  • Make sure the route table associated with your Management subnet has a route for “0.0.0.0/0” that points to your Internet gateway (igw).

  • Make sure your Security Group allows incoming SSH and/or HTTPS from the IP addresses you are connecting from.

What to do next

Configuring Policies and Device Settings

After you install the Firewall Threat Defense Virtual and add the device to the Management Center, you can use the Firewall Management Center user interface to configure device management settings for the Firewall Threat Defense Virtual running on AWS and to configure and apply access control policies and other related policies to manage traffic using your Firewall Threat Defense Virtual device. The security policy controls the services provided by the Firewall Threat Defense Virtual, such as Next Generation IPS filtering and application filtering. You configure the security policy on the Firewall Threat Defense Virtual using the Firewall Management Center. For information about how to configure the security policy, see the Configuration Guide or the online help in Management Center.