Cisco Secure Firewall Management Center Virtual Getting Started Guide

Deploy the Firewall Management Center Virtual

Updated: February 5, 2026

Want to summarize with AI?

On this page

Overview

Launch Using a Deployment Script
Deploy the Firewall Management Center Virtual

Overview

Learn how to deploy Management Center Virtual on KVM using a deployment script or Virtual Machine Manager. Understand how to configure disk caching, CPU, memory, storage, networking, serial console, watchdog, and optional Day 0 ISO settings to create and launch the virtual machine correctly.

You can launch the Firewall Management Center Virtual on KVM using the following methods:

Using a Deployment Script—Use a virt-install based deployment script to launch the Firewall Management Center Virtual; see Launch Using a Deployment Script.
Using Virtual Machine Manager—Use virt-manager, a graphical tool for creating and managing KVM guest virtual machines, to launch the Firewall Management Center Virtual; see Deploy the Firewall Management Center Virtual.

You can also choose to deploy the Firewall Management Center Virtual without the Day 0 configuration file. This requires you to complete the initial setup using the appliance’s CLI or the web interface.

Launch Using a Deployment Script

You can use a virt-install based deployment script to launch the Firewall Management Center Virtual.

Before you begin

Be aware that you can optimize performance by selecting the best guest caching mode for your environment. The cache mode in use will affect whether data loss occurs, and the cache mode can also affect disk performance.

Each KVM guest disk interface can have one of the following cache modes specified: writethrough, writeback, none, directsync, or unsafe. The writethrough mode provides read caching; writeback provides read and write caching; directsync bypasses the host page cache; unsafe may cache all content and ignore flush requests from the guest.

A cache=writethrough will help reduce file corruption on KVM guest machines when the host experiences abrupt losses of power. We recommend that you use writethrough mode.
However, cache=writethrough can also affect disk performance due to more disk I/O writes than cache=none.
If you remove the cache parameter on the --disk option, the default is writethrough.
Not specifying a cache option may also significantly reduce the time required for the VM creation. This is due to the fact that some older RAID controllers have poor disk caching capability. Hence, disabling disk caching (cache=none) and thus defaulting to writethrough, helps ensure data integrity.

Procedure

	1.	Create a virt-install script called “virt_install_fmc.sh”. The name of the Firewall Management Center Virtual instance must be unique across all other virtual machines (VMs) on this KVM host. The Firewall Management Center Virtual can support one network interface. The virtual NIC must be Virtio. Example: `virt-install \ --connect=qemu:///system \ --network network=default,model=virtio \ --name=fmcv \ --arch=x86_64 \ --cpu host \ --vcpus=4 \ --ram=28672 \ --os-type=generic \ --virt-type=kvm \ --import \ --watchdog i6300esb,action=reset \ --disk path=<fmc_filename>.qcow2,format=qcow2,device=disk,bus=virtio,cache=writethrough \ --disk path=<day0_filename>.iso,format=iso,device=cdrom \ --console pty,target_type=serial \ --serial tcp,host=127.0.0.1:<port>,mode=bind,protocol=telnet \ --force` Note In the deployment script, ensure to set the value of the --os-type parameter to generic for the deployment process to correctly identify the platform on which the virtual instance is deployed.
	2.	Run the virt_install script: Example: `/usr/bin/virt_install_fmc.sh Starting install... Creating domain...` A window appears displaying the console of the VM. You can see that the VM is booting. It takes a few minutes for the VM to boot. Once the VM stops booting you can issue CLI commands from the console screen.

Deploy the Firewall Management Center Virtual

Use virt-manager, also known as Virtual Machine Manager, to launch the Firewall Management Center Virtual. virt-manager is a graphical tool for creating and managing guest virtual machines.

Procedure

	1.	Start virt-manager (Applications > System Tools > Virtual Machine Manager). You may be asked to select the hypervisor and/or enter your root password.
	2.	Click the button in the top left corner to open the New VM wizard.
	3.	Enter the virtual machine details: For the operating system, select Import existing disk image. This method allows you to import a disk image (containing a pre-installed, bootable operating system) to it. Click Forward to continue.
	4.	Load the disk image: Click Browse... to select the image file. Choose Use Generic for the OS type. Click Forward to continue.
	5.	Configure the memory and CPU options: Set Memory (RAM) to 28672. Set CPUs to 4. Click Forward to continue.
	6.	Check the Customize configuration before install box, specify a Name, then click Finish. Doing so opens another wizard that allows you to add, remove, and configure the virtual machine's hardware settings.
	7.	Modify the CPU configuration. From the left panel, select Processor, then select Configuration > Copy host CPU configuration. This applies the physical host's CPU model and configuration to your virtual machine.
	8.	8. Configure the Virtual Disk: From the left panel, select Disk 1. Select Advanced options. Set the Disk bus to Virtio. Set the Storage format to qcow2.
	9.	Configure a serial console: From the left panel, select Console. Select Remove to remove the default console. Click Add Hardware to add a serial device. For Device Type, select TCP net console (tcp). For Mode, select Server mode (bind). For Host, enter 0.0.0.0 for the IP address and enter a unique Port number. Check the Use Telnet box. Configure device parameters.
	10.	Configure a watchdog device to automatically trigger some action when the KVM guest hangs or crashes: Click Add Hardware to add a watchdog device. For Model, select default. For Action, select Forcefully reset the guest.
	11.	Configure the virtual network interface. Choose macvtap or specify a shared device name (use a bridge name). Note By default, the Firewall Management Center Virtual instance launches with one interface, which you can then configure.
	12.	If deploying using a Day 0 configuration file, create a virtual CD-ROM for the ISO: Click Add Hardware. Select Storage. Click Select managed or other existing storage and browse to the location of the ISO file. For Device type, select IDE CDROM.
	13.	After configuring the virtual machine's hardware, click Apply.
	14.	Click Begin installation for virt-manager to create the virtual machine with your specified hardware settings.

Need help?

Open a support case

(Requires a Cisco Service Contract)

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Deploy the Firewall Management Center Virtual

Overview

Launch Using a Deployment Script

Before you begin

Procedure

Example:

Example:

Deploy the Firewall Management Center Virtual

Procedure

Need help?