Cisco Secure Firewall Management Center Virtual Getting Started Guide

PDF

Firewall Management Center Initial Setup Using the CLI for Versions 6.5 and Later

Updated: February 5, 2026

Want to summarize with AI?

Log in

Overview

How to perform initial CLI setup for Firewall Management Center Virtual (6.5+), including accepting the EULA, changing the admin password, and configuring hostname, IPv4 settings, DNS, and NTP to enable management network connectivity.

After you deploy an Firewall Management Center Virtual, you can access the appliance console for initial setup.You can perform initial setup using the CLI as an alternative to using the web interface. You must complete an Initial Configuration Wizard that configures the new appliance to communicate on your trusted management network. The wizard requires that you accept the end user license agreement (EULA) and change the administrator password.

Before you begin

  • Be sure you have the following information needed for the Firewall Management Center Virtual to communicate on your management network:

    • An IPv4 management IP address.

      The Firewall Management Center interface is preconfigured to accept an IP4 address assigned by DHCP. Consult with your system administrator to determine what IP address your DHCP has been configured to assign to the Firewall Management Center MAC address. In scenarios where no DHCP is available, the Firewall Management Center interface uses the IPv4 address 192.168.45.45.

    • A network mask and a default gateway (if not using DHCP).

Procedure

1.

Log into the Firewall Management Center Virtual at the console using admin as the username and Admin123 as the password for the admin account. Note that the password is case-sensitive.
2.

When prompted, press Enter to display the End User License Agreement (EULA).

3.

Review the EULA. When prompted, enter yes, YES, or press Enter to accept the EULA.

You cannot proceed without accepting the EULA. If you respond with anything other than yes, YES, or Enter, the system logs you out.
4.

To ensure system security and privacy, the first time you log in to the Firewall Management Center you are required to change the admin password. When the system prompts for a new password, enter a new password complying with the restrictions displayed, and enter the same password again when the system prompts for confirmation.

Note

The Firewall Management Center compares your password against a password cracking dictionary that checks not only for many English dictionary words but also other character strings that could be easily cracked with common password hacking techniques. For example, the initial configuration script may reject passwords such as "abcdefg" or "passw0rd".

Note

On completion of the initial configuration process the system sets the passwords for the two admin accounts (one for web access and the other for CLI access) to the same value, complying with the strong password requirements described in the Cisco Secure Firewall Management Center Administration Guide for your version. If you change the password for either admin account thereafter, they will no longer be the same, and the strong password requirement can be removed from the web interface admin account.
5.

Answer the prompts to configure network settings.

When following the prompts, for multiple-choice questions, your options are listed in parentheses, such as (y/n). Defaults are listed in square brackets, such as [y]. Note the following when responding to prompts:

  • Press Enter to accept the default.

  • For hostname, supply a fully qualified domain name (<hostname>.<domain>) or host name. This field is required.

  • If you use DHCP, you must use DHCP reservation, so the assigned address does not change. If the DHCP address changes, device registration will fail because the Firewall Management Center network configuration gets out of sync. To recover from a DHCP address change, connect to the Firewall Management Center (using the hostname or the new IP address) and navigate to System > Configuration > Management Interfaces to reset the network.

  • If you choose to configure IPv4 manually, the system prompts for IPv4 address, netmask, and default gateway.

  • Configuring a DNS server is optional; to specify no DNS server enter none. Otherwise specify IPv4 addresses for one or two DNS servers. If you specify two addresses, separate them with a comma. (If you specify more than two DNS servers, the system ignores the additional entries.) If your Firewall Management Center does not have internet access you cannot use a DNS outside of your local network.

    Note

    If you are using an evaluation license, specifying DNS is optional at this time, but DNS is required to use permanent licenses for your deployment.

  • You must enter the fully qualified domain name or IP address for at least one NTP server reachable from your network. (You may not specify FQDNs for NTP servers if you are not using DHCP.) You may specify two servers (a primary and a secondary); separate their information with a comma. (If you specify more than two DNS servers, the system ignores the additional entries.) If your Firewall Management Center does not have internet access you cannot use an NTP server outside of your local network.

Example:


Enter a hostname or fully qualified domain name for this system [firepower]: fmc
Configure IPv4 via DHCP or manually? (dhcp/manual) [DHCP]: manual
Enter an IPv4 address for the management interface [192.168.45.45]: 10.10.0.66
Enter an IPv4 netmask for the management interface [255.255.255.0]: 255.255.255.224
Enter the IPv4 default gateway for the management interface [ ]: 10.10.0.65
Enter a comma-separated list of DNS servers or 'none' [CiscoUmbrella]: 208.67.222.222,208.67.220.220
Enter a comma-separated list of NTP servers [0.sourcefire.pool.ntp.org, 1.sourcefire.pool.ntp.org]:
6.

The system displays a summary of your configuration selections. Review the settings you have entered.

Example:


Hostname:                           fmc
IPv4 configured via:                manual configuration
Management interface IPv4 address:  10.10.0.66
Management interface IPv4 netmask:  255.255.255.224
Management interface IPv4 gateway:  10.10.0.65
DNS servers:                        208.67.222.222,208.67.220.220
NTP servers:                        0.sourcefire.pool.ntp.org, 1.sourcefire.pool.ntp.org
7.

The final prompt gives you the opportunity to confirm the settings.

  • If the settings are correct, enter y and press Enter to accept the settings and continue.

  • If the settings are incorrect, enter n and press Enter. The system prompts for the information again, beginning with hostname.

Example:


Are these settings correct? (y/n) y
If your networking information has changed, you will need to reconnect. 

Updated network configuration.
8.

After you have accepted the settings, you can enter exit to exit the Firewall Management Center CLI.

What to do next

  • You can connect to the Firewall Management Center Virtual web interface using the network information you have just configured.

  • Review the weekly maintenance activites the Firewall Management Center configures automatically as a part of the initial configuration process. These activities are designed to keep your system up-to-date and your data backed up. See Review Automatic Initial Configuration for Versions 6.5 and Later .

  • You can configure the Firewall Management Center for IPv6 addressing after completing the initial setup using the web interface as described in the Cisco Secure Firewall Management Center Device Configuration Guide for your version.