Cisco Secure Firewall Management Center Virtual Getting Started Guide

PDF

Perform Initial Setup at the Web Interface for Versions 6.5 and Later

Updated: February 5, 2026

Want to summarize with AI?

Log in

Overview

How to perform initial setup for Firewall Management Center Virtual (6.5+) using the web interface, including changing the default admin password, accepting the EULA, configuring network settings, validating DNS and NTP connectivity, and optionally enabling Smart Licensing.

After you deploy a Firewall Management Center Virtual, you can perform initial setup using HTTPS at the appliance web interface.

When you log into the Firewall Management Center web interface for the first time, the Firewall Management Center presents an Initial Configuration Wizard to enable you to quickly and easily configure basic settings for the appliance. This wizard consists of three screens and one pop-up dialog box:

  • The first screen forces you to change the password for the admin user from the default value of Admin123.

  • The second screen presents the End User License Agreement (EULA), which you are required to accept before using the appliance.

  • The third screen allows you to change network settings for the appliance management interface. This page is prepopulated with current settings, which you may change.

  • The wizard performs validation on the values you enter on this screen to confirm the following:

    • Syntactical correctness

    • Compatibility of the entered values (for instance, compatible IP address and gateway, or DNS provided when NTP servers are specified using FQDNs)

    • Network connectivity between the Firewall Management Center Virtual and the DNS and NTP servers

    The wizard displays the results of these tests in real time on the screen, which allows you to make corrections and test the viability of your configuration before clicking Finish at the bottom of the screen. The NTP and DNS connectivity tests are nonblocking; you can click Finish before the wizard completes the connectivity tests. If the system reports a connectivity problem after you click Finish, you cannot change the settings in the wizard, but you can configure these connections using the web interface after completing the initial setup.

    The system does not perform connectivity testing if you enter configuration values that would result in cutting off the existing connection between the Firewall Management Center Virtual and the browser. In this case the wizard displays no connectivity status information for DNS or NTP.

  • After you have completed the three wizard screens, a pop-up dialog box appears that offers you the opportunity to (optionally) quickly and easily set up Smart Licensing.

When you have completed the Initial Configuration Wizard and completed or dismissed the Smart Licensing dialog, the system displays the device management page, described in “Device Management” in the Cisco Secure Firewall Management Center Device Configuration Guide for your version.

Before you begin

  • Be sure you have the following information needed for the Firewall Management Center to communicate on your management network:

    • An IPv4 management IP address.

      The Firewall Management Center interface is preconfigured to accept an IP4 address assigned by DHCP. Consult with your system administrator to determine what IP address your DHCP has been configured to assign to the Firewall Management Center MAC address. In scenarios where no DHCP is available, the Firewall Management Center interface uses the IPv4 address 192.168.45.45.

    • A network mask and a default gateway (if not using DHCP).

  • If you are not using DHCP, configure a local computer with the following network settings:

    • IP address: 192.168.45.2

    • Netmask: 255.255.255.0

    • Default gateway: 192.168.45.1

    Disable any other network connections on this computer.

Procedure

1.

Use a web browser to navigate to the Firewall Management Center Virtual’s IP address: https://<Management Center-IP>.

The login page appears.
2.

Log into the Firewall Management Center Virtual using admin as the username and Admin123 as the password for the admin account. (The password is case-sensitive.)
3.

At the Change Password screen:

  1. (Optional) Check the Show password check box to see the password while using this screen.

  2. (Optional) Click the Generate Password button to have the system create a password for you that complies with the listed criteria. (Generated passwords are nonmnemonic; take careful note of the password if you choose this option.)

  3. To set a password of your choosing, enter a new password in the New Password and Confirm Password text boxes.

    The password must comply with the criteria listed in the dialog.

    Note

    The Firewall Management Center compares your password against a password cracking dictionary that checks not only for many English dictionary words but also other character strings that could be easily cracked with common password hacking techniques. For example, the initial configuration script may reject passwords such as "abcdefg" or "passw0rd".

    Note

    On completion of the initial configuration process the system sets the passwords for the two admin accounts (one for web access and the other for CLI access) to the same value. The password must comply with the strong password requirements described in the Cisco Secure Firewall Management Center Administration Guide for your version. If you change the password for either admin account thereafter, they will no longer be the same, and the strong password requirement can be removed from the web interface admin account.

  4. Click Next.

    Once you click Next on the Change Password screen and the wizard has accepted the new admin password, that password is in effect for both the web interface and CLI admin accounts even if you do not complete the remaining wizard activities.

4.

At the User Agreement screen, read the EULA and click Accept to proceed.

If you click Decline the wizard logs you out of the Firewall Management Center Virtual.
5.

Click Next.
6.

At the Change Network Settings screen:

  1. Enter a Fully Qualified Domain Name. If default value is shown, you may use that if it is compatible with your network configuration. Otherwise, enter a fully qualified domain name (syntax <hostname>.<domain>) or hostname.

  2. Choose the boot protocol for the Configure IPv4 option, either Using DHCP or Using Static/Manual.

    If you use DHCP, you must use DHCP reservation, so the assigned address does not change. If the DHCP address changes, device registration will fail because the Firewall Management Center network configuration gets out of sync. To recover from a DHCP address change, connect to the Firewall Management Center (using the hostname or the new IP address) and navigate to System > Configuration > Management Interfaces to reset the network.

  3. Accept the displayed value, if one is shown, for IPv4 Address or enter a new value. Use dotted decimal form (for example, 192.168.45.45).

    Note
    If you change the IP address during initial configuration, you need to reconnect to the Firewall Management Center using the new network information.

  4. Accept the displayed value, if one is shown, for Network Mask or enter a new value. Use dotted decimal form (for example, 255.255.0.0).

    Note
    If you change the network mask during initial configuration, you need to reconnect to the Firewall Management Center using the new network information.

  5. You can accept the displayed value, if one is shown, for Gateway or enter a new default gateway. Use dotted decimal form (for example, 192.168.0.1).

    Note
    If you change the gateway address during initial configuration, you may need to reconnect to the Firewall Management Center using the new network information.

  6. (Optional) For DNS Group you can accept the default value, Cisco Umbrella DNS.

    To change the DNS settings, choose Custom DNS Servers from the drop-down list, and enter IPv4 addresses for the Primary DNS and Secondary DNS. If your Firewall Management Center does not have internet access you cannot use a DNS outside of your local network. Configure no DNS Server by choosing Custom DNS Servers from the drop-down list and leaving the Primary DNS and Secondary DNS fields blank.

    Note

    If you use FQDNs rather than IP addresses to specify NTP servers, you must specify DNS at this time. If you are using an evaluation license DNS is optional, but DNS is required to use permanent licenses for your deployment.

  7. For NTP Group Servers you can accept the default value, Default NTP Servers. In this case the system uses 0.sourcefire.pool.ntp.org as the primary NTP server, and 1.sourcefire.pool.ntp.org as the secondary NTP server.

    To configure other NTP servers, choose Custom NTP Group Servers from the drop-down list and enter the FQDNs or IP addresses of one or two NTP servers reachable from your network. If your Firewall Management Center does not have internet access you cannot use an NTP server outside of your local network.

Note
If you change network settings during initial configuration, you need to reconnect to the Firewall Management Center using the new network information.
7.

Click Finish.

The wizard performs validation on the values you enter on this screen to confirm syntactical correctness, compatibility of the entered values, and network connectivity between the Firewall Management Center and the DNS and NTP servers. If the system reports a connectivity problem after you click Finish, you cannot change the settings in the wizard, but you can configure these connections using the Firewall Management Center web interface after completing the initial setup.

What to do next

  • The system displays a pop-up dialog box that offers you the opportunity to quickly and easily set up Smart Licensing. Using this dialog box is optional; if your Firewall Management Center Virtual will be managing Firewall Threat Defenses and you are familiar with Smart Licensing, use this dialog. Otherwise dismiss this dialog and refer to ”Licensing” in the Cisco Secure Firewall Management Center Administration Guide for your version.

  • Review the weekly maintenance activites the Firewall Management Center configures automatically as a part of the initial configuration process. These activities are designed to keep your system up-to-date and your data backed up. See Review Automatic Initial Configuration for Versions 6.5 and Later .

  • When you have completed the Initial Configuration Wizard and completed or dismissed the Smart Licensing dialog, the system displays the device management page, described in the Cisco Secure Firewall Management Center Device Configuration Guide.

  • You can configure the Firewall Management Center for IPv6 addressing after completing the initial setup using the web interface as described in the Cisco Secure Firewall Management Center Device Configuration Guide for your version.