manualshive.com logo in svg

Cisco Firepower 1600, Getting Started Manual

The Cisco Firepower 1600 is a cutting-edge network security appliance designed to protect your network from various threats. Ensure seamless installation with the comprehensive Hardware Installation Manual, available for free download at manualshive.com. Get step-by-step instructions and maximize the potential of your Cisco Firepower 1600.

Share
Download
background image

When restoring a device to factory settings using LOM, if you do not have physical access to
the appliance and you delete the license and network settings, you will be unable to access the
appliance after the restore.

Caution

Step 3

Use the interactive restore menu to identify the appliance’s management interface. See

Identify the Appliance's

Management Interface, on page 55

.

Step 4

Use the interactive restore menu to specify the ISO image location and transport method. See

Specify the ISO

Image Location and Transport Method, on page 55

.

Step 5

(Optional) Use the interactive restore menu to select system software and/or rule updates to include with the
restore process. See

Select System Software and Rule Updates during Restore, on page 56

.

Step 6

(Optional) Save the system configuration you have selected for use in future restore activities. See

Save a

Firepower Management Center Configuration, on page 60

.

Step 7

Use the interactive restore menu to download the ISO and update files, and mount the image on the appliance.
See

Download the ISO and Update Files and Mount the Image, on page 57

.

Step 8

You have two options based on the software version to which you are restoring the appliance:

• If you are restoring the system to a different major version, perform the two-pass restore process:

a.

The first pass updates the restore image. See

Update the Restore Image, on page 57

.

b.

The second pass installs the new version of the system software. See

Install the New System Software

Version, on page 58

.

• If you are restoring the system to the same major version, you need only install the new version of the

system software. See

Install the New System Software Version, on page 58

.

What to do next

Restoring your FMC to factory default settings results in the loss of almost all configuration and event data
on the appliance, including console display settings.

• If you did not delete the appliance’s license and network settings, you can use a computer on your

management network to browse directly to the appliance’s web interface to perform the setup.

For more information, see the setup process appropriate to your Firepower version:

• For Firepower versions 6.5 and later, see

Perform Initial Setup at the Web Interface for Versions

6.5 and Later, on page 12

.

• For Firepower Versions - 6.4x, see

FMC Initial Setup Using the Web Interface for Software Versions

6.3 - 6.4, on page 25

• If you deleted license and network settings, you must configure the appliance as if it were new, beginning

with configuring it to communicate on your management network.

For more information, see the setup process appropriate to your Firepower version:

• For Firepower versions 6.5 and later, see

Perform Initial Setup at the Web Interface for Versions

6.5 and Later, on page 12

.

• For Firepower Versions - 6.4x, see

FMC Initial Setup Using the Web Interface for Software Versions

6.3 - 6.4, on page 25

Cisco Firepower Management Center 1600, 2600, and 4600 Getting Started Guide

51

Cisco Firepower Management Center 1600, 2600, and 4600 Getting Started Guide

Restore a Firepower Management Center to its Factory Defaults

Summary of Contents for Firepower 1600

Page 1: ...e network you install multiple managed devices on network segments Each device controls inspects monitors and analyzes traffic and then reports to a managing FMC The FMC provides a centralized management console with a web interface that you can use to perform administrative management analysis and reporting tasks in service to securing your local network About the Firepower Management Center Mode...

Page 2: ...FP 10G SR and SFP 10G LR are qualified for use on the FMC 12 Threaded holes for dual hole grounding lug 11 Riser handle Not supported 14 eth3 management interface 10 Gigabit Ethernet SFP support SFP 10G SR and SFP 10G LR are qualified for use on the FMC 13 Front Panel LEDs and their States The following figure illustrates the front panel of the FMC 1600 2600 and 4600 identifies the LED lights and ...

Page 3: ... interval Drive locate function activated in the software 1 Unit identification LED Off The unit identification function is not in use Blue flashing The unit identification function is activated 4 Power LED Off There is no AC power to the chassis Amber The chassis is in standby mode Green The chassis is in main power mode Power is supplied to all components 3 Cisco Firepower Management Center 1600...

Page 4: ...r three flashes There is a major fault with the DIMMs Amber four flashes There is a major fault with the CPUs 5 Network link activity LED Off The Ethernet port link is idle Green One or more Ethernet ports are link active but there is no activity Green flashing One or more Ethernet ports are link active with activity 8 Fan status LED Green All fans are operating properly Amber flashing One or more...

Page 5: ...etermine your next action depending on the Firepower version in use If your FMC is running Firepower Version 6 3 or 6 4 and the FMC CLI is not enabled this gives you direct access to the Linux shell If your FMC is running Firepower Version 6 3 or 6 4 and the FMC CLI is enabled this gives you access to the FMC CLI To access the Linux shell continue with Step 3 If your FMC is running Firepower Versi...

Page 6: ...tions database and HTTP server processes This is typically used during troubleshooting and may cause deleted hosts to reappear in the network map Install the FMC for Versions 6 5 and Later Follow these instructions to install an FMC that will run Firepower Versions 6 5 and later Review Network Deployment for Versions 6 5 and Later To deploy the FMC you need information about the environment within...

Page 7: ...ent network the FMC may also require internet access to reach an NTP or DNS server You can configure your network to provide internet access to the FMC directly or through a firewall device You can upload updates for system software as well as the Vulnerability Database VDB Geolocation Database GEoDB and intrusion rules directly to the FMC from an internet connection or from a local computer that ...

Page 8: ...ce By default the FMC seeks out a local DHCP server for the IP address network mask and default gateway to use for the management interface eth0 If the FMC cannot reach a DHCP server it uses the default IPv4 address 192 168 45 45 netmask 255 255 255 0 and gateway 192 168 45 1 During initial setup you can accept these defaults or specify different values If you choose to use IPv6 addressing for the...

Page 9: ... have internal grounding so no additional chassis grounding is required when the supported AC power cords are used For more information about supported power cords see the Cisco Firepower Management Center 1600 2600 and 4600 Hardware Intallation Guide We recommend that you establish a connection to support alternate access to the FMC for troubleshooting in case of network outage or other problems ...

Page 10: ...e link LED is on for both the network interface on the local computer and the FMC management interface You can use this connection to configure network settings and perform initial setup using HTTPS You can also use this connection to perform routine management and to manage devices from the FMC web interface Step 2 Optional eth1 management interface labeled 2 on the rear panel Connect this manage...

Page 11: ...rt The FMC sends console messages to the VGA port by default You can use this connection and a keyboard connected to a USB port to configure network settings and perform initial setup at the CLI see FMC Initial Setup Using the CLI for Versions 6 5 and Later on page 15 Step 7 Optional Use the RJ 45 to DB 9 console cable supplied with the appliance Cisco part number 72 3383 XX to connect a local com...

Page 12: ...ctivity between the FMC and the DNS and NTP servers The wizard displays the results of these tests in real time on the screen which allows you to make corrections and test the viability of your configuration before clicking Finish at the bottom of the screen The NTP and DNS connectivity tests are nonblocking you can click Finish before the wizard completes the connectivity tests If the system repo...

Page 13: ...ated passwords are nonmnemonic take careful note of the password if you choose this option c To set a password of your choosing enter a new password in the New Password and Confirm Password text boxes The password must comply with the criteria listed in the dialog The FMC compares your password against a password cracking dictionary that checks not only for many English dictionary words but also o...

Page 14: ...ss during initial configuration you may need to reconnect to the FMC using the new network information Note f Optional For DNS Group you can accept the default value Cisco Umbrella DNS To change the DNS settings choose Custom DNS Servers from the drop down list and enter IPv4 addresses for the Primary DNS and Secondary DNS If your FMC does not have internet access you cannot use a DNS outside of y...

Page 15: ...ement Center Configuration Guide Establish basic configuration for your FMC as described in Configure FMC Administrative Settings on page 29 You can configure the FMC for IPv6 addressing after completing the initial setup using the web interface as described in the Firepower Management Center Configuration Guide for your version You can optionally configure the FMC for Serial over LAN or Lights Ou...

Page 16: ... strings that could be easily cracked with common password hacking techniques For example the initial configuration script may reject passwords such as abcdefg or passw0rd Note On completion of the initial configuration process the system sets the passwords for the two admin accounts one for web access and the other for CLI access to the same value complying with the strong password requirements d...

Page 17: ... fmc Configure IPv4 via DHCP or manually dhcp manual DHCP manual Enter an IPv4 address for the management interface 192 168 45 45 10 10 0 66 Enter an IPv4 netmask for the management interface 255 255 255 0 255 255 255 224 Enter the IPv4 default gateway for the management interface 10 10 0 65 Enter a comma separated list of DNS servers or none CiscoUmbrella 208 67 222 222 208 67 220 220 Enter a com...

Page 18: ...to local time We strongly recommend you review the auto scheduled configurations confirm that the FMC has established them successfully and adjust them if necessary Note Weekly GeoDB Updates The FMC automatically schedules GeoDB updates to occur each week at the same randomly selected time You can observe the status of this update using the web interface Message Center You can see the configuratio...

Page 19: ...r FMC has internet access we recommend you schedule tasks to perform automatic recurring VDB update downloads and installations as described in the Firepower Management Center Configuration Guide for your version Daily Intrusion Rule Update In Versions 6 6 the FMC configures a daily automatic intrusion rule update from the Cisco support site The FMC deploys automatic intrusion rule upates to affec...

Page 20: ...ement network the FMC may also require internet access to reach an NTP or DNS server You can configure your network to provide internet access to the FMC directly or through a firewall device You can upload updates for system software as well as the Vulnerability Database VDB Geolocation Database GEoDB and intrusion rules directly to the FMC from an internet connection or from a local computer tha...

Page 21: ...Using Firepower Versions 6 3 6 4 Management Interface The FMC management interface eth0 uses the default IPv4 address 192 168 45 45 netmask 255 255 255 0 and gateway 192 168 45 1 During initial setup you can accept these defaults or specify different values If you choose to use IPv6 addressing for the management interface you have the option of using router autoconfiguration or you must provide th...

Page 22: ...ds are used For more information about supported power cords see the Cisco Firepower Management Center 1600 2600 and 4600 Hardware Intallation Guide We recommend that you establish a connection to support alternate access to the FMC for troubleshooting in case of network outage or other problems that prevent you from accessing the FMC web interface You can establish one or more of the three connec...

Page 23: ...omputer and the FMC management interface You can use this connection to configure network settings and perform initial setup using HTTPS You can also use this connection to perform routine management and to manage devices from the FMC web interface Step 2 Optional eth1 management interface labeled 2 on the rear panel Connect this management interface to the same or different network from your othe...

Page 24: ...s to the VGA port by default You can use this connection and a keyboard connected to a USB port to configure network settings for the FMC before performing initial setup using the web interface see Optional Configure Network Settings Using a Physical Connection for Software Versions 6 3 6 4 on page 25 Step 7 Optional Use the RJ 45 to DB 9 console cable supplied with the appliance Cisco part number...

Page 25: ...ncorrect enter n and press Enter You are prompted to enter the information again Step 6 After you have accepted the settings enter exit to log out of the shell What to do next Complete the setup process as described in FMC Initial Setup Using the Web Interface for Software Versions 6 3 6 4 on page 25 FMC Initial Setup Using the Web Interface for Software Versions 6 3 6 4 For all FMCs you must comp...

Page 26: ... For IPv6 networks check the Assign the IPv6 address using router autoconfiguration check box to automatically assign IPv6 network settings Otherwise you must set the address in colon separated hexadecimal form and the number of bits in the prefix for example a prefix length of 112 Step 5 Optional In the Time Settings section of the Setup page you can set the time for a FMC one of two ways either ...

Page 27: ...ed in case of failure Step 9 You use the FMC to manage licenses for the devices it manages The FMC can manage devices regardless of the type of license they require For 7000 and 8000 Series ASA with FirePOWER Services and NGIPSv devices you must use Classic Licenses Devices that use Classic Licenses are sometimes referred to as Classic devices You must add Classic Licenses for your managed devices...

Page 28: ...s ASA with FirePOWER Services and NGIPSv You must enable Classic Licenses on your managed devices before you can use licensed features You can enable a license during the initial setup of the FMC as described in the procedure below when you add a device to the FMC or by editing the device s general properties after you add the device Note Before you begin Before you add a classic license to the FM...

Page 29: ...t already has an active session the system prompts you to terminate the other session or log in as a different user In a NAT environment where multiple FMCs share the same IP address and are differentiated by port numbers Each FMC can support only one login session at a time To access different FMCs use a different browser for each login for example Firefox and Chrome or set the browser to incogni...

Page 30: ...pecify NTP servers within your network during FMC initial configuration but should that fail you can add an NTP server after initial configuration is complete If your FMC is unable to reach an NTP server see the Firepower Management Center Configuration Guide for your version for alternative ways to configure time for your Firepower deployment Procedure Step 1 Choose System Configuration Time Sync...

Page 31: ...hased licenses and are familiar with Smart Licensing you can use the dialog box the system displays after you have completed the Initial Configuration Wizard Alternatively after completing the wizard you can use the same license configuration process as for Versions 6 3 6 4 For Firepower Versions 6 3 6 4 Add Smart licenses after completing initial setup For each license Obtain a product license re...

Page 32: ...ying FTD on a Firepower 4100 9300 chassis you must configure NTP on the Firepower chassis using the same NTP server for the chassis as for the FMC Generate the necessary product license registration token from CSSM See Obtain a Product License Registration Token for Smart Licensing on page 31 including all prerequisites Make sure the token is accessible from the machine from which you will access ...

Page 33: ...unning Firepower Version 6 5 You must add licenses for managed Classic devices to the FMC after completing the FMC Initial Configuration Wizard as described in Generate a Classic License and Add it to the Firepower Management Center on page 34 or in the Firepower Management Center Configuration Guide for your version If your system is running 6 3 6 4 We recommend that you purchase Classic Licenses...

Page 34: ...m either the License Registration Portal display or the email the License Registration Portal sends you The licensing text block in the portal or email message may include more than one license Each license in bounded by a BEGIN LICENSE line and and END LICENSE line Make sure that you copy and paste only one license at a time Important Step 6 Return to the Add Feature License pages in the FMC web ...

Page 35: ...ion type associated with routable IP addresses When your system detects GeoDB information that matches a detected IP address you can view the geolocation information associated with that IP address You must install the GeoDB on your system to view any geolocation details other than country or continent Cisco issues periodic updates to the GeoDB to optimize accuracy of GeoDB lookups we recommend yo...

Page 36: ...5 From the Job Type list select Backup Step 6 Specify that you want to schedule a Recurring task and establish a weekly schedule choosing appropriate values for the Start On Repeat Every Run At and Repeat On fields Step 7 Type a Job Name and next to Backup Type choose Management Center Step 8 For Backup Profile select the profile you created in Step 3 Step 9 Click Save Configure Recurring Intrusio...

Page 37: ...all an update and the update has not fully downloaded the installation task will not succeed However if the scheduled installation task repeats daily it will install the downloaded VDB update when the task runs the next day When a VDB update includes changes applicable to managed devices the first manual or scheduled deploy after installing a new VBD update may result in a small number of packets ...

Page 38: ...g device setup If your environment uses DNS note the hostname that resolves to a valid IP address for the device If your environment uses DHCP to assign IP addresses use a host name to identify the device rather than an IP address If your environment does not use DNS you need the IP address for the device Determine what license s are needed for the managed device and add them to the FMC you will a...

Page 39: ...ply to the device For classic devices note that Control Malware and URL Filtering licenses require a Protection license Step 7 If you used a NAT ID during device setup expand the Advanced section and enter the same NAT ID in the Unique NAT ID field Step 8 Click Register It may take up to two minutes for the FMC to verify the device s heartbeat and establish communication Set Up Alternate FMC Acces...

Page 40: ...aults and do not have physical access to the appliance you can use Lights Out Management LOM to perform the restore process The restore process resets the LOM settings on the device you cannot access a newly restored appliance using LOM When restoring a device to factory settings using LOM if you do not have physical access to the appliance and you delete the license and network settings you will ...

Page 41: ...Itool First confirm that your Mac has Apple s xCode developer tools package installed Make sure the optional components for command line development are installed UNIX Development and System Tools in newer versions or Command Line Support in older versions Finally install MacPorts and IPMItool For more information use your favorite search engine or see these sites https developer apple com technol...

Page 42: ... Determine which commands are needed to access an appliance using the IPMI tool See LOM Commands on page 41 for more information Establish a connection from the CIMC port to a local network reachable from a computer where you will run the IPMI utility See Step 8 of Connect Cables Turn On Power Verify Status for Versions 6 3 6 4 on page 22 or Connect Cables Turn On Power Verify Status for Versions ...

Page 43: ...to 13 LOM users Procedure Step 1 In the FMC web interface select System Users and on the Users tab either edit an existing user to add LOM permissions or create a new user that you will use for LOM access to the appliance Step 2 Under User Role Configuration check the Administrator check box if it is not already checked Step 3 Check the Allow Lights Out Management Access check box and save your ch...

Page 44: ...te to your Firepower version For Firepower Versions 6 5 and later see Install the FMC for Versions 6 5 and Later on page 6 For Firepower Versions 6 3 6 4 see Install the FMC for Software Versions 6 3 6 4 on page 19 Procedure Step 1 Use the FMC CLI admin credentials to access the Linux shell on the FMC using the method apppropriate to your Firepower version see Access the CLI or the Linux Shell on ...

Page 45: ... to manage this information at the staging location and the target location Note During the initial setup you configure your appliance with enough information to connect the appliance to the network and install the system At a minimum you need the following information to preconfigure your appliance New password initial setup requires changing the password Hostname of the appliance Domain name of ...

Page 46: ...ion see the Firepower Management Center Configuration Guide for your version Install the System Procedure Step 1 Use the installation procedures appropriate for your version For Firepower Versions 6 5 and later see Install the FMC for Versions 6 5 and Later on page 6 For Firepower Versions 6 3 6 4 see Install the FMC for Software Versions 6 3 6 4 on page 19 Step 2 For more information on installin...

Page 47: ...gs are correct For more information see the initial setup instructions appropriate to your version For Firepower Versions 6 5 and later see Perform Initial Setup at the Web Interface for Versions 6 5 and Later on page 12 or FMC Initial Setup Using the CLI for Versions 6 5 and Later on page 15 For Firepower Versions 6 3 6 4 see Optional Configure Network Settings Using a Physical Connection for Sof...

Page 48: ...Software and Rule Updates during Restore on page 56 Specify a system software and intrusion rules update to be applied after the appliance is restored to the base version in the ISO image 3 Select Patches Rule Updates Download the ISO and Update Files and Mount the Image on page 57 Download the appropriate ISO image and any system software or intrusion rule updates Mount the ISO image 4 Download a...

Page 49: ...storing your appliances to factory defaults be aware of the following recommendations and expected behavior of the system during the restore process To avoid disrupting traffic flow on your network we recommend restoring your applinaces during a maintenance window or at a time when the interruption has the least impact on your deployment We recommend that you delete or move any backup files that r...

Page 50: ...e unable to access the appliance after the restore Caution The procedures in this chapter explain how to restore an appliance without powering it down However if you need to power down for any reason use the appliance s web interface the system shutdown command from the FMC CLI or the shutdown h now command from the appliance shell Note Restore a Firepower Management Center to its Factory Defaults...

Page 51: ...software See Install the New System Software Version on page 58 If you are restoring the system to the same major version you need only install the new version of the system software See Install the New System Software Version on page 58 What to do next Restoring your FMC to factory default settings results in the loss of almost all configuration and event data on the appliance including console d...

Page 52: ...o cisco com autho forms CDClogin html Step 2 Browse to the software download section at https software cisco com download navigator html Step 3 Enter a search string in the Find area on the page that appears for the system software you want to download and install Example To find software downloads for Firepower enter Firepower Step 4 Find the image ISO image that you want to download You can clic...

Page 53: ...ess Enter If you do not select a display mode the restore utility defaults to the option marked with an asterisk The display mode menu gives you only a few seconds to make your selection before timing out If you miss your window of opportunity and accidentally reboot the appliance into system restore mode with the wrong console selection wait until the reboot is complete then the power down the ap...

Page 54: ...conds to make your selection before timing out If you miss your window of opportunity the appliance proceeds with the reboot process Wait for the reboot to complete and try again Note Step 4 The system prompts for the display mode for the restore utility s interactive menu Enter 2 and press Enter to load the interactive restore menu using the appliance s serial connection If you do not select a di...

Page 55: ...hen prompted confirm your settings If prompted confirm the IP address assigned to the appliance s management interface If you are using LOM remember that the management IP address for the appliance is not the LOM IP address Specify the ISO Image Location and Transport Method After you configure the management IP address that the restore process will use to download the files it needs you must iden...

Page 56: ...ISOs Authorized user name and password for the FTP server FTP IP address for the SCP server Authorized username for the SCP server Full path to the ISO image directory Password for the username you entered earlier Before you enter your password you may be prompted to add the SCP server to its list of trusted hosts You must accept to continue Note SCP Select System Software and Rule Updates during ...

Page 57: ...tem prompts you to press Enter to continue The restore utility retrieves and displays a list of rule update files If you are using SCP to display the list enter your password when prompted Step 3 Select the rule update if any you want to use You do not have to select an update press Enter without selecting an update to continue If there are no rule updates in the appropriate location the system pr...

Page 58: ...st restore configuration you used To continue confirm the settings displayed in the next series of pages Step 4 Press Enter to confirm the copyright notice What to do next Complete the tasks in the second pass of the restore process See Install the New System Software Version on page 58 Install the New System Software Version Perform the following tasks if you are restoring an appliance to the sam...

Page 59: ...used to perform other restore tasks If you quit by pressing Ctrl C for example during the flash update you could cause an unrecoverable error If you think the restore is taking too long or you experience any other issues with the process do not quit Instead contact Cisco TAC Caution Always reimage your appliances during a maintenance window Note Save and Load Firepower Management Center Configurat...

Page 60: ...guration to perform a system restore continue with Step 7 of Restore a Firepower Management Center to its Factory Defaults on page 50 Load a Saved Firepower Management Center Configuration You can load a previously saved configuration to restore an FMC Procedure Step 1 From the restore utility main menu choose 7 Load Configuration The utility presents a list of saved restore configurations The fir...

Page 61: ... your hard drive results in the loss of all data on the appliance which is then rendered inoperable Caution You can erase the hard drive using an option in the appliance s interactive menu For more information see The Restore Utility Menu on page 48 Procedure Step 1 Follow the instructions in one of the following sections to display the restore utility s interactive menu depending on how you are a...

Page 62: ... USAGE OR TRADE PRACTICE IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT SPECIAL CONSEQUENTIAL OR INCIDENTAL DAMAGES INCLUDING WITHOUT LIMITATION LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES Any Internet Protocol IP addresses and phone numbers use...

Reviews:

No comments

Related manuals for Firepower 1600

IBASE Technology MBN802 User Manual preview
MBN802
Brand: IBASE Technology Pages: 64
Watchguard Firebox t10 Quick Start Manual preview
Firebox t10
Brand: Watchguard Pages: 37
Cisco PIX-515E Quick Start Manual preview
PIX-515E
Brand: Cisco Pages: 42
Cisco Spam Quick Start Manual preview
Spam
Brand: Cisco Pages: 20
H3C LSUM1FWCEAB0 Manual preview
LSUM1FWCEAB0
Brand: H3C Pages: 6
KEYTRONIX I-SAD 19"-S Operating Instructions Manual preview
I-SAD 19"-S
Brand: KEYTRONIX Pages: 74
Watchguard Firebox T85 Quick Start Manual preview
Firebox T85
Brand: Watchguard Pages: 2

Brands by name

Popular brands

Load more brands