End to End Procedure to Install the FMC for Versions 6.5 and Later
To establish the connection between the FMC and one of its managed devices, you need the IP address of at
least one of the devices: the FMC or the managed device. We recommend using both IP addresses if available.
However, you may only know one IP address. For example, managed devices may be using private addresses
behind NAT, so you only know the FMC address. In this case you can specify the FMC address on the managed
device plus a one-time, unique password of your choice called a NAT ID. On the FMC, you specify the same
NAT ID to identify the managed device.
The initial setup and configuration process described in this document assumes the FMC will have internet
access. If you are deploying an FMC in an air-gapped environment, see the
Configuration Guide
configuring a proxy for HTTP communications, or using a Smart Software Satellite Server for Smart Licensing.
In a deployment where the FMC has internet access, you can upload updates for system software, as well as
the Vulnerability Database (VDB), Geolocation Database (GEoDB), and intrusion rules directly to the FMC
from an internet connection. But if the FMC does not have internet access, the FMC can upload these updates
from a local computer that has previously downloaded them from the internet. Additionally, in an air-gapped
deployment you might use the FMC to serve time to devices in your deployment.
Initial Network Configuration for FMCs Using Firepower Versions 6.5+:
• Management Interface
• DNS Server(s)
• NTP Server(s)
End to End Procedure to Install the FMC for Versions 6.5 and Later
See the following tasks to deploy and configure an FMC that will run Firepower Versions 6.5 and later.
Cisco Firepower Management Center 1600, 2600, and 4600 Getting Started Guide
8
for your version for alternative methods you can use to support certain features such as
By default the FMC seeks out a local DHCP server for the IP address, network mask, and default gateway
to use for the management interface (eth0). If the FMC cannot reach a DHCP server, it uses the default
IPv4 address 192.168.45.45, netmask 255.255.255.0, and gateway 192.168.45.1. During initial setup
you can accept these defaults or specify different values.
If you choose to use IPv6 addressing for the management interface, you must configure this through the
web interface after completing the initial setup.
Specify the IP addresses for up to two DNS servers. If you are using an evaluation license you may
choose not to use DNS. (During initial configuration you can also provide a hostname and domain to
faciliate communications between the FMC and other hosts through DNS; you can configure additional
domains after completing intial setup.)
Synchronizing the system time on your FMC and its managed devices is essential to successful operation
of your Firepower System; setting FMC time synchronization is required during initial configuration.
You can accept the default (0.sourcefire.pool.ntp.org and 1.sourcefire.pool.ntp.org as the primary and
secondary NTP servers, respectively), or supply FQDNs or IP addresses for one or two trusted NTP
servers reachable from your network. (If you are not using DNS you may not use FQDNs to specify NTP
servers.)
Cisco Firepower Management Center 1600, 2600, and 4600 Getting Started Guide
Firepower Management Center