Complete the Initial Configuration of a Secure Firewall Threat Defense Device Using the CLI
Connect to the device's CLI to perform initial setup, including setting the management IP address, gateway, and other basic networking settings using the setup wizard. Ensure all DNS and firewall ports are accessible for communication.
The dedicated management interface is a special interface with its own network settings. If you do not want to use the management interface, you can use the CLI to configure a data interface instead.
Before you begin
This procedure applies to the following scenarios:
The Firepower 1000, Firepower 2100, Secure Firewall 3100, and ISA 3000 models.
This configuration is ideal for devices that going to be onboarded with their CLI registration key.Note
Do not use this configuration procedure for devices that are onboarding with low-touch provisioning.
Connect to the device's CLI, either from the console port or using SSH to the management interface. If you intend to change the network settings, we recommend using the console port so you do not get disconnected.
For Firepower 1000, Firepower 2100, Secure Firewall 3100 models: The console port connects to the FXOS CLI. The SSH session connects directly to the threat defense CLI.
Log in with the username admin and the password Admin123.
(Firepower 1000/2100, Secure Firewall 3100) At the console port, you connect to the FXOS CLI. The first time you log in to FXOS, you are prompted to change the password. This password is also used for the threat defense login for SSH.
(Firepower 1000/2100, Secure Firewall 3100) If you connected to FXOS on the console port, connect to the threat defense CLI.
The first time you log in to the device, you are prompted to accept the End User License Agreement (EULA) and, if using an SSH connection, to change the admin password. You are then presented with the CLI setup script.
Defaults or previously entered values appear in brackets. To accept previously entered values, press Enter.
See the following guidelines:
(Optional) Configure a data interface for management center access.
configure network management-data-interface
You are then prompted to configure basic network settings for the data interface.
See the following details for using this command. See About Data Interfaces for more informatio.
(Optional) Limit data interface access to CDO on a specific network.
configure network management-data-interface client ip_address netmask
By default, all networks are allowed.