Cisco Cisco Firepower Management Center 2000 Installationsanleitung
Installing the Firepower Management Center
Firepower Management Center Getting Started Guide
11
Individual User Accounts
After you complete the initial setup, the only user on the system is the
admin
user, which has the Administrator
role and access. Users with that role have full menu and configuration access to the system, including via the
shell or CLI. Cisco recommends that you limit the use of the
shell or CLI. Cisco recommends that you limit the use of the
admin
account (and the Administrator role) for
security and auditing reasons.
Creating a separate account for each person who will use the system allows your organization not only to audit
actions and changes made by each user, but also to limit each person’s associated user access role or roles.
This is especially important on the Management Center, where you perform most of your configuration and
analysis tasks. For example, an analyst needs access to event data to analyze the security of your network,
but may not require access to administrative functions for the deployment.
actions and changes made by each user, but also to limit each person’s associated user access role or roles.
This is especially important on the Management Center, where you perform most of your configuration and
analysis tasks. For example, an analyst needs access to event data to analyze the security of your network,
but may not require access to administrative functions for the deployment.
The system includes ten predefined user roles designed for a variety of administrators and analysts. You can
also create custom user roles with specialized access privileges.
also create custom user roles with specialized access privileges.
Health and System Policies
By default, all appliances have an initial system policy applied. The system policy governs settings that are
likely to be similar for multiple appliances in a deployment, such as mail relay host preferences and time
synchronization settings. Cisco recommends that you use the Management Center to apply the same system
policy to itself and all the devices it manages.
likely to be similar for multiple appliances in a deployment, such as mail relay host preferences and time
synchronization settings. Cisco recommends that you use the Management Center to apply the same system
policy to itself and all the devices it manages.
By default, the Management Center also has a health policy applied. A health policy, as part of the health
monitoring feature, provides the criteria for the system continuously monitoring the performance of the
appliances in your deployment. Cisco recommends that you use the Management Center to apply a health
policy to all the devices it manages.
monitoring feature, provides the criteria for the system continuously monitoring the performance of the
appliances in your deployment. Cisco recommends that you use the Management Center to apply a health
policy to all the devices it manages.
Software and Database Updates
You should update the system software on your appliances before you begin any deployment. Cisco
recommends that all the appliances in your deployment run the most recent version of the Firepower System.
If you are using them in your deployment, you should also install the latest intrusion rule updates, VDB, and
GeoDB.
recommends that all the appliances in your deployment run the most recent version of the Firepower System.
If you are using them in your deployment, you should also install the latest intrusion rule updates, VDB, and
GeoDB.
Caution:
Before you update any part of the Firepower System, you must read the release notes or advisory
text that accompanies the update. The release notes provide important information, including supported
platforms, compatibility, prerequisites, warnings, and specific installation and uninstallation instructions.
platforms, compatibility, prerequisites, warnings, and specific installation and uninstallation instructions.
Redirecting Console Output
By default, Management Centers direct initialization status, or init, messages to the VGA port. If you want to use
the physical serial port or SOL to access the console, Cisco recommends you redirect console output to the serial
port after you complete the initial setup.
the physical serial port or SOL to access the console, Cisco recommends you redirect console output to the serial
port after you complete the initial setup.
To redirect console output using the shell, you run a script from the appliance’s shell.
Using the Shell to Redirect the Console Output
Procedure
1.
Using your keyboard/monitor or serial connection, log into the appliance’s shell using an account with
Administrator privileges. The password is the same as the password for the appliance’s web interface.
Administrator privileges. The password is the same as the password for the appliance’s web interface.
The prompt for the appliance appears.
2.
At the prompt, set the console output by typing one of the following commands:
—
To access the appliance using the VGA port: