Cisco Cisco FirePOWER Appliance 8250
2-3
FireSIGHT System User Guide
Chapter 2 Logging into the FireSIGHT System
Logging into the Appliance to Set Up an Account
The menus and menu options listed at the top of the page are based on the privileges for your user
account. However, the links on the default home page include options that span the range of user account
privileges. If you click a link that requires different privileges from those granted to your account, the
following warning message is displayed:
account. However, the links on the default home page include options that span the range of user account
privileges. If you click a link that requires different privileges from those granted to your account, the
following warning message is displayed:
You are attempting to view an unauthorized page. This activity has been logged.
You can either select a different option from the available menus or click
Back
in your browser window.
To log into a Series 3, virtual, or ASA FirePOWER device via the command line:
Access:
CLI Basic Configuration
Step 1
For Series 3 and virtual devices, open an SSH connection to the appliance at
hostname
, where
hostname
corresponds to the host name of the appliance. For ASA FirePOWER devices, open the SSH connection
to the ASA FirePOWER module at the management address.
to the ASA FirePOWER module at the management address.
The
login as:
command prompt appears.
Step 2
Type your user name and press Enter.
The
Password:
prompt appears.
Step 3
Type your password and press Enter.
If your organization uses SecurID® tokens when logging in, append the token to your SecurID PIN and
use that as your password to log in. For example, if your PIN is
use that as your password to log in. For example, if your PIN is
1111
and the SecurID token is
222222
,
type
1111222222
. You must have already generated your SecurID PIN before you can log into the
FireSIGHT System.
The login banner appears, followed by the
>
prompt.
You can use any of the commands allowed by your level of command line access. See the
for more information on available CLI commands.
Logging into the Appliance to Set Up an Account
License:
Any
Some user accounts may be authenticated through an external authentication server. If your organization
allows you to log on to the FireSIGHT System using LDAP or RADIUS credentials, the first time you
log into the appliance using your external user credentials, the appliance associates those credentials
with a set of permissions by creating a local user record. The permissions for that local user record can
then be modified, unless they are granted through group or list membership, as follows:
allows you to log on to the FireSIGHT System using LDAP or RADIUS credentials, the first time you
log into the appliance using your external user credentials, the appliance associates those credentials
with a set of permissions by creating a local user record. The permissions for that local user record can
then be modified, unless they are granted through group or list membership, as follows:
•
If the default role for externally authenticated user accounts is set to a specific access role, you can
log into the appliance using your external account credentials without any additional configuration
by the system administrator.
log into the appliance using your external account credentials without any additional configuration
by the system administrator.
•
If an account is externally authenticated and by default receives no access privileges, you can log in
but cannot access any functionality. You (or your system administrator) can then change the
permissions to grant the appropriate access to user functionality.
but cannot access any functionality. You (or your system administrator) can then change the
permissions to grant the appropriate access to user functionality.
If you are a shell access user, the system does not create a local user account for you on the appliance.
Shell access is controlled entirely through either the shell access filter or PAM login attribute set for an
LDAP server, or the shell access list on a RADIUS server.
Shell access is controlled entirely through either the shell access filter or PAM login attribute set for an
LDAP server, or the shell access list on a RADIUS server.