Cisco Cisco FirePOWER Appliance 7010 Guía De Instalación
Initial Device Setup
Firepower 7000 Series Getting Started Guide
17
Next Steps
After you complete the initial setup process for an appliance and verify its success, Cisco recommends that you
complete various administrative tasks that make your deployment easier to manage. You should also complete any
tasks you skipped during the initial setup, such as device registration and licensing. For detailed information on
any the tasks described in the following sections, as well as information on how you can begin to configure your
deployment, see the Firepower Management Center Configuration Guide.
complete various administrative tasks that make your deployment easier to manage. You should also complete any
tasks you skipped during the initial setup, such as device registration and licensing. For detailed information on
any the tasks described in the following sections, as well as information on how you can begin to configure your
deployment, see the Firepower Management Center Configuration Guide.
Note:
If you want to use a serial or LOM/SOL connection to access your appliance’s console, you should redirect
console output; see Testing an Inline Bypass Interface Installation in the Firepower Management Center
Configuration Guide. If you want to use LOM specifically, you must enable the feature as well as enable at least
one LOM user; see
Configuration Guide. If you want to use LOM specifically, you must enable the feature as well as enable at least
one LOM user; see
.
Individual User Accounts
After you complete the initial setup, the only user on the system is the
admin
user, which has the Administrator
role and access. Users with that role have full menu and configuration access to the system, including via the
shell or CLI. Cisco recommends that you limit the use of the
shell or CLI. Cisco recommends that you limit the use of the
admin
account (and the Administrator role) for
security and auditing reasons.
Creating a separate account for each person who will use the system allows your organization not only to audit
actions and changes made by each user, but also to limit each person’s associated user access role or roles.
This is especially important on the Firepower Management Center, where you perform most of your
configuration and analysis tasks. For example, an analyst needs access to event data to analyze the security
of your network, but may not require access to administrative functions for the deployment.
actions and changes made by each user, but also to limit each person’s associated user access role or roles.
This is especially important on the Firepower Management Center, where you perform most of your
configuration and analysis tasks. For example, an analyst needs access to event data to analyze the security
of your network, but may not require access to administrative functions for the deployment.
The system includes ten predefined user roles designed for a variety of administrators and analysts. You can
also create custom user roles with specialized access privileges.
also create custom user roles with specialized access privileges.
Health and System Policies
By default, all appliances have an initial system policy applied. The system policy governs settings that are
likely to be similar for multiple appliances in a deployment, such as mail relay host preferences and time
synchronization settings. Cisco recommends that you use the Firepower Management Center to apply the
same system policy to itself and all the devices it manages.
likely to be similar for multiple appliances in a deployment, such as mail relay host preferences and time
synchronization settings. Cisco recommends that you use the Firepower Management Center to apply the
same system policy to itself and all the devices it manages.
By default, the Firepower Management Center also has a health policy applied. A health policy, as part of the
health monitoring feature, provides the criteria for the system continuously monitoring the performance of the
appliances in your deployment. Cisco recommends that you use the Firepower Management Center to apply
a health policy to all the devices it manages.
health monitoring feature, provides the criteria for the system continuously monitoring the performance of the
appliances in your deployment. Cisco recommends that you use the Firepower Management Center to apply
a health policy to all the devices it manages.
Software and Database Updates
You should update the system software on your appliances before you begin any deployment. Cisco
recommends that all the appliances in your deployment run the most recent version of the Firepower System.
If you are using them in your deployment, you should also install the latest intrusion rule updates, VDB, and
GeoDB.
recommends that all the appliances in your deployment run the most recent version of the Firepower System.
If you are using them in your deployment, you should also install the latest intrusion rule updates, VDB, and
GeoDB.
Caution:
Before you update any part of the Firepower System, you must read the release notes or advisory
text that accompanies the update. The release notes provide important information, including supported
platforms, compatibility, prerequisites, warnings, and specific installation and uninstallation instructions.
platforms, compatibility, prerequisites, warnings, and specific installation and uninstallation instructions.
Redirecting Console Output
By default, Firepower devices direct initialization status, or init, messages to the VGA port. If you want to use the
physical serial port or SOL to access the console, Cisco recommends you redirect console output to the serial port
after you complete the initial setup.
physical serial port or SOL to access the console, Cisco recommends you redirect console output to the serial port
after you complete the initial setup.