DocsYouTube ChannelDevNetCisco Defense Orchestrator DocsFirewall How To Community
Guides

Scenario 1 - FMC Configuration

Suggest Edits

In this scenario we will look at some of the typical steps when configuring a newly installed Firewall Management Center (FMC).

📘

Lab Tasks

These are the tasks in the scenario below. If you are familiar with the Secure Firewall you may do these on your own, or for step-by-step instructions see below.

  • Task 1 - Login to FMC2 and view the management interfaces
  • Task 2 - Configure FMC2 to send syslog audit log events to 198.19.10.15
  • Task 3 - Review FMC2 email notification settings
  • Task 4 - Review options for FMC2 restart/shutdown
  • Task 5 - Increase FMC2 connection event storage to 5M events

Task 1 - FMC Login

  1. Using the Quick Launch or the Google Chrome browser connect to the FMC2 web UI.
    Login as admin/C1sco12345. These credentials should be pre-populated in the browser.
**Figure 1:** Quick Launch FMC2 Web UI

Figure 1: Quick Launch FMC2 Web UI

The below pop up would be displayed when you login to the FMC for the first time. Read through the highlights displayed.

This FMC has been freshly installed and all the policies/settings are at their defaults.

📘

Info

You can change to the new magnetic UI by clicking on admin at the top right corner and choosing New. Similarly, you can change the UI to Light or Dusk to use different themes.

  1. Navigate to System > Configuration. Note that System is the gear icon in the upper right corner.


  2. The left panel contains a number of options for configuring the FMC. We will cover some of the most commonly used items. Click on Management Interfaces.

    While the initial setup of the FMC management interface allows basic connectivity, a common task is to add additional networking information here. On this page you can configure additional management interfaces, add DNS servers, routes or enter proxy information if needed. In this lab we will not be making any changes to these settings.

Task 2 - Syslog Configuration

  1. Click on Audit Log in the left panel.


Sending audit events to an external log server is often considered a best practice. Here you can configure the FMC to send audit events to up to five syslog hosts and/or an HTTP log server.

  1. We have a Splunk log server in our environment so let's forward the FMC audit logs here.

    1. Change Send Audit Log to Syslog to Enabled

    2. Enter the Splunk server IP 198.19.10.15 into the Hosts field.

    3. Click the Test Syslog Server button to test the connection.

    4. Click the Save button in the upper right corner to save the Audit Log configuration.

Task 3 - Review Email Notification

  1. Click Email Notification on the left panel.

    The FMC can send email alerts for various events such as health, intrusion, correlation, etc. This page configures the SMTP settings including the from email address to be used. Note that the SMTP server must be configured to allow mail relay from the FMC. As with the syslog settings there is a test button. Clicking this button will send a test email to an address you specify.

Task 4 - Review Process Settings

  1. Click Process on the left panel.

    This screen is used to shutdown or reboot the FMC. It can also be used to restart the console (the web UI). Keep in mind that if the FMC is shutdown it will have to be manually started up again. In the case of a physical FMC it means someone will have to press the power button. In the same way, a virtual FMC would have to be restarted by the hypervisor interface. Note: If you do this in dCloud you will be unable to restart the FMC.

Task 5 - Database Logging Options

  1. Click Database on the left panel.

    This page allows configuring the maximum event storage. The upper limits for the various event databases vary for different FMC models. For larger FMCs it is common to increase the event storage for databases such as the Connection Database.

  2. Add two additional zeros to the number in the Maximum Connection Events field. This will change the limit from 1 million to 100 million events. Then click the Save button.

    1. Notice you receive an error message because the FMCv is not capable of storing that many connection events.

    2. The message notes that the maximum event storage supported by this FMC model is 50,000,000 events.

    3. Click the Help icon in the menu bar (question mark in the black circle) and select Page-level help.

    4. This will open a new tab with the help for this page. Click Database Event Limits on the left-most part of the help page.

    5. This page indicates the event limits for each of the FMC models.

    6. Using the Page-level Help feature is a good way to get additional information or understand more about how the system operates. It will display context-sensitive information for the current FMC screen.

    7. Close the help tab to return to the FMC configuration page.

    8. Configure the FMC to store 49 million connection events and then Save the changes.


👍

Tell us how we are doing

We are doing our best to ensure the scenarios in this lab guides are useful, clear and work as expected.

Please share your thoughts to help us improve or fix any problems you may run into..

Click here to provide your feedback or report an issue with this guide

Updated 5 months ago

What’s Next

To continue with this lab, click the scenario below.

© 2024 Cisco Systems, Inc.
Title of the document The current suggested release is 7.4.2 Release 7.7 is live! Reminder that 7.7 firewalls are Snort 3 only