Section 2-3. Initial Firewall Configuration

2-3. Initial Firewall Configuration

A Cisco firewall can be configured through the CLI on the console port. You can enter configuration mode with the following privileged EXEC command:

 Firewall# configure terminal 

Commands can then be entered one at a time. To end configuration mode and return to EXEC mode, you can press Ctrl-z or enter exit. Chapters 3 through 9 cover all the firewall features and configuration commands.

TIP

Whenever you make configuration changes to a firewall, you should always make sure the running configuration is saved to a nonvolatile location. Otherwise, if the firewall is rebooted or if power is lost, your configuration changes also are lost.

You can save the running configuration to the firewall's nonvolatile Flash memory with the write mem command. Chapter 4 in section 4-3, "Managing Configuration Files," discusses this procedure in more detail.

You can use a firewall management application such as ASDM, PDM, or Firewall Management Center (Firewall MC, a part of the VMS software) to make configuration changes on a firewall. If you intend to do this, you need to give the firewall a minimal "bootstrap" configuration so that the management application can communicate with and manage it.

You can use the setup EXEC command to start the bootstrap procedure. The firewall then prompts you for the necessary values. At a minimum, the firewall needs the following parameters that are collected by the setup command:

• Enable password

• Current time (Coordinated Universal Time [UTC] or Greenwich Mean Time [GMT])

• Current date

• IP address of the firewall's inside interface (where it reaches the management application)

• Firewall's host name

• Firewall's domain name (used to generate an SSL certificate for web management access)

• Management station's IP address