Here's a Cisco link for the Cisco Firepower 1010 setup guide and videos for configuring Cisco FTD via Firepower Device Manager (FDM). The Firepower 1010 security appliance is the replacement for the Cisco ASA 5506-X. There are also free tranining videos from Cisco for their Next-Generation Firewall (NGFW).
Below is the front panel and the chassis looks similar to a Cisco WLC 3504 wireless controller.
You'll find the chassis serial number in the bottom.
The Status LED for Power, Status (System OS) and Active (Failover) are located on the top chassis.
In the back panel, you'll find the power socket, 8x GE ports, Management port, 2x console ports: RJ45 and USB Mini B, External USB 3.0 Type A (for disk1 storage), Kensington lock slot and the reset button.
The 8x GE ports are used as follows: Ethernet1/1 (WAN/ISP), Ethernet1/2 - 8 (Layer 2 switch ports) with ports 7 and 8 that supports PoE+ (30 watts per port).
The Firepower 1010 uses an AC power adapter (FPR1K-DT-PWR-AC) with an IEC 60320/C5 connector (shaped like a Mickey Mouse head). I used a Europe plug (CAB-AC-C5-UK).
In FTD 6.4 and earlier, the Management1/1, FMC or FDM machines are connected using a Layer 2 switch. This is in contrast with FTD 6.5 and above wherein you can directly use the FTD Layer 2 ports to connect Management1/1 without the need for an additional Layer 2 switch.
Below is the Firepower 1010 initial bootup.
*******************************************************************************
Cisco System ROMMON, Version 1.0.05, RELEASE SOFTWARE
Copyright (c) 1994-2019 by Cisco Systems, Inc.
Compiled Wed 04/03/2019 18:07:24.29 by builder
*******************************************************************************
Current image running: Boot ROM0
Last reset cause: PowerOn (0x00000001)
DIMM0 : Present
Platform FPR-1010 with 8192 MBytes of main memory
BIOS has been successfully locked !!
MAC Address: 5c:5a:c7:b8:f7:80
Use BREAK or ESC to interrupt boot.
Use SPACE to begin boot immediately.
Boot in 6
seconds. // SIMILAR TO ASA 10 SECONDS COUNTER TO INTERRUPT BOOTUP AND ENTER ROMMON
Use SPACE to begin boot immediately.
File size is 0x0000003b
Located .boot_string
Image size 59 inode num 16, bks cnt 1 blk size 8*512
Attempt autoboot: "boot disk0:installables/switch/fxos-k8-fp2k-lfbff.2.6.1.133.SPA"
File size is 0x0a270820
Located installables/switch/fxos-k8-fp2k-lfbff.2.6.1.133.SPA
Image size 170330144 inode num 114027, bks cnt 41585 blk size 8*512
########################################################################################################################################################################################
<OUTPUT TRUNCATED>
###############################################################################################################################################################################################
+-------------------------------------------------------------------+
+------------------------- SUCCESS ---------------------------------+
+-------------------------------------------------------------------+
| |
| LFBFF signature authentication passed !!! |
| |
+-------------------------------------------------------------------+
LFBFF signature verified.
+-------------------------------------------------------------------+
+------------------------- SUCCESS ---------------------------------+
+-------------------------------------------------------------------+
| |
| LFBFF controller type check passed !!! |
| |
+-------------------------------------------------------------------+
INIT: version 2.88 booting
Starting udev
Configuring network interfaces... done.
Populating dev cache
Primary SSD discovered
fsck from util-linux 2.26.2
[/sbin/fsck.ext3 (1) -- /dev/sda1] fsck.ext3 -a /dev/sda1
/dev/sda1: clean, 8827/488640 files, 409748/1953024 blocks
fsck(/dev/sda1) returned 0
fsck from util-linux 2.26.2
[/sbin/fsck.ext3 (1) -- /dev/sda2] fsck.ext3 -a /dev/sda2
/dev/sda2: clean, 137/61056 files, 36376/244224 blocks
fsck(/dev/sda2) returned 0
fsck from util-linux 2.26.2
[/sbin/fsck.ext3 (1) -- /dev/sda3] fsck.ext3 -a /dev/sda3
/dev/sda3: clean, 145/61056 files, 13258/244224 blocks
fsck(/dev/sda3) returned 0
fsck from util-linux 2.26.2
[/sbin/fsck.ext3 (1) -- /dev/sda4] fsck.ext3 -a /dev/sda4
/dev/sda4: clean, 13/1831424 files, 158996/7324160 blocks
fsck(/dev/sda4) returned 0
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
FIPS POST Test Script
NOTICE: The FIPS POST is not run because the FIPS feature is not enabled
Running postinst /etc/rpm-postinsts/100-dnsmasq...
Running postinst /etc/rpm-postinsts/101-dnsmasq...
INIT: Entering runlevel: 3
Starting system message bus: dbus.
Stopping all devices.
Starting all devices.
Processing /etc/c3xxx_dev0.conf
Checking status of all devices.
There is 1 QAT acceleration device(s) in the system:
qat_dev0 - type: c3xxx, inst_id: 0, node_id: 0, bsf: 01:00.0, #accel: 3 #engines: 6 state: up
ip6tables: Applying firewall rules: [ OK ]
iptables: Applying firewall rules: [ OK ]
Starting OpenBSD Secure Shell server: sshd
done.
Starting rpcbind daemon...done.
starting statd: done
Starting Advanced Configuration and Power Interface daemon: acpid.
acpid: starting up with netlink and the input layer
acpid: 1 rule loaded
acpid: waiting for events: event logging is off
starting 8 nfsd kernel threads: done
starting mountd: done
Starting ntpd: done
Starting internet superserver: xinetd.
No makedumpfile found.
Starting fan control daemon: fancontrol... done.
INFO: in validating image ...
INFO: manager_validate_image: fxmgr_absfilename /mnt/boot/installables/switch/fxos-k9-fp2k-manager.2.6.1.133.SPA
INFO: Validating image /mnt/boot/installables/switch/fxos-k9-fp2k-manager.2.6.1.133.SPA signature ...
: File /mnt/boot/installables/switch/fxos-k9-fp2k-manager.2.6.1.133.SPA size 26206720
Computed Hash SHA2: 408939ad0cb649d8b5522446f36c5287
6e1ec865fae6f11b273242a50b79871b
71d91931543658a9c9a12a4e69073a8f
8bae413f2b4953a7d4a3d01ee5043c8e
Embedded Hash SHA2: 408939ad0cb649d8b5522446f36c5287
6e1ec865fae6f11b273242a50b79871b
71d91931543658a9c9a12a4e69073a8f
8bae413f2b4953a7d4a3d01ee5043c8e
The digital signature of the file: fxos-k9-fp2k-manager.2.6.1.133.SPA verified successfully
INFO: beginning of manager_install
INFO: manager_install: fxmgr=/mnt/boot/installables/switch/fxos-k9-fp2k-manager.2.6.1.133.SPA chmgr= update=false
INFO: mkdir -p /tmp/fxmgr
INFO: /bin/tar -xvzf /tmp/fxmgr/fxos-kp-manager.2.6.1.133.tgz ...
INFO: manager_install: shutting down the old version ...
INFO: Terminating DME and all AGs ...
INFO: --
INFO: manager_install: Unlinking a old libraries ...
INFO: manager_install: Deleting the old manager image ...
INFO: manager_install: Installing the new image ...
INFO: deleting unnecessary xml file..!!
INFO: deleted unnecessary xml file..!!
INFO: manager_post_install ...
INFO: manager_post_install: fxmgr=/mnt/boot/installables/switch/fxos-k9-fp2k-manager.2.6.1.133.SPA chmgr= update=false
INFO: manager_post_install: Linking libraries ...
INFO: manager_post_install: Linking binaries ...
INFO: Trying to add iptables and ip6tables rules ...
INFO: Set up Application Diagnostic Interface ...
INFO: Configure management interface ...
Firepower 1xxx platform..
RTNETLINK answers: File exists
RTNETLINK answers: File exists
Assigning ip to eth0 in FPR-1xxx platform
INFO: Configure rmu interface ...
Bring up rmu and swp1-swp10 switch interfaces
create and bringup lldp sub-interface on lldp-swp7, lldp-swp8
create and bringup lacp and mgmt sub-interface on (lacp-swp1 to lacp-swp8), (mgmt-swp1 to mgmt-swp8)
Stopping rpcbind daemon...
done.
stopping mountd: done
stopping nfsd: .done
INFO: Configure system files ...
INFO: System Name is: firepower
Starting sensors logging daemon: sensord... done.
INFO: manager_startup: setting up fxmgr apache ...
INFO: manager_startup: Start manager httpd setup...
INFO: manager_startup: using HTTPD_INFO persistent cache
/bin/rm: cannot remove '/tmp/openssl.conf': No such file or directory
httpdRegister INFO: [httpd.3520 -s -4 172.16.2.14 -n localhost]
httpdRegister INFO: SKIP httpd syntax check
httpdRegister INFO: Starting httpd setup/registration...
httpdRegister INFO: Completed httpd setup/registration!
INFO: httpdRegister [httpd.3520 script exit]
INFO: manager_startup: Completed manager httpd setup!
Starting crond: OK
1:/opt/cisco/csp/cores
/opt/cisco/csp/cores 31457280
Threat Defense System: CMD=-bootup, CSP-ID=cisco-ftd.6.4.0.102__ftd_001_JMX2324G1THA28AI31, FLAG=''
System is booting up ...
Cisco FTD booted up successfully.
INFO: System Disk /dev/sda present. Status: Operable.
Cisco FPR Series Security Appliance
firepower login:
Waiting for Application infrastructure to be ready...
Verifying the signature of the Application image...
Creating FXOS swap file ...
Sep 7 02:16:01 firepower port-manager : Alert: Internal1/2 link changed to UP
Sep 7 02:16:01 firepower port-manager : Alert: Internal1/1 link changed to UP
ipsec_starter[9666]: Starting strongSwan 5.3.3 IPsec [starter]...
scepclient[9915]: fingerprint: c51d46087deeb88c00d78860ac138702
scepclient[9915]: transaction ID: 11665FBA795D1DC911B4A98A188BC252
ipsec_starter[9945]: charon (9947) started after 160 ms
Sep 7 02:17:28 firepower port-manager : Alert: Ethernet1/1 link changed to UP
Cisco FTD initializing ...
Verify FSIC, File System Integrity Check
Obtained uid 501 and gid 501 for external user
verify_fsic(start)
Do not run FSIC twice for SSP systems...
Initializing Threat Defense ... [ OK ]
Starting system log daemon... [ OK ]
Adding swapfile /ngfw/Volume/.swaptwo
Flushing all current IPv4 rules and user defined chains: ...success
Clearing all current IPv4 rules and user defined chains: ...success
Applying iptables firewall rules:
Flushing chain `PREROUTING'
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Flushing chain `POSTROUTING'
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Applying rules successed
Flushing all current IPv6 rules and user defined chains: ...success
Clearing all current IPv6 rules and user defined chains: ...success
Applying ip6tables firewall rules:
Flushing chain `PREROUTING'
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Flushing chain `POSTROUTING'
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Applying rules successed
Starting nscd...
mkdir: created directory '/var/run/nscd' [ OK ]
Starting , please wait......complete.
cleaning up *.TMM and *.TMD files
Configuring NTP... [ OK ]
Stopping all devices.
Starting all devices.
Processing /etc/c3xxx_dev0.conf
Checking status of all devices.
There is 1 QAT acceleration device(s) in the system:
qat_dev0 - type: c3xxx, inst_id: 0, node_id: 0, bsf: 01:00.0, #accel: 3 #engines: 6 state: up
SIOCSIFADDR: No such device
br0: ERROR while getting interface flags: No such device
SIOCSIFNETMASK: No such device
br0: ERROR while getting interface flags: No such device
Not reconfigurating
Mon Sep 7 02:18:16 UTC 2020
Starting MySQL...
Pinging mysql
Pinging mysql, try 1
Found mysql is running
Running initializeObjects...
Stopping MySQL...
Killing mysqld with pid 15033
Wait for mysqld to exit\c
done
Mon Sep 7 02:18:26 UTC 2020
Skipping sfifd for this platform...
Starting Cisco Firepower 1010 Threat Defense, please wait...No PM running!
...started.
Cisco FTD initialization finished successfully.
memif is not enabled.
IO Memory Nodes: 1
IO Memory Per Node: 549453824 bytes num_pages = 134144 page_size = 4096
Global Reserve Memory Per Node: 786432000 bytes Nodes=1
LCMB: got 1073741824 bytes on numa-id=0, phys=0x200000000, virt=0x2b7e00000000
LCMB: HEAP-CACHE POOL got 784334848 bytes on numa-id=0, virt=0x2b7e40000000
total mem 3079146512 new 3079146512 old 659707216 reserv 1858076672 pri new 1233403878 pri old 0 system 8394846208 kernel 12334038 image 110253392
Processor memory: 3079146512
POST started...
POST finished, result is 0 (hint: 1 means it failed)
Compiled on Tue 02-Jul-19 17:13 PDT by builders
SSL Hardware Offload is Enabled
Using configured value (300000) from /mnt/disk0/.private/ctm_scb_handles.conf
FPR-1010 platformpci_do_probe_wc(): Adding WC-NIC vid = 0x8086 did = 0x15c2
Total NICs found: 6
x550em_kr rev 0x11 10 Gigabit Ethernet, index 00 MAC: 00a0.c900.0000
en_vtun rev00 Backplane Ext-Mgmt Interface @ index 02 MAC: 5c5a.c7b8.f781
en_vtun rev00 Backplane Tap Interface @ index 03 MAC: 0000.0100.0001
en_vtun rev00 Backplane Control Interface @ index 05 MAC: 0000.0300.0101
WARNING: Attribute already exists in the dictionary.
*** Intel QAT Crypto on-board accelerator detected
Encryption hardware device : Cisco FP Crypto on-board accelerator (revision 0x11)
Driver version : 4.1.0
Encryption hardware device : Cisco FP Crypto on-board accelerator (revision 0x11)
Driver version : 4.1.0
Encryption hardware device : Cisco FP Crypto on-board accelerator (revision 0x11)
Driver version : 4.1.0
Encryption hardware device : Cisco FP Crypto on-board accelerator (revision 0x11)
Driver version : 4.1.0
Encryption hardware device : Cisco FP Crypto on-board accelerator (revision 0x11)
Driver version : 4.1.0
Encryption hardware device : Cisco FP Crypto on-board accelerator (revision 0x11)
Driver version : 4.1.0
****************************** Warning *******************************
This product contains cryptographic features and is
subject to United States and local country laws
governing, import, export, transfer, and use.
Delivery of Cisco cryptographic products does not
imply third-party authority to import, export,
distribute, or use encryption. Importers, exporters,
distributors and users are responsible for compliance
with U.S. and local country laws. By using this
product you agree to comply with applicable laws and
regulations. If you are unable to comply with U.S.
and local laws, return the enclosed items immediately.
A summary of U.S. laws governing Cisco cryptographic
products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by
sending email to export@cisco.com.
******************************* Warning *******************************
Copyright (c) 1996-2017 by Cisco Systems, Inc.
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Error No such device in set_linux_mac_address: Failed to assign MAC address for br0
Reading from flash...
!..
Cryptochecksum (unchanged): 219d676b d19c7cb2 38101f20 513e3534
INFO: Power-On Self-Test in process.
.......................................................................
INFO: Power-On Self-Test complete.
INFO: Starting SW-DRBG health test...
INFO: SW-DRBG health test passed.
M_MMAP_THRESHOLD 65536, M_MMAP_MAX 46984
User enable_1 logged in to firepower
Logins over the last 1 days: 1.
Failed logins since the last login: 0.
Type help o '?.
list of available commands.
firepower> // FTD INITIALIZED AROUND 5 MINS
firepower login: admin // DEFAULT LOGIN: admin / Admin123
Password:
Last login: Wed Aug 26 05:45:41 UTC 2020 on ttyS0
Successful login attempts for user 'admin' : 1
Copyright 2004-2019, Cisco and/or its affiliates. All rights reserved.
Cisco is a registered trademark of Cisco Systems, Inc.
All other trademarks are property of their respective owners.
Cisco Fire Linux OS v6.4.0 (build 2)
Cisco Firepower 1010 Threat Defense v6.4.0.3 (build 29)
Cisco Firepower Extensible Operating System (FX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (c) 2009-2019, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under
license.
Certain components of this software are licensed under the "GNU General Public
License, version 3" provided with ABSOLUTELY NO WARRANTY under the terms of
"GNU General Public License, Version 3", available here:
http://www.gnu.org/licenses/gpl.html. See User Manual (''Licensing'') for
details.
Certain components of this software are licensed under the "GNU General Public
License, version 2" provided with ABSOLUTELY NO WARRANTY under the terms of
"GNU General Public License, version 2", available here:
http://www.gnu.org/licenses/old-licenses/gpl-2.0.html. See User Manual
(''Licensing'') for details.
Certain components of this software are licensed under the "GNU LESSER GENERAL
PUBLIC LICENSE, version 3" provided with ABSOLUTELY NO WARRANTY under the terms
of "GNU LESSER GENERAL PUBLIC LICENSE" Version 3", available here:
http://www.gnu.org/licenses/lgpl.html. See User Manual (''Licensing'') for
details.
Certain components of this software are licensed under the "GNU Lesser General
Public License, version 2.1" provided with ABSOLUTELY NO WARRANTY under the
terms of "GNU Lesser General Public License, version 2", available here:
http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html. See User Manual
(''Licensing'') for details.
Certain components of this software are licensed under the "GNU Library General
Public License, version 2" provided with ABSOLUTELY NO WARRANTY under the terms
of "GNU Library General Public License, version 2", available here:
http://www.gnu.org/licenses/old-licenses/lgpl-2.0.html. See User Manual
(''Licensing'') for details.
firepower#
connect ftd // CONNECT TO FTD CLI (# PROMPT IS FOR FXOS CLI)
> ? // CLISH PROMPT (REGULAR FTD CLI)
aaa-server Specify a AAA server
activate-tunnel-group-scripts Reload ASDM generated scripts for username-from-certificate
app-agent Configure appagent features
asp Configure ASP parameters
attribute Modify a monitored attribute
blocks Set block diagnostic parameters
capture Capture inbound and outbound packets on one or more interfaces
capture-traffic Display traffic or save to specified file
clear Reset functions
cluster Cluster exec mode commands
configure Change to Configuration mode
connect Connect to another component.
copy Copy from one file to another
cpu general CPU stats collection tools
crypto Execute crypto Commands
debug Debugging functions (see also 'undebug')
delete Delete a file
dir List files on a filesystem
dns List files on a filesystem
dynamic-access-policy-config Activates the DAP selection configuration file.
eotool Change to Enterprise Object Tool Mode
exit Exit this CLI session
expert Invoke a shell
failover Perform failover operation in Exec mode
file Change to File Mode
fips Execute FIPS tests
fsck Filesystem check
help Interactive help for commands
history Display the current session's command line history
ldapsearch Test LDAP configuration
logging Configure flash file name to save logging buffer
logout Logout of the current CLI session
memory Memory tools
more Display the contents of a file
no Negate a command or set its defaults
nslookup Look up an IP address or host name with the DNS servers
packet-tracer trace packets in F1 data path
perfmon Change or view performance monitoring options
pigtail Tail log files for debugging (pigtail)
ping Test connectivity from specified interface to an IP address
pmtool Change to PMTool Mode
reboot Reboot the sensor
redundant-interface Redundant interface
restore This command is used to restore FTD from sfr prompt
sftunnel-status Show sftunnel status
show Show running system information
shun Manages the filtering of packets from undesired hosts
shutdown Shutdown the sensor
system Change to System Mode
tail-logs Tails the logs selected by the user
test Test subsystems, memory, interfaces, and configurations
traceroute Find route to remote network
undebug Disable debugging functions (see also 'debug')
verify Verify a file
vpn-sessiondb Configure the VPN Session Manager
webvpn-cache Remove cached object
> show ?
access-control-config audit-cert audit-log
coredump cpu database
disk disk-manager dns
high-availability https-access-list ipv6-icmp
log-events-to-ramdisk managers memory
model network network-dhcp-server
network-static-routes ntp packet
perfstats process-tree processes
serial-number snort ssh-access-list
ssl-policy-config ssl-protocol summary
syslog-config tech-support time
unified-logging user version
aaa aaa-server access-list
app-agent arp arp-inspection
as-path-access-list asp banner
bfd bgp blocks
bootvar bridge-group capture
chassis checkheaps checksum
chunkstat clns cluster
community-list config-cli configuration
conn console-output counters
crashinfo crypto ctiqbe
ctl-provider curpriv ddns
debug dhcpd dhcprelay
diameter disk0: disk1:
eigrp failover file
firewall flash: flow-export
fqdn fragment gc
h225 h245 h323
idb igmp inline-set
interface inventory ip
ipv6 isakmp isis
kernel key lisp
local-host logging mac-address-table
mac-learn message-layer mfib
mgcp mode monitor-interface
mrib mroute nameif
nat object-group ospf
packet-tracer pager parser
password pclu perfmon
pim policy-list policy-route
prefix-list priority-queue quota
resource rip rollback-status
route route-map rule
running-config sctp service-policy
shun sip skinny
sla snmp-server snort
ssl startup-config sunrpc-server
tcpstat threat-detection time-range
tls-proxy track traffic
vlan vpdn vpn
vpn-sessiondb wccp webvpn
xlate zone
> show interface ip brief
Interface IP-Address OK? Method Status Protocol
Internal-Data0/0 unassigned YES unset up up
Ethernet1/1 unassigned YES unset up up
Ethernet1/2 unassigned YES unset admin down down
Ethernet1/3 unassigned YES unset admin down down
Ethernet1/4 unassigned YES unset admin down down
Ethernet1/5 unassigned YES unset admin down down
Ethernet1/6 unassigned YES unset admin down down
Ethernet1/7 unassigned YES unset admin down down
Ethernet1/8 unassigned YES unset admin down down
Internal-Control1/1 unassigned YES unset up up
Internal-Data1/1 169.254.1.1 YES unset up up
Internal-Data1/2 unassigned YES unset up up
Management1/1 unassigned YES unset up up
> show interface Management 1/1
Interface
Management1/1 "diagnostic", is up, line protocol is up // DIAGNOSTIC IS A LOGICAL INTERFACE; ONLY ALLOWS MANAGEMENT TRAFFIC; IT DOESN'T SUPPORT SSH; USED FOR SNMP AND SYSLOG
Hardware is en_vtun rev00, BW Unknown Speed-Capability, DLY 1000 usec
Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)
Input flow control is unsupported, output flow control is unsupported
MAC address 5c5a.c7b8.f781, MTU 1500
IP address unassigned
1730 packets input, 149633 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
1 L2 decode drops, 0 demux drops
0 packets output, 0 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 0 interface resets
0 late collisions, 0 deferred
0 input reset drops, 0 output reset drops
input queue (blocks free curr/low): hardware (0/0)
output queue (blocks free curr/low): hardware (0/0)
Traffic Statistics for "diagnostic":
1728 packets input, 125257 bytes
0 packets output, 0 bytes
1309 packets dropped
1 minute input rate 1 pkts/sec, 58 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 1 pkts/sec, 91 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
Management-only interface. Blocked 0 through-the-device packets
There are various FTD CLI modes: FTD CLI (> prompt), expert mode ($ prompt) and FXOS CLI mode (# prompt). Just type exit to return to FXOS CLI.
> exit
firepower# ?
acknowledge Acknowledge
backup Backup
commit-buffer Commit transaction buffer
connect Connect to Another CLI
discard-buffer Discard transaction buffer
end Go to exec mode
exit Exit from command interpreter
scope Changes the current mode
set Set property values
show Show system information
terminal Set terminal line parameters
top Go to the top mode
up Go up one mode
where Show information about the current mode
firepower# show ?
chassis Chassis
cli CLI Information
clock Clock
configuration Configuration
eth-uplink Ethernet Uplink
event Event Management
fabric-interconnect Show NGFW
fault Fault
fxos-mode Fxos-mode
identity Identity
ntp-overall-status NTP Overall Time-Sync Status
registry-repository Registry Repository
security security mode
server Server
system Systems
timezone Set timezone
version System version
I was
unable to initially access the management IP address 192.168.45.45 via HTTPS so I performed a
"factory reset" using the reset button. Just
press and hold for 10 seconds using a pen or pencil point then release.
> 2020-09-07 02:38:50 logmonitor[15948]: syslog-ng not running. starting it.
(®+‘…ÍÑmessage from root@firepower (Mon Sep 7 02:38:54 2020)2020-09-07 02:38:55 logmonitor[15948]: Failed to start syslog-ng.
Stopping all devices.
device busy
Stopping OpenBSD Secure Shell server: sshd
stopped /usr/sbin/sshd (pid 9932)
done.
Stopping Advanced Configuration and Power Interface daemon: stopped /usr/sbin/acpid (pid 1655)
acpid.
Stopping system message bus: dbus.
stopping mountd: done
stopping nfsd: done
Stopping ntpd: stopped process in pidfile '/var/run/ntp.pid' (pid 10253)
done
Stopping internet superserver: xinetd.
stopping statd: done
no /etc/sysconfig/kdump.conf
Stopping rpcbind daemon...
not running.
Stopping fan control daemon: fancontrol... no process in pidfile '/var/run/fancontrol.pid' found; none killed
done.
Stopping sensors logging daemon: sensord... stopped /usr/sbin/sensord (pid 3495)
done.
Deconfiguring network interfaces... done.
ip6tables: Setting chains to policy ACCEPT: mangle filter [ OK ]
ip6tables: Flushing firewall rules: [ OK ]
ip6tables: Unloading modules: [ OK ]
iptables: Setting chains to policy ACCEPT: mangle filter [ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
SSP-Security-Module is shutting down ...
Mon Sep 7 02:38:57 UTC 2020 SHUTDOWN WARNING: Beginning System Shutdown request for CSP Apps
Mon Sep 7 02:38:57 UTC 2020 SHUTDOWN WARNING: Continue System Shutdown request for CSP Apps
/bin/ls: cannot access /opt/cisco/config/heimdall/etc: No such file or directory
/bin/ls: cannot access /opt/cisco/csp/applications/configs: No such file or directory
ls: cannot access /opt/cisco/config/heimdall/etc: No such file or directory
Mon Sep 7 02:38:57 UTC 2020 SHUTDOWN WARNING: Nothing to do for Apps-Services-Down
Sending ALL processes the TERM signal ...
ipsec_starter[9945]: charon stopped after 400 ms
ipsec_starter[9945]: ipsec starter stopped
Note: SIGKILL_ALL will be triggered after after 0 + 2 secs ...
Sending ALL processes the KILL signal ...
Deactivating swap...
Unmounting local filesystems...
Rebooting... [ 1467.752977] reboot: Restarting system
firepower-1010# connect ftd
Error: Application is not installed.
firepower-1010#
Threat Defense System: CMD=-install, CSP-ID=cisco-ftd.6.4.0.102__ftd_001_JMX2324G1THPHT8K11, FLAG=''
System begins installation ...
Cisco FTD installation finished successfully.
Verifying signature for cisco-ftd.6.4.0.102 ...
Verifying signature for cisco-ftd.6.4.0.102 ... success
Threat Defense System: CMD=-start, CSP-ID=cisco-ftd.6.4.0.102__ftd_001_JMX2324G1THPHT8K11, FLAG=''
System starting ...
Registering to process manager ...
Cisco FTD started successfully.
Cisco FTD initializing ...
Verify FSIC, File System Integrity Check
Configuring model to 78A...
firepower-1010#
Obtained uid 501 and gid 501 for external user
/ngfw/usr/bin/clish: error while loading shared libraries: libclish.so.1: cannot open shared object file: No such file or directory
firepower-1010# verify_fsic(start)
Do not run FSIC twice for SSP systems...
Initializing Threat Defense ... [ OK ]
Starting system log daemon... [ OK ]
Disk free check passed, creating swap...
Building swapfile /ngfw/Volume/.swaptwo of size 5508236kb
firepower-1010#
5508236+0 records in
5508236+0 records out
5640433664 bytes (5.6 GB) copied, 19.3411 s, 292 MB/s
Setting up swapspace version 1, size = 5.3 GiB (5640429568 bytes)
no label, UUID=fea3f797-62d5-4a65-ab19-a3316ba05ec6
Adding swapfile /ngfw/Volume/.swaptwo
Flushing all current IPv4 rules and user defined chains: ...success
Clearing all current IPv4 rules and user defined chains: ...success
Applying iptables firewall rules:
Flushing chain `PREROUTING'
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Flushing chain `POSTROUTING'
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Applying rules successed
Flushing all current IPv6 rules and user defined chains: ...success
Clearing all current IPv6 rules and user defined chains: ...success
Applying ip6tables firewall rules:
Flushing chain `PREROUTING'
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Flushing chain `POSTROUTING'
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Applying rules successed
Starting nscd...
mkdir: created directory '/var/run/nscd' [ OK ]
Starting , please wait......complete.
cleaning up *.TMM and *.TMD files
Firstboot detected, executing scripts
Executing S01virtual-machine-reconfigure [ OK ]
Executing S01z_copy_startup-config [ OK ]
Executing S02aws-pull-cfg [ OK ]
Executing S02configure_onbox [ OK ]
Executing S04fix-httpd.sh [ OK ]
Executing S05set-default-ipv4.pl
You must accept the EULA to continue.
Press <ENTER> to display the EULA: <HIT ENTER TO CONTINUE>
<OUTPUT TRUNCATED - HIT SPACE BAR>
18. Integration. If any portion of this EULA is found to be void or
unenforceable, the remaining provisions of the EULA shall remain in full force
and effect. Except as expressly stated or as expressly amended in a signed
agreement, the EULA constitutes the entire agreement between the parties with
respect to the license of the Software and supersedes any conflicting or
additional terms contained in any purchase order or elsewhere, all of which
terms are excluded. The parties agree that the English version of the EULA will
govern in the event of a conflict between it and any version translated into
another language.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco
and/or its affiliates in the U.S. and other countries. To view a list of Cisco
trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks
mentioned are the property of their respective owners. The use of the word
partner does not imply a partnership relationship between Cisco and any other
company.
System initialization in progress. Please stand by. |
********** Attention **********
Initializing the system's localization settings. Depending on available
system resources (CPU, memory, and disk), this may take 10 minutes
or more to complete.
********** Attention **********
Executing S97update_modprobe.pl [ OK ]
Executing S98check-db-integrity.sh [ OK ]
Executing S98htaccess-init [ OK ]
Executing S99configure_mysql [ OK ]
Executing S99correct_ipmi.pl [ OK ]
Executing S99ssl_hw_mode.sh [ OK ]
Executing S99start-system [ OK ]
Executing S99z_db_restore [ OK ]
Firstboot scripts finished.
Configuring NTP... [ OK ]
Stopping all devices.
Starting all devices.
Processing /etc/c3xxx_dev0.conf
Checking status of all devices.
There is 1 QAT acceleration device(s) in the system:
qat_dev0 - type: c3xxx, inst_id: 0, node_id: 0, bsf: 01:00.0, #accel: 3 #engines: 6 state: up
SIOCSIFADDR: No such device
br0: ERROR while getting interface flags: No such device
SIOCSIFNETMASK: No such device
br0: ERROR while getting interface flags: No such device
Model reconfigure detected, executing scripts
Pinging mysql
Found mysql is running
Executing 45update-sensor.pl [ OK ]
Executing 55recalculate_arc.pl [ OK ]
Mon Sep 7 03:00:45 UTC 2020
Starting MySQL...
Pinging mysql
Pinging mysql, try 1
Found mysql is running
Running initializeObjects...
Stopping MySQL...
Killing mysqld with pid 7993
Wait for mysqld to exit\c
done
Mon Sep 7 03:00:56 UTC 2020
Skipping sfifd for this platform...
Starting Cisco Firepower 1010 Threat Defense, please wait...No PM running!
...started.
Cisco FTD initialization finished successfully.
memif is not enabled.
IO Memory Nodes: 1
IO Memory Per Node: 549453824 bytes num_pages = 134144 page_size = 4096
Global Reserve Memory Per Node: 786432000 bytes Nodes=1
LCMB: got 1073741824 bytes on numa-id=0, phys=0x200000000, virt=0x2b8740000000
LCMB: HEAP-CACHE POOL got 784334848 bytes on numa-id=0, virt=0x2b8705400000
total mem 3079146512 new 3079146512 old 659684624 reserv 1858076672 pri new 1233403878 pri old 0 system 8394846208 kernel 12334038 image 110230800
Processor memory: 3079146512
POST started...
POST finished, result is 0 (hint: 1 means it failed)
Compiled on Mon 22-Apr-19 08:39 PDT by builders
SSL Hardware Offload is Enabled
FPR-1010 platformpci_do_probe_wc(): Adding WC-NIC vid = 0x8086 did = 0x15c2
Total NICs found: 6
x550em_kr rev 0x11 10 Gigabit Ethernet, index 00 MAC: 00a0.c900.0000
en_vtun rev00 Backplane Ext-Mgmt Interface @ index 02 MAC: 5c5a.c7b8.f781
en_vtun rev00 Backplane Tap Interface @ index 03 MAC: 0000.0100.0001
en_vtun rev00 Backplane Control Interface @ index 05 MAC: 0000.0300.0101
WARNING: Attribute already exists in the dictionary.
License mode file was not found. Assuming this is the initial bootup. Setting the license mode to Smart Licensing.
INFO: Unable to read firewall mode from flash
Writing default firewall mode (single) to flash
INFO: Unable to read cluster interface-mode from flash
Writing default mode "None" to flash
*** Intel QAT Crypto on-board accelerator detected
Encryption hardware device : Cisco FP Crypto on-board accelerator (revision 0x11)
Driver version : 4.1.0
Encryption hardware device : Cisco FP Crypto on-board accelerator (revision 0x11)
Driver version : 4.1.0
Encryption hardware device : Cisco FP Crypto on-board accelerator (revision 0x11)
Driver version : 4.1.0
Encryption hardware device : Cisco FP Crypto on-board accelerator (revision 0x11)
Driver version : 4.1.0
Encryption hardware device : Cisco FP Crypto on-board accelerator (revision 0x11)
Driver version : 4.1.0
Encryption hardware device : Cisco FP Crypto on-board accelerator (revision 0x11)
Driver version : 4.1.0
-
****************************** Warning *******************************
This product contains cryptographic features and is
subject to United States and local country laws
governing, import, export, transfer, and use.
Delivery of Cisco cryptographic products does not
imply third-party authority to import, export,
distribute, or use encryption. Importers, exporters,
distributors and users are responsible for compliance
with U.S. and local country laws. By using this
product you agree to comply with applicable laws and
regulations. If you are unable to comply with U.S.
and local laws, return the enclosed items immediately.
A summary of U.S. laws governing Cisco cryptographic
products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by
sending email to export@cisco.com.
******************************* Warning *******************************
Copyright (c) 1996-2017 by Cisco Systems, Inc.
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Error No such device in set_linux_mac_address: Failed to assign MAC address for br0
Reading from flash...
!
Cryptochecksum (changed): 6929aede 6646bb60 e7c2f077 d48e4bc9
INFO: Power-On Self-Test in process.
.......................................................................
INFO: Power-On Self-Test complete.
INFO: Starting SW-DRBG health test...
INFO: SW-DRBG health test passed.
User enable_1 logged in to firepower
Logins over the last 1 days: 1.
Failed logins since the last login: 0.
Type help o '?' for a list of available commands.
firepower> \
You must change the password for 'admin' to continue.
Sep 7 03:02:54 firepower port-manager : Alert: Ethernet1/1 link changed to DOWN
Enter new
password:
Confirm new password:
You must configure the network to continue.
Unable To Read Running Config: Unable to get current network information:SF::Util::getApplianceUUID: NO APPLIANCE UUID DEFINED......INVALID STATE at /usr/local/sf/lib/perl/5.10.1/SF/NetworkConf.pm line 81.
Printing stack trace:
called from /ngfw/usr/lib/perl5/site_perl/5.10.1/Error.pm (150)
called from /ngfw/usr/lib/perl5/site_perl/5.10.1/Error.pm (396)
called from /usr/local/sf/lib/perl/5.10.1/SF/NetworkConf.pm (82)
called from /usr/local/sf/bin/cli_firstboot (219)
called from /usr/local/sf/bin/cli_firstboot (1085)
I'm still
unable to access FDM (HTTPS) even though i can ping the Management IP.
C:\Windows\System32>ipconfig
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
IPv4 Address. . . . . . . . . . . : 192.168.45.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
C:\Windows\System32>ping 192.168.45.45 // DEFAULT MANAGEMENT IP ADDRESS
Pinging 192.168.45.45 with 32 bytes of data:
Reply from 192.168.45.45: bytes=32 time<1ms TTL=64
Reply from 192.168.45.45: bytes=32 time=1ms TTL=64
Reply from 192.168.45.45: bytes=32 time=1ms TTL=64
Reply from 192.168.45.45: bytes=32 time=1ms TTL=64
Ping statistics for 192.168.45.45:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 1ms, Average = 0ms
You can access the FTD CLI using the connect ftd command and to begin the initial configuration setup wizard.
firepower# connect ftd
System initialization in progress. Please stand by.
You must configure the network to continue.
You must configure at least one of IPv4 or IPv6.
Do you want to configure IPv4? (y/n) [y]: < HIT ENTER TO ACCEPT DEFAULT OPTION>
Do you want to configure IPv6? (y/n) [n]: < HIT ENTER TO ACCEPT DEFAULT OPTION>
Configure IPv4 via DHCP or manually? (dhcp/manual) [manual]: < HIT ENTER TO ACCEPT DEFAULT OPTION>
Enter an IPv4 address for the management interface [192.168.45.45]: < HIT ENTER TO ACCEPT DEFAULT OPTION>
Enter an IPv4 netmask for the management interface [255.255.255.0]: < HIT ENTER TO ACCEPT DEFAULT OPTION>
Enter the IPv4 default gateway for the management interface [data-interfaces]: 192.168.45.1
Enter a fully qualified hostname for this system [firepower]: fpr1010-ftd-lab
Enter a comma-separated list of DNS servers or 'none' [208.67.222.222,208.67.220.220]: < HIT ENTER TO ACCEPT DEFAULT OPTION>
Enter a comma-separated list of search domains or 'none' []: lab.com
If your networking information has changed, you will need to reconnect.
Setting DNS servers: 208.67.222.222 208.67.220.220
Setting DNS domains:lab.com
Setting hostname as fpr1010-ftd-lab
DHCP server is enabled with pool: 192.168.45.46-192.168.45.254. You may disable with configure network ipv4 dhcp-server-disable
Setting static IPv4: 192.168.45.45 netmask: 255.255.255.0 gateway: 192.168.45.1 on management0
Updating routing tables, please wait...
All configurations applied to the system. Took 3 Seconds.
Saving a copy of running network configuration to local disk.
For HTTP Proxy configuration, run 'configure network http-proxy'
Sep 7 03:11:22 fpr1010-ftd-lab port-manager : Alert: Ethernet1/1 link changed to UP
Manage the device locally? (yes/no) [yes]: < HIT ENTER TO ACCEPT DEFAULT OPTION> // FOR FDM ACCESS INSTEAD OF FMC
Configuring firewall mode to routed
Update policy deployment information
- add device configuration
Successfully performed firstboot initial configuration steps for Firepower Device Manager for Firepower Threat Defense.
> show managers
Managed locally.
> show interface ip brief
Interface IP-Address OK? Method Status Protocol
Internal-Data0/0 unassigned YES unset up up
Ethernet1/1 116.87.123.45 YES DHCP up up // ISP WAN
Ethernet1/2 192.168.1.1 YES unset down down
Ethernet1/3 192.168.1.1 YES unset down down
Ethernet1/4 192.168.1.1 YES unset down down
Ethernet1/5 192.168.1.1 YES unset down down
Ethernet1/6 192.168.1.1 YES unset down down
Ethernet1/7 192.168.1.1 YES unset down down
Ethernet1/8 192.168.1.1 YES unset down down
Internal-Control1/1 unassigned YES unset up up
Internal-Data1/1 169.254.1.1 YES unset up up
Internal-Data1/2 unassigned YES unset up up
Management1/1 unassigned YES unset up up
BVI1 192.168.1.1 YES manual up up
> show route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, V - VPN
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is 116.87.123.45 to network 0.0.0.0
S* 0.0.0.0 0.0.0.0 [1/0] via 116.87.123.45, outside // OBTAINED VIA DHCP FROM ISP
C 116.87.192.0 255.255.192.0 is directly connected, outside
L 116.87.195.156 255.255.255.255 is directly connected, outside
C 192.168.1.0 255.255.255.0 is directly connected, inside
L 192.168.1.1 255.255.255.255 is directly connected, inside
> configure password // CHANGE THE PASSWORD FOR "admin" ACCOUNT
Enter current password:
Enter new password:
Confirm new password:
Password Update successful.
It took around 5 mins to access FDM after the FTD had fully initialized. Just accept the self-signed certificate on the web browser to continue.
Login using the changed password for admin account.
You first need to configure the Internet Connection (WAN IP address on Ethernet1/1).
Configure IPv4 > Using DHCP (default). I
chose DHCP since I get a Dynamic IP address from my ISP.
IPv6 is disabled/Off by default.
I left the Management Interface settings since these were configured during the initial setup wizard. Click Next.
Select a Time Zone: UTC+08:00 Asia/Singapore > select NTP Time Server: Default NTP Servers (Cisco/Sourcefire public NTP servers) > click Next.
I'll skip the Register
the FTD device with Cisco Smart Software Manager for now.
Select Start 90-day evaluation period without registration > click Finish.
This would allow me to test all the FTD Smart License features: Threat, Malware and URL.
You can reconfigure the inside interface IP address (default is 192.168.1.0/24) and other system settings in the next steps.
This is pretty good to get me started. Thanks, I just bought one.
ReplyDelete