You'll need to perform an FTD software upgrade to 6.5 (and above) in order to directly connect Management1/1 to any of the Layer 2 interfaces (Ethernet1/2 - 8). This is similar to the ASA 5506-X deployment which doesn't require for an additional switch.
Cisco introduced a new software release delivery model starting with the FTD 6.4 and ASA 9.12. The Extra Long Term Release (XLTR) which are even release numbers (i.e. 6.4 / 6.8) has a longer software support up to 4 years. The Long Term Release (LTR) which are also even release numbers (i.e. 6.6) has a longer software support up to 3 years. The Short Term Release (STR) which are odd release numbers (i.e. 6.5 / 6.7) has a shorter software support up to 1.5 years.
Below is what my lab topology would look like once I upgraded Firepower 1010 to 6.5 code. Management1/1 interface is connected to Ethernet1/2 which is in VLAN 1 (192.168.1.0/24). This will allow Management to fetch updates and Smart License over the Internet (to Cisco cloud).
Below is the recommended FTD software upgrade path. I'm currently on version 6.4 so I can directly upgrade to 6.5. Note for Firepower 2100/4100 series, there's an intermediary upgrade path: 6.1 > 6.2.3 > 6.4.
Download the install package cisco-ftd-fp1k.6.5.0-115.SPA from the Cisco's download website.
To view the current version, go to Device > Updates > View Configuration > System Upgrade.
Notice the Current version is 6.4.0-102.
Note the System
Upgrade is used to perform minor upgrades or patch, i.e. 6.4.x.
INFO: Power-On Self-Test in process.
.......................
INFO: Power-On Self-Test complete.
INFO: Starting SW-DRBG health test...
INFO: SW-DRBG health test passed.
User enable_1 logged in to fpr1010-ftd-lab
Logins over the last 1 days: 1.
Failed logins since the last login: 0.
fpr1010-ftd-lab
login: admin // LOGIN TO FTD
Password:
Last login: Mon Sep 7 05:03:40 UTC 2020 from 192.168.45.2 on pts/0
Successful login attempts for user 'admin' : 1
Copyright 2004-2019, Cisco and/or its affiliates. All rights reserved.
Cisco is a registered trademark of Cisco Systems, Inc.
All other trademarks are property of their respective owners.
Cisco Fire Linux OS v6.4.0 (build 2)
Cisco Firepower 1010 Threat Defense v6.4.0 (build 102)
Cisco Firepower Extensible Operating System (FX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (c) 2009-2019, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under
license.
Certain components of this software are licensed under the "GNU General Public
License, version 3" provided with ABSOLUTELY NO WARRANTY under the terms of
"GNU General Public License, Version 3", available here:
http://www.gnu.org/licenses/gpl.html. See User Manual (''Licensing'') for
details.
Certain components of this software are licensed under the "GNU General Public
License, version 2" provided with ABSOLUTELY NO WARRANTY under the terms of
"GNU General Public License, version 2", available here:
http://www.gnu.org/licenses/old-licenses/gpl-2.0.html. See User Manual
(''Licensing'') for details.
Certain components of this software are licensed under the "GNU LESSER GENERAL
PUBLIC LICENSE, version 3" provided with ABSOLUTELY NO WARRANTY under the terms
of "GNU LESSER GENERAL PUBLIC LICENSE" Version 3", available here:
http://www.gnu.org/licenses/lgpl.html. See User Manual (''Licensing'') for
details.
Certain components of this software are licensed under the "GNU Lesser General
Public License, version 2.1" provided with ABSOLUTELY NO WARRANTY under the
terms of "GNU Lesser General Public License, version 2", available here:
http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html. See User Manual
(''Licensing'') for details.
Certain components of this software are licensed under the "GNU Library General
Public License, version 2" provided with ABSOLUTELY NO WARRANTY under the terms
of "GNU Library General Public License, version 2", available here:
http://www.gnu.org/licenses/old-licenses/lgpl-2.0.html. See User Manual
(''Licensing'') for details.
> show version // VIEW CURRENT FTD OS VERSION
----------------[ fpr1010-ftd-lab ]-----------------
Model : Cisco Firepower 1010 Threat Defense (78) Version 6.4.0 (Build 102)
UUID : 83279f6a-f0b4-11ea-84c6-a4fb412e1234
Rules update version : 2018-10-10-001-vrt
VDB version : 309
----------------------------------------------------
Type exit > scope firmware > download image tftp://<IP ADDRESS>/<FTD INSTALL PACKAGE FILE>
> exit
fpr1010-ftd-lab# scope firmware
fpr1010-ftd-lab /firmware # download image tftp://192.168.45.10/cisco-ftd-fp1k.6.5.0-115.SPA
Please use the command 'show download-task' or 'show download-task detail' to check download progress.
You can use either the show download-task or show event commands to monitor the download progress.
fpr1010-ftd-lab /firmware # show download-task
Download task:
File Name Protocol Server Port Userid State
--------- -------- --------------- ---------- --------------- -----
cisco-ftd-fp1k.6.5.0-115.SPA
Tftp 192.168.45.10 0 Downloading
fpr1010-ftd-lab /firmware # show event
Creation Time ID Code Description
------------------------ -------- -------- -----------
2020-09-12T03:36:39.473 31157 E4195704 [FSM:STAGE:ASYNC]: downloading image
cisco-ftd-fp1k.6.5.0-115.SPA from 192.168.45.10(FSM-STAGE:sam:dme:FirmwareDownlo
aderDownload:Local)
2020-09-12T03:36:39.472 31149 E4195702 [FSM:STAGE:END]: (FSM-STAGE:sam:dme:F
irmwareDownloaderDownload:begin)
2020-09-12T03:36:39.472 31156 E4195703 [FSM:STAGE:END]: checking pending man
agement network config(FSM-STAGE:sam:dme:FirmwareDownloaderDownload:CheckPending
NetworkConfig)
2020-09-12T03:36:39.471 31148 E4195702 [FSM:BEGIN]: downloading image cisco-
ftd-fp1k.6.5.0-115.SPA from 192.168.45.10(FSM:sam:dme:FirmwareDownloaderDownload
Notice the State is still Downloading. You can use the show event command instead.
fpr1010-ftd-lab /firmware # show download-task
Download task:
File Name Protocol Server Port Userid State
--------- -------- --------------- ---------- --------------- -----
cisco-ftd-fp1k.6.5.0-115.SPA
Tftp 192.168.45.10 0 Downloading
fpr1010-ftd-lab /firmware # show event
Creation Time ID Code Description
------------------------ -------- -------- -----------
2020-09-12T03:40:29.904 31239 E4195704 [FSM:STAGE:END]: downloading image ci
sco-ftd-fp1k.6.5.0-115.SPA from 192.168.45.10(FSM-STAGE:sam:dme:FirmwareDownload
erDownload:Local)
2020-09-12T03:40:29.904 31240 E4195705 [FSM:STAGE:ASYNC]: unpacking image ci
sco-ftd-fp1k.6.5.0-115.SPA on primary(FSM-STAGE:sam:dme:FirmwareDownloaderDownload:UnpackLocal)
2020-09-12T03:40:29.903 31238 E4195704 [FSM:STAGE:STALE-SUCCESS]: downloadin
g image cisco-ftd-fp1k.6.5.0-115.SPA from 192.168.45.10(FSM-STAGE:sam:dme:Firmwa
reDownloaderDownload:Local)2020-09-12T03:36:39.473 31157 E4195704 [FSM:STAGE:ASYNC]: downloading image
cisco-ftd-fp1k.6.5.0-115.SPA from 192.168.45.10(FSM-STAGE:sam:dme:FirmwareDownlo
aderDownload:Local)
2020-09-12T03:36:39.472 31149 E4195702 [FSM:STAGE:END]: (FSM-STAGE:sam:dme:F
irmwareDownloaderDownload:begin)
2020-09-12T03:36:39.472 31156 E4195703 [FSM:STAGE:END]: checking pending man
agement network config(FSM-STAGE:sam:dme:FirmwareDownloaderDownload:CheckPending
NetworkConfig)
2020-09-12T03:36:39.471 31148 E4195702 [FSM:BEGIN]: downloading image cisco-
ftd-fp1k.6.5.0-115.SPA from 192.168.45.10(FSM:sam:dme:FirmwareDownloaderDownload)
Use the show package command to verify the new FTD software was completely downloaded.
fpr1010-ftd-lab /firmware # show package
Name Package-Vers
--------------------------------------------- ------------
cisco-ftd-fp1k.6.4.0-102.SPA 6.4.0-102
cisco-ftd-fp1k.6.5.0-115.SPA 6.5.0-115
fxos-k9-fp1k.2.6.1.133a.SPA 2.6.1.133a
Go to the scope auto-install mode.
fpr1010-ftd-lab /firmware # scope auto-install
fpr1010-ftd-lab /firmware/auto-install #
Install the software package using the install security pack version <FTD INSTALL PACKAGE FILE - WITHOUT .SPA> command.
fpr1010-ftd-lab /firmware/auto-install # install security-pack version 6.5.0-115
The system is currently installed with security software package 6.4.0-102, which has:
- The platform version: 2.6.1.133
- The CSP (ftd) version: 6.4.0.102
If you proceed with the upgrade 6.5.0-115, it will do the following:
- upgrade to the new platform version 2.7.1.107 // FXOS (FTD CHASSIS OS) IS BUNDLED IN FTD 1000 SERIES
During the upgrade, the system will be reboot
Do you want to proceed ? (yes/no):yes
This operation upgrades firmware and software on Security Platform Components
Here is the checklist of things that are recommended before starting Auto-Install
(1) Review current critical/major faults
(2) Initiate a configuration backup
Do you want to proceed? (yes/no):yes
Triggered the install of software package version 6.5.0-115
Install started. This will take several minutes.
For monitoring the upgrade progress, please enter 'show' or 'show detail' command.
fpr1010-ftd-lab /firmware/auto-install #
Use the show or show detail commands to view the Upgrade State.
fpr1010-ftd-lab /firmware/auto-install # show
Firmware Auto-Install:
Package-Vers Oper State Upgrade State
------------ ---------------------------- -------------
6.5.0-115 Scheduled Ready
fpr1010-ftd-lab /firmware/auto-install # show detail
Firmware Auto-Install:
Package-Vers: 6.5.0-115
Oper State: Scheduled
Installation Time: 2020-09-12T03:55:36.010
Upgrade State: Ready
Upgrade Status:
Validation Software Pack Status:
Firmware Upgrade Status:
Current Task:
fpr1010-ftd-lab /firmware/auto-install # show detail
Firmware Auto-Install:
Package-Vers: 6.5.0-115
Oper State: Scheduled
Installation Time: 2020-09-12T03:55:36.010
Upgrade State: Validating Images
Upgrade Status: validating the software package
Validation Software Pack Status:
Firmware Upgrade Status:
Current Task: Validating the application pack(FSM-STAGE:sam:dme:FirmwareSyst
emDeploy:ValidateApplicationPack)
Broadcast message from root@fpr1010-ftd-lab (Sat Sep 12 03:57:47 2020):
The FTD device will auto reboot a few times.
The system is going down for reboot NOW!
: Stopping all devices.
device busy
Stopping OpenBSD Secure Shell server: sshd
stopped /usr/sbin/sshd (pid 9958)
done.
Stopping Advanced Configuration and Power Interface daemon: stopped /usr/sbin/acpid (pid 1883)
acpid.
Stopping system message bus: dbus.
stopping mountd: done
stopping nfsd: done
Stopping ntpd: stopped process in pidfile '/var/run/ntp.pid' (pid 10220)
done
Stopping internet superserver: xinetd.
stopping statd: done
no /etc/sysconfig/kdump.conf
Stopping rpcbind daemon...
not running.
Stopping fan control daemon: fancontrol... no process in pidfile '/var/run/fancontrol.pid' found; none killed
done.
Stopping sensors logging daemon: sensord... stopped /usr/sbin/sensord (pid 3721)
done.
Deconfiguring network interfaces... done.
ip6tables: Setting chains to policy ACCEPT: mangle filter [ OK ]
ip6tables: Flushing firewall rules: [ OK ]
ip6tables: Unloading modules: [ OK ]
iptables: Setting chains to policy ACCEPT: mangle filter [ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
SSP-Security-Module is shutting down ...
Sat Sep 12 03:57:51 UTC 2020 SHUTDOWN WARNING: Beginning System Shutdown request for CSP Apps
Sat Sep 12 03:57:51 UTC 2020 SHUTDOWN WARNING: Continue System Shutdown request for CSP Apps
/bin/ls: cannot access /opt/cisco/config/heimdall/etc: No such file or directory
/bin/ls: cannot access /opt/cisco/csp/applications/configs: No such file or directory
ls: cannot access /opt/cisco/config/heimdall/etc: No such file or directory
Sat Sep 12 03:57:51 UTC 2020 SHUTDOWN WARNING: Nothing to do for Apps-Services-Down
Sending ALL processes the TERM signal ...
Note: SIGKILL_ALL will be triggered after after 0 + 2 secs ...
ipsec_starter[9930]: charon stopped after 200 ms
ipsec_starter[9930]: ipsec starter stopped
Sending ALL processes the KILL signal ...
Deactivating swap...
Unmounting local filesystems...
Rebooting...
*******************************************************************************
Cisco System ROMMON, Version 1.0.05, RELEASE SOFTWARE
Copyright (c) 1994-2019 by Cisco Systems, Inc.
Compiled Wed 04/03/2019 18:07:24.29 by builder
*******************************************************************************
Current image running: Boot ROM0
Last reset cause: ResetRequest (0x00001000)
DIMM0 : Present
Platform FPR-1010 with 8192 MBytes of main memory
INFO: Firmware upgrade state: ROMMON_UPG_START (1)
INFO: Reset code: 0x00001000
Firmware upgrade request encountered.
Scan for firmware elements that need to be updated...
Looking for file 'disk0:installables/switch/fxos-k8-fp1k-firmware.1008.0203.SPA'
File size is 0x010d0510
Located installables/switch/fxos-k8-fp1k-firmware.1008.0203.SPA
Image size 17630480 inode num 114029, bks cnt 4305 blk size 8*512
#########################################################
Image base 0x75914018, size 17630480
+-------------------------------------------------------------------+
+------------------------- SUCCESS ---------------------------------+
+-------------------------------------------------------------------+
| |
| LFBFF signature authentication passed !!! |
| |
+-------------------------------------------------------------------+
LFBFF signature verified.
+-------------------------------------------------------------------+
+------------------------- SUCCESS ---------------------------------+
+-------------------------------------------------------------------+
| |
| LFBFF controller type check passed !!! |
| |
+-------------------------------------------------------------------+
Objtype: lfbff_object_rommon (0x1000000 bytes @ 0x759144a8)
Objtype: lfbff_object_fpga (0xd0050 bytes @ 0x769144d8)
FPGA: FPGA version currently active: 2.3.0
FPGA: FPGA version in upgrade image: 2.3.0
*** PLEASE DO NOT POWERCYCLE THIS UNIT DURING THE FPGA FLASH ***
*** UPGRADE UNTIL THE FOLLOWING QUOTED MESSAGE IS DISPLAYED ***
*** "Toggling power on system board..." or ***
*** "FPGA: The FPGA upgrade succeeded. " ***
Upgrading the FPGA (Upgrade) image...
Upgrade Image: YES, Golden Image: YES.
Erase Header Sector:
Erasing --- done.
Erasing Upgrade SPI PROM ------------- done.
Programming Upgrade SPI PROM ++++++++++++ done.
Verifying Upgrade SPI PROM ............ done.
Write the new header structure to activate the upgrade image:
Revision ID : 0x00020300
Image Date : 0x19032923
Flags : 0x5b0f01a0
Validation ID : 0x7e4f5d06
Writing +++ done.
Verify the new header structure:
Verifying ... done.
MEAS: FPGA Upgrade Status: Pass! (0)
+-----------------------------------------------------------------+
| |
+ FPGA FIRMWARE UPGRADE SUCCESS +
| |
+-----------------------------------------------------------------+
FPGA: The FPGA upgrade succeeded.
INFO: ROMMON version currently active: 1.0.05
INFO: ROMMON version in upgrade image: 1.0.08
[SPS] Sending HMRFPO_ENABLE to ME
SpsUpgradeHmrfpoEnable succeeded
Active ROMMON: Preferred 0, selected 0, booted 0
Enable access to the upgrade Flash chip (1) to write the ROMMON upgrade image to the upgrade Flash chip.
No need for ROMMON ME upgrade !!
Writing the ROMMON upgrade image to flash now.
Please DO NOT reboot or power-cycle the unit during this ROMMON upgrade period.
Erasing ROMMON ---------------------------------------------------------------- done.
Upgrading ROMMON ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ done.
Verifying ROMMON ................................................................ done.
Programming new ROMMON: Succeed !
Copy the current configuration data to the upgrade Flash chip.
Rebooting to allow this active ROMMON to test launch the new image...
Toggling power on system board...
*******************************************************************************
Cisco System ROMMON, Version 1.0.05, RELEASE SOFTWARE
Copyright (c) 1994-2019 by Cisco Systems, Inc.
Compiled Wed 04/03/2019 18:07:24.29 by builder
*******************************************************************************
Current image running: Boot ROM0
Last reset cause: RP-Reset (0x00000008)
DIMM0 : Present
Platform FPR-1010 with 8192 MBytes of main memory
INFO: Firmware upgrade state: ROMMON_UPG_START (1)
INFO: Reset code: 0x00000008
Active ROMMON: Preferred 0, selected 0, booted 0
Preparing to launch the new ROMMON upgrade image.
The new ROMMON upgrade image has been detected.
This will be launch attempt (1 of 4) to start the upgraded ROMMON image.
Rebooting system to start the upgraded ROMMON image...
*******************************************************************************
Cisco System ROMMON, Version 1.0.08, RELEASE SOFTWARE
Copyright (c) 1994-2019 by Cisco Systems, Inc.
Compiled Mon 06/17/2019 15:54:21.43 by builder
*******************************************************************************
Current image running: *Upgrade in progress* Boot ROM1
Last reset cause: BootRomUpgrade (0x00000010)
DIMM0 : Present
Platform FPR-1010 with 8192 MBytes of main memory
INFO: Firmware upgrade state: ROMMON_UPG_START (1)
INFO: Reset code: 0x00000010
The upgraded ROMMON image has successfully started.
The boot watchdog timer is being stopped.
Active ROMMON: Preferred 0, selected 0, booted 1
INFO: Set the ROMMON upgrade state: ROMMON_UPG_TEST
+-----------------------------------------------------------------+
+--------------- ROMMON FIRMWARE UPGRADE SUCCESS ---------------+
+-----------------------------------------------------------------+
| |
| Start the security application to complete the ROMMON upgrade. |
| |
| Rebooting this unit without starting the security application |
| will cause the ROMMON to default back to the previously running |
| ROMMON version. |
| |
+-----------------------------------------------------------------+
BIOS has been successfully locked !!
MAC Address: 5c:5a:c7:b8:12:34
Use BREAK or ESC to interrupt boot.
Use SPACE to begin boot immediately.
Boot in 8 seconds.
Located .boot_string
Image size 59 inode num 16, bks cnt 1 blk size 8*512
Attempt autoboot: "boot disk0:installables/switch/fxos-k8-fp1k-lfbff.2.7.1.107.SPA"
Located installables/switch/fxos-k8-fp1k-lfbff.2.7.1.107.SPA
Image size 176580624 inode num 114030, bks cnt 43111 blk size 8*512
####################################################################
<OUTPUT TRUNCATED>
####################################################################
+-------------------------------------------------------------------+
+------------------------- SUCCESS ---------------------------------+
+-------------------------------------------------------------------+
| |
| LFBFF signature authentication passed !!! |
| |
+-------------------------------------------------------------------+
LFBFF signature verified.
+-------------------------------------------------------------------+
+------------------------- SUCCESS ---------------------------------+
+-------------------------------------------------------------------+
| |
| LFBFF controller type check passed !!! |
| |
+-------------------------------------------------------------------+
Linux version: 4.1.21-WR8.0.0.25_standard (builders@sjc-releng14) #1 SMP Sat Sep 21 10:25:19 PDT 2019
kernel_image = 0x73bf3c58, kernel_size=0x50abd0
Image validated
INIT: version 2.88 booting
Starting udev
Configuring network interfaces... done.
Populating dev cache
Primary SSD discovered
fsck from util-linux 2.26.2
[/sbin/fsck.ext3 (1) -- /dev/sda1] fsck.ext3 -a /dev/sda1
/dev/sda1: clean, 8841/488640 files, 667812/1953024 blocks
fsck(/dev/sda1) returned 0
fsck from util-linux 2.26.2
[/sbin/fsck.ext3 (1) -- /dev/sda2] fsck.ext3 -a /dev/sda2
/dev/sda2: clean, 12/61056 files, 8242/244224 blocks
fsck(/dev/sda2) returned 0
fsck from util-linux 2.26.2
[/sbin/fsck.ext3 (1) -- /dev/sda3] fsck.ext3 -a /dev/sda3
/dev/sda3: clean, 13/61056 files, 8243/244224 blocks
fsck(/dev/sda3) returned 0
fsck from util-linux 2.26.2
[/sbin/fsck.ext3 (1) -- /dev/sda4] fsck.ext3 -a /dev/sda4
/dev/sda4: clean, 12/1831424 files, 158992/7324160 blocks
fsck(/dev/sda4) returned 0
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
FIPS POST Test Script
NOTICE: The FIPS POST is not run because the FIPS feature is not enabled
Running postinst /etc/rpm-postinsts/100-dnsmasq...
Running postinst /etc/rpm-postinsts/101-dnsmasq...
INIT: Entering runlevel: 3
Starting system message bus: dbus.
Stopping all devices.
Starting all devices.
Processing /etc/c3xxx_dev0.conf
Checking status of all devices.
There is 1 QAT acceleration device(s) in the system:
qat_dev0 - type: c3xxx, inst_id: 0, node_id: 0, bsf: 01:00.0, #accel: 3 #engines: 6 state: up
ip6tables: Applying firewall rules: [ OK ]
iptables: Applying firewall rules: [ OK ]
Starting OpenBSD Secure Shell server: sshd
generating ssh ed25519 key...
done.
Starting rpcbind daemon...done.
starting statd: done
Starting Advanced Configuration and Power Interface daemon: acpid.
acpid: starting up with netlink and the input layer
acpid: 1 rule loaded
acpid: waiting for events: event logging is off
starting 8 nfsd kernel threads: done
starting mountd: done
Starting ntpd: done
Starting random number generator daemonUnable to open file: /dev/tpm0
.
Starting internet superserver: xinetd.
No makedumpfile found.
Starting fan control daemon: fancontrol... done.
INFO: in validating image ...
INFO: manager_validate_image: fxmgr_absfilename /mnt/boot/installables/switch/fxos-k9-manager.2.7.1.107.SPA
INFO: Validating image /mnt/boot/installables/switch/fxos-k9-manager.2.7.1.107.SPA signature ...
: File /mnt/boot/installables/switch/fxos-k9-manager.2.7.1.107.SPA size 26368896
Done!
Computed Hash SHA2: 1434b368fd187e7dd366e44b8e9d382c
7ef4d0e803ca4c6eadd510f4ee7213f7
de1b8ffa2bba0722ccb1e5dca1665803
2902019adf38b942babec942329cfd54
Embedded Hash SHA2: 1434b368fd187e7dd366e44b8e9d382c
7ef4d0e803ca4c6eadd510f4ee7213f7
de1b8ffa2bba0722ccb1e5dca1665803
2902019adf38b942babec942329cfd54
The digital signature of the file: fxos-k9-manager.2.7.1.107.SPA verified successfully
INFO: beginning of manager_install
INFO: manager_install: fxmgr=/mnt/boot/installables/switch/fxos-k9-manager.2.7.1.107.SPA chmgr= update=false
INFO: Creating directory /tmp/fxmgr
INFO: /bin/tar -xvzf /tmp/fxmgr/fxos-kp-manager.2.7.1.107.tgz ...
INFO: manager_install: shutting down the old version ...
INFO: Terminating DME and all AGs ...
INFO: --
INFO: manager_install: Unlinking a old libraries ...
INFO: manager_install: Deleting the old manager image ...
INFO: manager_install: Installing the new image ...
INFO: deleting unnecessary xml file..!!
INFO: deleted unnecessary xml file..!!
INFO: manager_post_install ...
INFO: manager_post_install: fxmgr=/mnt/boot/installables/switch/fxos-k9-manager.2.7.1.107.SPA chmgr= update=false
INFO: manager_post_install: Linking libraries ...
INFO: manager_post_install: Linking binaries ...
Completed system initial setup.
INFO: Trying to add iptables and ip6tables rules ...
INFO: Set up Application Diagnostic Interface ...
INFO: Configure management interface ...
Firepower 1xxx platform..
RTNETLINK answers: File exists
RTNETLINK answers: File exists
Assigning ip to eth0 in FPR-1xxx platform
INFO: Configure rmu interface ...
Bring up rmu and swp1-swp10 switch interfaces
create and bringup lldp sub-interface on lldp-swp7, lldp-swp8
create and bringup lacp and mgmt sub-interface on (lacp-swp1 to lacp-swp8), (mgmt-swp1 to mgmt-swp8)
Stopping rpcbind daemon...
done.
stopping mountd: done
stopping nfsd: .done
INFO: Configure system files ...
INFO: System Name is: firepower-1010
Starting sensors logging daemon: sensord... done.
INFO: console : ttyS0, speed : 9600
INFO: manager_startup: setting up fxmgr apache ...
INFO: manager_startup: Start manager httpd setup...
INFO: manager_startup: /opt/cisco/config/certstore/default.key not found on platform, re-generating files
INFO: manager_startup: reset httpd app config to default
httpdRegister INFO: [httpd.3761 -4 192.168.45.45 -n localhost]
httpdRegister INFO: Starting httpd setup/registration...
httpdRegister INFO: Completed httpd setup/registration!
INFO: httpdRegister [httpd.3761 script exit]
INFO: manager_startup: Completed manager httpd setup!
Starting crond: OK
INFO: System Disk /dev/sda present. Status: Operable.
firepower-1010 login:
Waiting for Application infrastructure to be ready...
Verifying the signature of the Application image...
Creating FXOS swap file ...
Sep 12 04:03:07 firepower-1010 FPRM: <<%FPRM-2-DEFAULT_INFRA_VERSION_MISSING>> [F1309][critical][default-infra-version-missing][org-root/fw-infra-pack-default] Bundle version in firmware package is empty, need to re-install
Sep 12 04:03:10 firepower-1010 port-manager: Alert: Internal1/2 link changed to UP
Sep 12 04:03:10 firepower-1010 port-manager: Alert: Internal1/1 link changed to UP
Sep 12 04:04:36 firepower-1010 FPRM: <<%FPRM-2-DEFAULT_INFRA_VERSION_MISSING>> [F1309][cleared][default-infra-version-missing][org-root/fw-infra-pack-default] Bundle version in firmware package is empty, need to re-install
Threat Defense System: CMD=-install, CSP-ID=cisco-ftd.6.5.0.115__ftd_001_JMX2324G1THX8U79N1, FLAG=''
System begins installation ...
Cisco FTD installation finished successfully.
Verifying signature for cisco-ftd.6.5.0.115 ...
Verifying signature for cisco-ftd.6.5.0.115 ... success
Threat Defense System: CMD=-start, CSP-ID=cisco-ftd.6.5.0.115__ftd_001_JMX2324G1THX8U79N1, FLAG=''
System starting ...
Registering to process manager ...
Cisco FTD started successfully.
Cisco FTD initializing ...
Verify FSIC, File System Integrity Check
Configuring model to 78A...
Obtained uid 501 and gid 501 for external user
verify_fsic(start)
Do not run FSIC twice for SSP systems...
Initializing Threat Defense ... [ OK ]
Starting system log daemon... [ OK ]
Disk free check passed, creating swap...
Building swapfile /ngfw/Volume/.swaptwo of size 5508236kb
5508236+0 records in
5508236+0 records out
5640433664 bytes (5.6 GB) copied, 19.5463 s, 289 MB/s
Setting up swapspace version 1, size = 5.3 GiB (5640429568 bytes)
no label, UUID=463656fe-531a-4645-a782-7a12997f5681
Adding swapfile /ngfw/Volume/.swaptwo
Flushing all current IPv4 rules and user defined chains: ...success
Clearing all current IPv4 rules and user defined chains: ...success
Applying iptables firewall rules:
Flushing chain `PREROUTING'
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Flushing chain `POSTROUTING'
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Applying rules successed
Flushing all current IPv6 rules and user defined chains: ...success
Clearing all current IPv6 rules and user defined chains: ...success
Applying ip6tables firewall rules:
Flushing chain `PREROUTING'
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Flushing chain `POSTROUTING'
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Applying rules successed
Starting nscd... [ OK ]
Starting , please wait......complete.
cleaning up *.TMM and *.TMD files
Firstboot detected, executing scripts
Executing S01virtual-machine-reconfigure [ OK ]
Executing S01z_copy_startup-config [ OK ]
Executing S02aws-pull-cfg [ OK ]
Executing S02configure_onbox [ OK ]
Executing S03generate_db_access.sh [ OK ]
Executing S04fix-httpd.sh [ OK ]
Executing S05set-default-ipv4.pl [ OK ]
Executing S06addusers [ OK ]
Executing S07uuid-init [ OK ]
Executing S08configure_mysql [ OK ]
************ Attention *********
Initializing the configuration database. Depending on available
system resources (CPU, memory, and disk), this may take 30 minutes
or more to complete.
************ Attention *********
Executing S09database-init [ OK ]
Executing S11database-populate [ OK ]
Executing S12install_infodb [ OK ]
Executing S15set-locale.sh [ OK ]
Executing S16update-sensor.pl [ OK ]
Executing S19cert-tun-init [ OK ]
Executing S20cert-init [ OK ]
Executing S21disable_estreamer [ OK ]
Executing S25create_default_des.pl [ OK ]
Executing S30init_lights_out_mgmt.pl [ OK ]
Executing S33azure-waagent [ OK ]
Executing S40install_default_filters.pl [ OK ]
Executing S41install_default_app_filters.pl [ OK ]
Executing S43install_default_report_templates.pl [ OK ]
Executing S44install_analysis_objects.pl [ OK ]
Executing S45install_default_realms.pl [ OK ]
Executing S47install_default_sandbox_EO.pl [ OK ]
Executing S50install-remediation-modules [ OK ]
Executing S51install_health_policy.pl [ OK ]
Executing S52install_system_policy.pl [ OK ]
Executing S53change_reconciliation_baseline.pl [ OK ]
Executing S70remove_casuser.pl [ OK ]
Executing S70update_sensor_objects.sh [ OK ]
Executing S85patch_history-init [ OK ]
Executing S96grow_var.sh [ OK ]
Executing S96install_vmware_tools.pl [ OK ]
********** Attention **********
Initializing the system's localization settings. Depending on available
system resources (CPU, memory, and disk), this may take 10 minutes
or more to complete.
********** Attention **********
Executing S96localize-templates [ OK ]
Executing S96ovf-data.pl [ OK ]
Executing S97compress-client-resources [ OK ]
Executing S97create_platinum_forms.pl [ OK ]
Executing S97install_cas [ OK ]
Executing S97install_cloud_support.pl [ OK ]
Executing S97install_geolocation.pl [ OK ]
Executing S97install_ssl_inspection.pl [ OK ]
Executing S97update_modprobe.pl [ OK ]
Executing S98check-db-integrity.sh [ OK ]
Executing S98htaccess-init [ OK ]
Executing S99configure_mysql [ OK ]
Executing S99correct_ipmi.pl [ OK ]
Executing S99ngfw_onbox [ OK ]
Executing S99ssl_hw_mode.sh [ OK ]
Executing S99start-system [ OK ]
Executing S99z_db_restore [ OK ]
Firstboot scripts finished.
Configuring NTP... [ OK ]
Stopping all devices.
Starting all devices.
Processing /etc/c3xxx_dev0.conf
Checking status of all devices.
There is 1 QAT acceleration device(s) in the system:
qat_dev0 - type: c3xxx, inst_id: 0, node_id: 0, bsf: 01:00.0, #accel: 3 #engines: 6 state: up
SIOCSIFADDR: No such device
br0: ERROR while getting interface flags: No such device
SIOCSIFNETMASK: No such device
br0: ERROR while getting interface flags: No such device
Model reconfigure detected, executing scripts
Pinging mysql
Found mysql is running
Executing 45update-sensor.pl [ OK ]
Executing 55recalculate_arc.pl [ OK ]
Sat Sep 12 04:25:02 UTC 2020
Starting MySQL...
Pinging mysql
Pinging mysql, try 1
Found mysql is running
Running initializeObjects...
Stopping MySQL...
Killing mysqld with pid 14515
Wait for mysqld to exit\c
done
Sat Sep 12 04:25:13 UTC 2020
Skipping sfifd for this platform...
Starting Cisco Firepower 1010 Threat Defense, please wait...No PM running!
...started.
Cisco FTD initialization finished successfully.
memif is not enabled.
IO Memory Nodes: 1
IO Memory Per Node: 549453824 bytes num_pages = 134144 page_size = 4096
Global Reserve Memory Per Node: 786432000 bytes Nodes=1
LCMB: got 1073741824 bytes on numa-id=0, phys=0x200000000, virt=0x2b5700000000
LCMB: HEAP-CACHE POOL got 782237696 bytes on numa-id=0, virt=0x2b56c8c00000
total mem 3077049360 system 8394874880 kernel 12334038 image 111086672
new 3077049360 old 660540496 reserve 1855979520 priv new 1233403878 priv old 0
Processor memory: 3077049360
POST started...
POST finished, result is 0 (hint: 1 means it failed)
Compiled on Thu 19-Sep-19 17:23 PDT by builders
SSL Hardware Offload is Enabled
Snort trust pinhole is NOT Enabled
FPR-1010 platform
Total NICs found: 6
x550em_kr rev 0x11 10 Gigabit Ethernet, index 00 MAC: 00a0.c900.0000
en_vtun rev00 Backplane Ext-Mgmt Interface @ index 02 MAC: 5c5a.c7b8.1234
en_vtun rev00 Backplane Tap Interface @ index 03 MAC: 0000.0100.0001
en_vtun rev00 Backplane Control Interface @ index 05 MAC: 0000.0300.0101
WARNING: Attribute already exists in the dictionary.
License mode file was not found. Assuming this is the initial bootup. Setting the license mode to Smart Licensing.
INFO: Unable to read firewall mode from flash
Writing default firewall mode (single) to flash
INFO: Unable to read cluster interface-mode from flash
Writing default mode "None" to flash
*** Intel QAT Crypto on-board accelerator detected
Encryption hardware device : Cisco FP Crypto on-board accelerator (revision 0x11)
Driver version : 4.1.0
Encryption hardware device : Cisco FP Crypto on-board accelerator (revision 0x11)
Driver version : 4.1.0
Encryption hardware device : Cisco FP Crypto on-board accelerator (revision 0x11)
Driver version : 4.1.0
Encryption hardware device : Cisco FP Crypto on-board accelerator (revision 0x11)
Driver version : 4.1.0
Encryption hardware device : Cisco FP Crypto on-board accelerator (revision 0x11)
Driver version : 4.1.0
Encryption hardware device : Cisco FP Crypto on-board accelerator (revision 0x11)
Driver version : 4.1.0
****************************** Warning *******************************
This product contains cryptographic features and is
subject to United States and local country laws
governing, import, export, transfer, and use.
Delivery of Cisco cryptographic products does not
imply third-party authority to import, export,
distribute, or use encryption. Importers, exporters,
distributors and users are responsible for compliance
with U.S. and local country laws. By using this
product you agree to comply with applicable laws and
regulations. If you are unable to comply with U.S.
and local laws, return the enclosed items immediately.
A summary of U.S. laws governing Cisco cryptographic
products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by
sending email to export@cisco.com.
******************************* Warning *******************************
Copyright (c) 1996-2017 by Cisco Systems, Inc.
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Error No such device in set_linux_mac_address: Failed to assign MAC address for br0
Reading from flash...
!
Cryptochecksum (changed): 6929aede 6646bb60 e7c2f077 d48e4bc9
INFO: Power-On Self-Test in process.
.......................................................................
INFO: Power-On Self-Test complete.
INFO: Starting SW-DRBG health test...
INFO: SW-DRBG health test passed.
M_MMAP_THRESHOLD 65536, M_MMAP_MAX 46952
User enable_1 logged in to firepower
Logins over the last 1 days: 1.
Failed logins since the last login: 0.
Type help o '?' for a list of available[X‹Í¹
firepower>
firepower login:
You can ping the Management IP 192.168.45.45 but still can't HTTPS (FDM) during the upgrade process.
The FTD software upgrade completed around 30 mins.
firepower login: admin
Password: <Admin123>
Successful login attempts for user 'admin' : 1
Last failed login: Sat Sep 12 04:27:56 UTC 2020 on ttyS0
There were 2 failed login attempts since the last successful login.
Copyright 2004-2019, Cisco and/or its affiliates. All rights reserved.
Cisco is a registered trademark of Cisco Systems, Inc.
All other trademarks are property of their respective owners.
Cisco Fire Linux OS v6.5.0 (build 4)
Cisco Firepower 1010 Threat Defense v6.5.0 (build 115)
Cisco Firepower Extensible Operating System (FX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (c) 2009-2019, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under
license.
Certain components of this software are licensed under the "GNU General Public
License, version 3" provided with ABSOLUTELY NO WARRANTY under the terms of
"GNU General Public License, Version 3", available here:
http://www.gnu.org/licenses/gpl.html. See User Manual (''Licensing'') for
details.
Certain components of this software are licensed under the "GNU General Public
License, version 2" provided with ABSOLUTELY NO WARRANTY under the terms of
"GNU General Public License, version 2", available here:
http://www.gnu.org/licenses/old-licenses/gpl-2.0.html. See User Manual
(''Licensing'') for details.
Certain components of this software are licensed under the "GNU LESSER GENERAL
PUBLIC LICENSE, version 3" provided with ABSOLUTELY NO WARRANTY under the terms
of "GNU LESSER GENERAL PUBLIC LICENSE" Version 3", available here:
http://www.gnu.org/licenses/lgpl.html. See User Manual (''Licensing'') for
details.
Certain components of this software are licensed under the "GNU Lesser General
Public License, version 2.1" provided with ABSOLUTELY NO WARRANTY under the
terms of "GNU Lesser General Public License, version 2", available here:
http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html. See User Manual
(''Licensing'') for details.
Certain components of this software are licensed under the "GNU Library General
Public License, version 2" provided with ABSOLUTELY NO WARRANTY under the terms
of "GNU Library General Public License, version 2", available here:
http://www.gnu.org/licenses/old-licenses/lgpl-2.0.html. See User Manual
(''Licensing'') for details.
firepower# connect ftd
You must accept the EULA to continue.
Press <ENTER> to display the EULA: <HIT ENTER>
End User License Agreement
Effective: May 22, 2017
This is an agreement between You and Cisco Systems, Inc. or its affiliates
("Cisco") and governs your Use of Cisco Software. "You" and "Your" means the
individual or legal entity licensing the Software under this EULA. "Use" or
"Using" means to download, install, activate, access or otherwise use the
Software. "Software" means the Cisco computer programs and any Upgrades made
available to You by an Approved Source and licensed to You by Cisco.
"Documentation" is the Cisco user or technical manuals, training materials,
specifications or other documentation applicable to the Software and made
available to You by an Approved Source. "Approved Source" means (i) Cisco or
(ii) the Cisco authorized reseller, distributor or systems integrator from whom
you acquired the Software. "Entitlement" means the license detail; including
license metric, duration, and quantity provided in a product ID (PID) published
on Cisco's price list, claim certificate or right to use notification.
"Upgrades" means all updates, upgrades, bug fixes, error corrections,
enhancements and other modifications to the Software and backup copies thereof.
This agreement, any supplemental license terms and any specific product terms
at www.cisco.com/go/softwareterms (collectively, the "EULA") govern Your Use of
the Software.
1. Acceptance of Terms. By Using the Software, You agree to be bound by the
terms of the EULA. If you are entering into this EULA on behalf of an entity,
you represent that you have authority to bind that entity. If you do not have
such authority or you do not agree to the terms of the EULA, neither you nor
the entity may Use the Software and it may be returned to the Approved Source
for a refund within thirty (30) days of the date you acquired the Software or
Cisco product. Your right to return and refund applies only if you are the
original end user licensee of the Software.
2. License. Subject to payment of the applicable fees and compliance with this
EULA, Cisco grants You a limited, non-exclusive and non-transferable license to
Use object code versions of the Software and the Documentation solely for Your
internal operations and in accordance with the Entitlement and the
Documentation. Cisco licenses You the right to Use only the Software You
acquire from an Approved Source. Unless contrary to applicable law, You are not
licensed to Use the Software on secondhand or refurbished Cisco equipment not
authorized by Cisco, or on Cisco equipment not purchased through an Approved
Source. In the event that Cisco requires You to register as an end user, Your
license is valid only if the registration is complete and accurate. The
Software may contain open source software, subject to separate license terms
made available with the Cisco Software or Documentation.
If the Software is licensed for a specified term, Your license is valid solely
for the applicable term in the Entitlement. Your right to Use the Software
begins on the date the Software is made available for download or installation
and continues until the end of the specified term, unless otherwise terminated
in accordance with this Agreement.
3. Evaluation License. If You license the Software or receive Cisco product(s)
for evaluation purposes or other limited, temporary use as authorized by Cisco
("Evaluation Product"), Your Use of the Evaluation Product is only permitted
for the period limited by the license key or otherwise stated by Cisco in
writing. If no evaluation period is identified by the license key or in
writing, then the evaluation license is valid for thirty (30) days from the
date the Software or Cisco product is made available to You. You will be
invoiced for the list price of the Evaluation Product if You fail to return or
stop Using it by the end of the evaluation period. The Evaluation Product is
licensed "AS-IS" without support or warranty of any kind, expressed or implied.
Cisco does not assume any liability arising from any use of the Evaluation
Product. You may not publish any results of benchmark tests run on the
Evaluation Product without first obtaining written approval from Cisco. You
authorize Cisco to use any feedback or ideas You provide Cisco in connection
with Your Use of the Evaluation Product.
4. Ownership. Cisco or its licensors retain ownership of all intellectual
property rights in and to the Software, including copies, improvements,
enhancements, derivative works and modifications thereof. Your rights to Use
the Software are limited to those expressly granted by this EULA. No other
rights with respect to the Software or any related intellectual property rights
are granted or implied.
5. Limitations and Restrictions. You will not and will not allow a third party
to:
a. transfer, sublicense, or assign Your rights under this license to any other
person or entity (except as expressly provided in Section 12 below), unless
expressly authorized by Cisco in writing;
b. modify, adapt or create derivative works of the Software or Documentation;
c. reverse engineer, decompile, decrypt, disassemble or otherwise attempt to
derive the source code for the Software, except as provided in Section 16
below;
d. make the functionality of the Software available to third parties, whether
as an application service provider, or on a rental, service bureau, cloud
service, hosted service, or other similar basis unless expressly authorized by
Cisco in writing;
e. Use Software that is licensed for a specific device, whether physical or
virtual, on another device, unless expressly authorized by Cisco in writing; or
f. remove, modify, or conceal any product identification, copyright,
proprietary, intellectual property notices or other marks on or within the
Software.
6. Third Party Use of Software. You may permit a third party to Use the
Software licensed to You under this EULA if such Use is solely (i) on Your
behalf, (ii) for Your internal operations, and (iii) in compliance with this
EULA. You agree that you are liable for any breach of this EULA by that third
party.
7. Limited Warranty and Disclaimer.
a. Limited Warranty. Cisco warrants that the Software will substantially
conform to the applicable Documentation for the longer of (i) ninety (90) days
following the date the Software is made available to You for your Use or (ii)
as otherwise set forth at www.cisco.com/go/warranty. This warranty does not
apply if the Software, Cisco product or any other equipment upon which the
Software is authorized to be used: (i) has been altered, except by Cisco or its
authorized representative, (ii) has not been installed, operated, repaired, or
maintained in accordance with instructions supplied by Cisco, (iii) has been
subjected to abnormal physical or electrical stress, abnormal environmental
conditions, misuse, negligence, or accident; (iv) is licensed for beta,
evaluation, testing or demonstration purposes or other circumstances for which
the Approved Source does not receive a payment of a purchase price or license
fee; or (v) has not been provided by an Approved Source. Cisco will use
commercially reasonable efforts to deliver to You Software free from any
viruses, programs, or programming devices designed to modify, delete, damage or
disable the Software or Your data.
b. Exclusive Remedy. At Cisco's option and expense, Cisco shall repair,
replace, or cause the refund of the license fees paid for the non-conforming
Software. This remedy is conditioned on You reporting the non-conformance in
writing to Your Approved Source within the warranty period. The Approved Source
may ask You to return the Software, the Cisco product, and/or Documentation as
a condition of this remedy. This Section is Your exclusive remedy under the
warranty.
c. Disclaimer.
Except as expressly set forth above, Cisco and its licensors provide Software
"as is" and expressly disclaim all warranties, conditions or other terms,
whether express, implied or statutory, including without limitation,
warranties, conditions or other terms regarding merchantability, fitness for a
particular purpose, design, condition, capacity, performance, title, and
non-infringement. Cisco does not warrant that the Software will operate
uninterrupted or error-free or that all errors will be corrected. In addition,
Cisco does not warrant that the Software or any equipment, system or network on
which the Software is used will be free of vulnerability to intrusion or
attack.
8. Limitations and Exclusions of Liability. In no event will Cisco or its
licensors be liable for the following, regardless of the theory of liability or
whether arising out of the use or inability to use the Software or otherwise,
even if a party been advised of the possibility of such damages: (a) indirect,
incidental, exemplary, special or consequential damages; (b) loss or corruption
of data or interrupted or loss of business; or (c) loss of revenue, profits,
goodwill or anticipated sales or savings. All liability of Cisco, its
affiliates, officers, directors, employees, agents, suppliers and licensors
collectively, to You, whether based in warranty, contract, tort (including
negligence), or otherwise, shall not exceed the license fees paid by You to any
Approved Source for the Software that gave rise to the claim. This limitation
of liability for Software is cumulative and not per incident. Nothing in this
Agreement limits or excludes any liability that cannot be limited or excluded
under applicable law.
9. Upgrades and Additional Copies of Software. Notwithstanding any other
provision of this EULA, You are not permitted to Use Upgrades unless You, at
the time of acquiring such Upgrade:
a. already hold a valid license to the original version of the Software, are in
compliance with such license, and have paid the applicable fee for the Upgrade;
and
b. limit Your Use of Upgrades or copies to Use on devices You own or lease; and
c. unless otherwise provided in the Documentation, make and Use additional
copies solely for backup purposes, where backup is limited to archiving for
restoration purposes.
10. Audit. During the license term for the Software and for a period of three
(3) years after its expiration or termination, You will take reasonable steps
to maintain complete and accurate records of Your use of the Software
sufficient to verify compliance with this EULA. No more than once per twelve
(12) month period, You will allow Cisco and its auditors the right to examine
such records and any applicable books, systems (including Cisco product(s) or
other equipment), and accounts, upon reasonable advanced notice, during Your
normal business hours. If the audit discloses underpayment of license fees, You
will pay such license fees plus the reasonable cost of the audit within thirty
(30) days of receipt of written notice.
11. Term and Termination. This EULA shall remain effective until terminated or
until the expiration of the applicable license or subscription term. You may
terminate the EULA at any time by ceasing use of or destroying all copies of
Software. This EULA will immediately terminate if You breach its terms, or if
You fail to pay any portion of the applicable license fees and You fail to cure
that payment breach within thirty (30) days of notice. Upon termination of this
EULA, You shall destroy all copies of Software in Your possession or control.
12. Transferability. You may only transfer or assign these license rights to
another person or entity in compliance with the current Cisco
Relicensing/Transfer Policy (www.cisco.com/c/en/us/products/
cisco_software_transfer_relicensing_policy.html). Any attempted transfer or,
assignment not in compliance with the foregoing shall be void and of no effect.
13. US Government End Users. The Software and Documentation are "commercial
items," as defined at Federal Acquisition Regulation ("FAR") (48 C.F.R.) 2.101,
consisting of "commercial computer software" and "commercial computer software
documentation" as such terms are used in FAR 12.212. Consistent with FAR 12.211
(Technical Data) and FAR 12.212 (Computer Software) and Defense Federal
Acquisition Regulation Supplement ("DFAR") 227.7202-1 through 227.7202-4, and
notwithstanding any other FAR or other contractual clause to the contrary in
any agreement into which this EULA may be incorporated, Government end users
will acquire the Software and Documentation with only those rights set forth in
this EULA. Any license provisions that are inconsistent with federal
procurement regulations are not enforceable against the U.S. Government.
14. Export. Cisco Software, products, technology and services are subject to
local and extraterritorial export control laws and regulations. You and Cisco
each will comply with such laws and regulations governing use, export,
re-export, and transfer of Software, products and technology and will obtain
all required local and extraterritorial authorizations, permits or licenses.
Specific export information may be found at: tools.cisco.com/legal/export/pepd/
Search.do
15. Survival. Sections 4, 5, the warranty limitation in 7(a), 7(b) 7(c), 8, 10,
11, 13, 14, 15, 17 and 18 shall survive termination or expiration of this EULA.
16. Interoperability. To the extent required by applicable law, Cisco shall
provide You with the interface information needed to achieve interoperability
between the Software and another independently created program. Cisco will
provide this interface information at Your written request after you pay
Cisco's licensing fees (if any). You will keep this information in strict
confidence and strictly follow any applicable terms and conditions upon which
Cisco makes such information available.
17. Governing Law, Jurisdiction and Venue.
If You acquired the Software in a country or territory listed below, as
determined by reference to the address on the purchase order the Approved
Source accepted or, in the case of an Evaluation Product, the address where
Product is shipped, this table identifies the law that governs the EULA
(notwithstanding any conflict of laws provision) and the specific courts that
have exclusive jurisdiction over any claim arising under this EULA.
Country or Territory | Governing Law | Jurisdiction and Venue
=========================|=========================|===========================
United States, Latin | State of California, | Federal District Court,
America or the | United States of | Northern District of
Caribbean | America | California or Superior
| | Court of Santa Clara
| | County, California
-------------------------|-------------------------|---------------------------
Canada | Province of Ontario, | Courts of the Province of
| Canada | Ontario, Canada
-------------------------|-------------------------|---------------------------
Europe (excluding | Laws of England | English Courts
Italy), Middle East, | |
Africa, Asia or Oceania | |
(excluding Australia) | |
-------------------------|-------------------------|---------------------------
Japan | Laws of Japan | Tokyo District Court of
| | Japan
-------------------------|-------------------------|---------------------------
Australia | Laws of the State of | State and Federal Courts
| New South Wales | of New South Wales
-------------------------|-------------------------|---------------------------
Italy | Laws of Italy | Court of Milan
-------------------------|-------------------------|---------------------------
China | Laws of the People's | Hong Kong International
| Republic of China | Arbitration Center
-------------------------|-------------------------|---------------------------
All other countries or | State of California | State and Federal Courts
territories | | of California
-------------------------------------------------------------------------------
The parties specifically disclaim the application of the UN Convention on
Contracts for the International Sale of Goods. In addition, no person who is
not a party to the EULA shall be entitled to enforce or take the benefit of any
of its terms under the Contracts (Rights of Third Parties) Act 1999. Regardless
of the above governing law, either party may seek interim injunctive relief in
any court of appropriate jurisdiction with respect to any alleged breach of
such party's intellectual property or proprietary rights.
18. Integration. If any portion of this EULA is found to be void or
unenforceable, the remaining provisions of the EULA shall remain in full force
and effect. Except as expressly stated or as expressly amended in a signed
agreement, the EULA constitutes the entire agreement between the parties with
respect to the license of the Software and supersedes any conflicting or
additional terms contained in any purchase order or elsewhere, all of which
terms are excluded. The parties agree that the English version of the EULA will
govern in the event of a conflict between it and any version translated into
another language.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco
and/or its affiliates in the U.S. and other countries. To view a list of Cisco
trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks
mentioned are the property of their respective owners. The use of the word
partner does not imply a partnership relationship between Cisco and any other
company. (1110R)
Please enter 'YES' or press <ENTER> to AGREE to the EULA: yes
System initialization in progress. Please stand by.
You must configure the network to continue.
You must configure at least one of IPv4 or IPv6.
Do you want to configure IPv4? (y/n) [y]:
Login to FDM using the default username and password: admin / Admin123
I used the initial configuration wizard via CLI in my previous post, so I'll use the easy setup wizard via FDM this time.
In FTD 6.5, the Management IP is still 192.168.45.45, Ethernet1/1 is outside and Ethernet1/2-8 are Layer 2 switch ports in VLAN 1.
Under Outside Interface Address > Configure IPv4 > Using DHCP > leave IPv6: Off.
Under Management Interface > leave the default for Primary and Secondary DNS IP address (Cisco OpenDNS/Umbrella) > type the Firewall Hostname: fpr1010-ftd-lab > click Next.
Select a Time Zone: UTC+08:00 Asia/Singapore > leave the default NTP Time Server (Cisco Sourcefire public NTP servers) > click Next.
Select Continue with evaluation period: Start 90-day evaluation period without registration > click Finish.
This would allow me to test all FTD Threat, Malware and URL License features.
Click
1 - Configure Interfaces.
Under Ethernet1/1 (outside) > click Edit (blue pencil icon on the right-most column).
You can edit the Interface Name (outside by default) > toggle Status to disable/shutdown > select Type: Static or DHCP > leave the Obtain Default Route using DHCP enabled (similar to ASA ip address dhcp setroute).
Edit Management1/1 > type IPv4 address and Subnet Mask: 192.168.1.45/24 > click OK (at the bottom).
I connected my laptop (used static IP 192.168.1.10/24) on FTD Ethernet1/3 and Management to Ethernet 1/2.
I connect to FDM using 192.168.1.1 which is the FTD default gateway for VLAN 1.
C:\Windows\System32>ipconfig
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
IPv4 Address. . . . . . . . . . . : 192.168.1.10
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
C:\Windows\System32>ping 192.168.1.1
Pinging 192.168.1.1 with 32 bytes of data:
Reply from 192.168.1.1: bytes=32 time<1ms TTL=255
Reply from 192.168.1.1: bytes=32 time=1ms TTL=255
Reply from 192.168.1.1: bytes=32 time=1ms TTL=255
Reply from 192.168.1.1: bytes=32 time=1ms TTL=255
Ping statistics for 192.168.1.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 1ms, Average = 0ms
C:\Windows\System32>ping 8.8.8.8
Pinging 8.8.8.8 with 32 bytes of data:
Reply from 8.8.8.8: bytes=32 time=3ms TTL=117
Reply from 8.8.8.8: bytes=32 time=4ms TTL=117
Reply from 8.8.8.8: bytes=32 time=3ms TTL=117
Reply from 8.8.8.8: bytes=32 time=5ms TTL=117
Ping statistics for 8.8.8.8:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 3ms, Maximum = 5ms, Average = 3ms
Notice the FTD ISP/WAN/Gateway connectivity went green and has connectivity to DNS Server (Cisco OpenDNS/Umbrella) and NTP Server (Cisco Sourcefire NTP).
The Smart License became yellow since it's using the 90-day evaluation license.
