It's almost Chinese New Year 2021 (also known as Spring Festival or Lunar New Year) and I was craving for some Chinese food. So I went to Hawker Chan in Chinatown Singapore to try out the world's cheapest Michelin-starred meal, which is their famous Soya Sauce Chicken rice. I also ordered a two combination platter that includes Char Siew and Roasted Pork. The meal isn't complete without the chili sauce.
I visited the Buddha Tooth Relic Temple, which is just a few blocks away. It's a Buddhist temple and got its name from a relic which claimed to be the left canine tooth of Buddha. The entrance is free and there's a museum in the upper floor (Buddha's tooth chamber is in the fourth floor). Taking photos and video inside the temple premise isn't allowed.
You can reimage an FTD appliance from ASA software back to FTD OS. Below are the steps for the FTD ASA to FTD conversion. I'm running a TFTP server in my laptop with static IP address 192.168.1.10/24.
Transfer the FTD image (version 6.5) to the flash (disk0:) memory.
ciscoasa# dir
Directory of disk0:/
203 drwx 72 08:14:14 Sep 27 2020 log
268435725 drwx 4096 08:28:18 Sep 27 2020 .private
217 -rw- 35741420 20:15:16 Apr 01 2020 asdm.bin
805306554 -rw- 0 08:13:19 Sep 27 2020 coredumpfsysimage.bin
2 drwx 4096 02:38:46 Sep 07 2020 coredumpfsys
538294939 drwx 21 08:14:15 Sep 27 2020 smart-log
805309474 drw- 25 08:14:32 Sep 27 2020 coredumpinfo
2 drwx 4096 02:38:46 Sep 07 2020 cores
538294937 drwx 6 08:13:18 Sep 27 2020 fxos
268435721 -rw- 1462 08:13:18 Sep 27 2020 cspCfg.xml
3 file(s) total size: 35742882 bytes
16106127360 bytes total (15797760000 bytes free/98% free)
ciscoasa# ping 192.168.1.10 // ENSURE TFTP/FTP SERVER IS REACHABLE
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/10 ms
ciscoasa# copy tftp://192.168.1.10/cisco-ftd-fp1k.6.5.0-115.SPA disk0:
Address or name of remote host [192.168.1.10]?
Source filename [cisco-ftd-fp1k.6.5.0-115.SPA]?
Destination filename [cisco-ftd-fp1k.6.5.0-115.SPA]?
Accessing tftp://192.168.1.10/cisco-ftd-fp1k.6.5.0-115.SPA...!!!!!!!!!!!!!!!!!!!!!!!!!!!
<OUTPUT TRUNCATED>
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Verifying file disk0:/cisco-ftd-fp1k.6.5.0-115.SPA...
Writing file disk0:/cisco-ftd-fp1k.6.5.0-115.SPA...
1055923072 bytes copied in 607.740 secs (1739576 bytes/sec)
ciscoasa# dir
Directory of disk0:/
203 drwx 72 08:14:14 Sep 27 2020 log
268435725 drwx 4096 08:28:18 Sep 27 2020 .private
217 -rw- 35741420 20:15:16 Apr 01 2020 asdm.bin
805306554 -rw- 0 08:13:19 Sep 27 2020 coredumpfsysimage.bin
2 drwx 4096 02:38:46 Sep 07 2020 coredumpfsys
538294939 drwx 21 08:14:15 Sep 27 2020 smart-log
805309474 drw- 25 08:14:32 Sep 27 2020 coredumpinfo
2 drwx 4096 02:38:46 Sep 07 2020 cores
538294937 drwx 6 08:13:18 Sep 27 2020 fxos
268435721 -rw- 1462 08:13:18 Sep 27 2020 cspCfg.xml
805309488 -rwx 1055923072 00:24:18 Oct 03 2020 cisco-ftd-fp1k.6.5.0-115.SPA
4 file(s) total size: 1091665954 bytes
16106127360 bytes total (14741835776 bytes free/91% free)
Configure the ASA to boot the downloaded FTD image.
ciscoasa# configure terminal
ciscoasa(config)#
***************************** NOTICE *****************************
Help to improve the ASA platform by enabling anonymous reporting,
which allows Cisco to securely receive minimal error and health
information from the device. To learn more about this feature,
please visit: http://www.cisco.com/go/smartcall
Would you like to enable anonymous error reporting to help improve
the product? [Y]es, [N]o, [A]sk later:
ciscoasa(config)# boot system disk0:/cisco-ftd-fp1k.6.5.0-115.SPA // AUTO INSTALL FTD OS AFTER PRESSING ENTER
The system is currently installed with security software package 9.14.1, which has:
- The platform version: 2.8.1.105
- The CSP (asa) version: 9.14.1
Preparing new image for install...
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Image download complete (Successful unpack the image).
Attention:
If you proceed, the system will be re-imaged and then reboot automatically.
All existing configuration will be lost and the default configuration will be applied.
Installation of version 6.5.0-115 will do the following:
- upgrade to the new platform version 2.7.1.107
- upgrade to the CSP FTD version 6.5.0-115
Do you want to proceed? [confirm] <ENTER>
Finalizing image install process...
Install_status: ready....
Install_status: validating-images............................................
Install_status: upgrading-system..(®+‘…ÍÑmessage from root@firepower-1010 (Sat Oct 3 01:02:28 Stopping all devices.
device busy
Stopping OpenBSD Secure Shell server: sshd
stopped /usr/sbin/sshd (pid 11545)
done.
Stopping Advanced Configuration and Power Interface daemon: stopped /usr/sbin/acpid (pid 1988)
acpid.
Stopping system message bus: dbus.
stopping mountd: done
stopping nfsd: done
Stopping ntpd: stopped process in pidfile '/var/run/ntp.pid' (pid 22501)
done
Stopping random number generator daemon.
Stopping internet superserver: xinetd.
stopping statd: done
Failed to stop kdump!
Stopping crond: OK
Stopping rpcbind daemon...
not running.
Stopping fan control daemon: fancontrol... no process in pidfile '/var/run/fancontrol.pid' found; none killed
done.
Stopping sensors logging daemon: sensord... stopped /usr/sbin/sensord (pid 4043)
done.
Deconfiguring network interfaces... done.
ip6tables: Setting chains to policy ACCEPT: filter [ OK ]
ip6tables: Flushing firewall rules: [ OK ]
ip6tables: Unloading modules: [ OK ]
iptables: Setting chains to policy ACCEPT: filter raw [ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
Sat Oct 3 01:02:31 UTC 2020
SSP-Security-Module is shutting down ...
Sat Oct 3 01:02:31 UTC 2020 SHUTDOWN WARNING: Beginning System Shutdown request for CSP Apps
Sat Oct 3 01:02:31 UTC 2020 SHUTDOWN WARNING: Continue System Shutdown request for CSP Apps
/bin/ls: cannot access /opt/cisco/config/heimdall/etc: No such file or directory
/bin/ls: cannot access /opt/cisco/csp/applications/configs: No such file or directory
ls: cannot access /opt/cisco/config/heimdall/etc: No such file or directory
Sat Oct 3 01:02:31 UTC 2020 SHUTDOWN WARNING: Nothing to do for Apps-Services-Down
Sat Oct 3 01:02:31 UTC 2020
FPR-1xxx platform rebooting ...
Note: SIGKILL_ALL will be triggered after after 0 + 2 secs ...
Sat Oct 3 01:02:32 UTC 2020
Sending ALL processes the KILL signal ...
Error: poshd was not running... Starting ...
Sat Oct 3 01:02:33 UTC 2020
Deactivating swap...
Unmounting local filesystems...
Rebooting... [ 3915.645843] reboot: Restarting system // FTD WILL AUTO REBOOT
*******************************************************************************
Cisco System ROMMON, Version 1.0.08, RELEASE SOFTWARE
Copyright (c) 1994-2019 by Cisco Systems, Inc.
Compiled Mon 06/17/2019 15:54:21.43 by builder
*******************************************************************************
Current image running: Boot ROM1
Last reset cause: ResetRequest (0x00001000)
DIMM0 : Present
Platform FPR-1010 with 8192 MBytes of main memory
BIOS has been successfully locked !!
MAC Address: 5c:5a:c7:b8:f7:80
Use BREAK or ESC to interrupt boot.
Use SPACE to begin boot immediately.
Boot in 4 seconds.
Use SPACE to begin boot immediately.
Located .boot_string
Image size 59 inode num 16, bks cnt 1 blk size 8*512
Attempt autoboot: "boot disk0:installables/switch/fxos-k8-fp1k-lfbff.2.7.1.107.SPA"
Located installables/switch/fxos-k8-fp1k-lfbff.2.7.1.107.SPA
Image size 176580624 inode num 114030, bks cnt 43111 blk size 8*512
#####################################################################
<OUTPUT TRUNCATED>
#####################################################################
+-------------------------------------------------------------------+
+------------------------- SUCCESS ---------------------------------+
+-------------------------------------------------------------------+
| |
| LFBFF signature authentication passed !!! |
| |
+-------------------------------------------------------------------+
LFBFF signature verified.
+-------------------------------------------------------------------+
+------------------------- SUCCESS ---------------------------------+
+-------------------------------------------------------------------+
| |
| LFBFF controller type check passed !!! |
| |
+-------------------------------------------------------------------+
Linux version: 4.1.21-WR8.0.0.25_standard (builders@sjc-releng14) #1 SMP Sat Sep 21 10:25:19 PDT 2019
kernel_image = 0x73bf3c58, kernel_size=0x50abd0
Image validated
INIT: version 2.88 booting
Starting udev
Configuring network interfaces... done.
Populating dev cache
Primary SSD discovered
fsck from util-linux 2.26.2
[/sbin/fsck.ext3 (1) -- /dev/sda1] fsck.ext3 -a /dev/sda1
/dev/sda1: clean, 8743/488640 files, 758579/1953024 blocks
fsck(/dev/sda1) returned 0
fsck from util-linux 2.26.2
[/sbin/fsck.ext3 (1) -- /dev/sda2] fsck.ext3 -a /dev/sda2
/dev/sda2: clean, 12/61056 files, 8242/244224 blocks
fsck(/dev/sda2) returned 0
fsck from util-linux 2.26.2
[/sbin/fsck.ext3 (1) -- /dev/sda3] fsck.ext3 -a /dev/sda3
/dev/sda3: clean, 14/61056 files, 8244/244224 blocks
fsck(/dev/sda3) returned 0
fsck from util-linux 2.26.2
[/sbin/fsck.ext3 (1) -- /dev/sda4] fsck.ext3 -a /dev/sda4
/dev/sda4: clean, 12/1831424 files, 158992/7324160 blocks
fsck(/dev/sda4) returned 0
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
FIPS POST Test Script
NOTICE: The FIPS POST is not run because the FIPS feature is not enabled
Running postinst /etc/rpm-postinsts/100-dnsmasq...
Running postinst /etc/rpm-postinsts/101-dnsmasq...
INIT: Entering runlevel: 3
Starting system message bus: dbus.
Stopping all devices.
Starting all devices.
Processing /etc/c3xxx_dev0.conf
Checking status of all devices.
There is 1 QAT acceleration device(s) in the system:
qat_dev0 - type: c3xxx, inst_id: 0, node_id: 0, bsf: 01:00.0, #accel: 3 #engines: 6 state: up
ip6tables: Applying firewall rules: [ OK ]
iptables: Applying firewall rules: [ OK ]
Starting OpenBSD Secure Shell server: sshd
generating ssh ed25519 key...
done.
Starting rpcbind daemon...done.
starting statd: done
Starting Advanced Configuration and Power Interface daemon: acpid: starting up with netlink and the input layer
acpid.
acpid: 1 rule loaded
acpid: waiting for events: event logging is off
starting 8 nfsd kernel threads: done
starting mountd: done
Starting ntpd: done
Starting random number generator daemonUnable to open file: /dev/tpm0
.
Starting internet superserver: xinetd.
No makedumpfile found.
Starting fan control daemon: fancontrol... done.
INFO: in validating image ...
INFO: manager_validate_image: fxmgr_absfilename /mnt/boot/installables/switch/fxos-k9-manager.2.7.1.107.SPA
INFO: Validating image /mnt/boot/installables/switch/fxos-k9-manager.2.7.1.107.SPA signature ...
: File /mnt/boot/installables/switch/fxos-k9-manager.2.7.1.107.SPA size 26368896
Done!
Computed Hash SHA2: 1434b368fd187e7dd366e44b8e9d382c
7ef4d0e803ca4c6eadd510f4ee7213f7
de1b8ffa2bba0722ccb1e5dca1665803
2902019adf38b942babec942329cfd54
Embedded Hash SHA2: 1434b368fd187e7dd366e44b8e9d382c
7ef4d0e803ca4c6eadd510f4ee7213f7
de1b8ffa2bba0722ccb1e5dca1665803
2902019adf38b942babec942329cfd54
The digital signature of the file: fxos-k9-manager.2.7.1.107.SPA verified successfully
INFO: beginning of manager_install
INFO: manager_install: fxmgr=/mnt/boot/installables/switch/fxos-k9-manager.2.7.1.107.SPA chmgr= update=false
INFO: Creating directory /tmp/fxmgr
INFO: /bin/tar -xvzf /tmp/fxmgr/fxos-kp-manager.2.7.1.107.tgz ...
INFO: manager_install: shutting down the old version ...
INFO: Terminating DME and all AGs ...
INFO: --
INFO: manager_install: Unlinking a old libraries ...
INFO: manager_install: Deleting the old manager image ...
INFO: manager_install: Installing the new image ...
INFO: deleting unnecessary xml file..!!
INFO: deleted unnecessary xml file..!!
INFO: manager_post_install ...
INFO: manager_post_install: fxmgr=/mnt/boot/installables/switch/fxos-k9-manager.2.7.1.107.SPA chmgr= update=false
INFO: manager_post_install: Linking libraries ...
INFO: manager_post_install: Linking binaries ...
Completed system initial setup.
INFO: Trying to add iptables and ip6tables rules ...
INFO: Set up Application Diagnostic Interface ...
INFO: Configure management interface ...
Firepower 1xxx platform..
RTNETLINK answers: File exists
RTNETLINK answers: File exists
Assigning ip to eth0 in FPR-1xxx platform
ERROR: interface management0 is not ready after waiting for 60 seconds.
Current link status: [19: management0: <NO-CARRIER,BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default \ link/ether 5c:5a:c7:b8:f7:80 brd ff:ff:ff:ff:ff:ff]
INFO: Configure rmu interface ...
Bring up rmu and swp1-swp10 switch interfaces
create and bringup lldp sub-interface on lldp-swp7, lldp-swp8
create and bringup lacp and mgmt sub-interface on (lacp-swp1 to lacp-swp8), (mgmt-swp1 to mgmt-swp8)
Stopping rpcbind daemon...
done.
stopping mountd: done
stopping nfsd: .done
INFO: Configure system files ...
INFO: System Name is: firepower-1010
Starting sensors logging daemon: sensord... done.
INFO: console : ttyS0, speed : 9600
INFO: manager_startup: setting up fxmgr apache ...
INFO: manager_startup: Start manager httpd setup...
INFO: manager_startup: /opt/cisco/config/certstore/default.key not found on platform, re-generating files
INFO: manager_startup: reset httpd app config to default
httpdRegister INFO: [httpd.3886 -4 192.168.45.45 -n localhost]
httpdRegister INFO: Starting httpd setup/registration...
httpdRegister INFO: Completed httpd setup/registration!
INFO: httpdRegister [httpd.3886 script exit]
INFO: manager_startup: Completed manager httpd setup!
Starting crond: OK
INFO: System Disk /dev/sda present. Status: Operable.
firepower-1010 login:
Waiting for Application infrastructure to be ready...
Verifying the signature of the Application image...
Creating FXOS swap file ...
Oct 3 01:05:46 firepower-1010 FPRM: <<%FPRM-2-DEFAULT_INFRA_VERSION_MISSING>> [F1309][critical][default-infra-version-missing][org-root/fw-infra-pack-default] Bundle version in firmware package is empty, need to re-install
Oct 3 01:05:49 firepower-1010 port-manager: Alert: Internal1/2 link changed to UP
Oct 3 01:05:49 firepower-1010 port-manager: Alert: Internal1/1 link changed to UP
Oct 3 01:06:19 firepower-1010 port-manager: Alert: Ethernet1/2 link changed to UP
Oct 3 01:06:20 firepower-1010 port-manager: Alert: Ethernet1/2 link changed to DOWN
Oct 3 01:06:23 firepower-1010 port-manager: Alert: Ethernet1/2 link changed to UP
Oct 3 01:07:15 firepower-1010 FPRM: <<%FPRM-2-DEFAULT_INFRA_VERSION_MISSING>> [F1309][cleared][default-infra-version-missing][org-root/fw-infra-pack-default] Bundle version in firmware package is empty, need to re-install
Oct 3 01:09:20 firepower-1010 port-manager: Alert: Ethernet1/2 link changed to DOWN
Threat Defense System: CMD=-install, CSP-ID=cisco-ftd.6.5.0.115__ftd_001_JMX2324G1THBG7ZUP1, FLAG=''
System begins installation ...
Cisco FTD installation finished successfully.
Verifying signature for cisco-ftd.6.5.0.115 ...
Verifying signature for cisco-ftd.6.5.0.115 ... success
Threat Defense System: CMD=-start, CSP-ID=cisco-ftd.6.5.0.115__ftd_001_JMX2324G1THBG7ZUP1, FLAG=''
System starting ...
Registering to process manager ...
Cisco FTD started successfully.
Cisco FTD initializing ...
Verify FSIC, File System Integrity Check
Configuring model to 78A...
Obtained uid 501 and gid 501 for external user
verify_fsic(start)
Do not run FSIC twice for SSP systems...
Initializing Threat Defense ... [ OK ]
Starting system log daemon... [ OK ]
Disk free check passed, creating swap...
Building swapfile /ngfw/Volume/.swaptwo of size 5494382kb
5494382+0 records in
5494382+0 records out
5626247168 bytes (5.6 GB) copied, 19.6011 s, 287 MB/s
Setting up swapspace version 1, size = 5.2 GiB (5626241024 bytes)
no label, UUID=4388fe75-ad4e-4747-a9e9-459db271b723
Adding swapfile /ngfw/Volume/.swaptwo
Flushing all current IPv4 rules and user defined chains: ...success
Clearing all current IPv4 rules and user defined chains: ...success
Applying iptables firewall rules:
Flushing chain `PREROUTING'
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Flushing chain `POSTROUTING'
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Applying rules successed
Flushing all current IPv6 rules and user defined chains: ...success
Clearing all current IPv6 rules and user defined chains: ...success
Applying ip6tables firewall rules:
Flushing chain `PREROUTING'
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Flushing chain `POSTROUTING'
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Applying rules successed
Starting nscd... [ OK ]
Starting , please wait......complete.
cleaning up *.TMM and *.TMD files
Firstboot detected, executing scripts
Executing S01virtual-machine-reconfigure [ OK ]
Executing S01z_copy_startup-config [ OK ]
Executing S02aws-pull-cfg [ OK ]
Executing S02configure_onbox [ OK ]
Executing S03generate_db_access.sh [ OK ]
Executing S04fix-httpd.sh [ OK ]
Executing S05set-default-ipv4.pl [ OK ]
Executing S06addusers [ OK ]
Executing S07uuid-init [ OK ]
Executing S08configure_mysql [ OK ]
************ Attention *********
Initializing the configuration database. Depending on available
system resources (CPU, memory, and disk), this may take 30 minutes
or more to complete.
************ Attention *********
Executing S09database-init [ OK ]
Executing S11database-populate [ OK ]
Executing S12install_infodb [ OK ]
Executing S15set-locale.sh [ OK ]
Executing S16update-sensor.pl [ OK ]
Executing S19cert-tun-init [ OK ]
Executing S20cert-init [ OK ]
Executing S21disable_estreamer [ OK ]
Executing S25create_default_des.pl [ OK ]
Executing S30init_lights_out_mgmt.pl [ OK ]
Executing S33azure-waagent [ OK ]
Executing S40install_default_filters.pl [ OK ]
Executing S41install_default_app_filters.pl [ OK ]
Executing S43install_default_report_templates.pl [ OK ]
Executing S44install_analysis_objects.pl [ OK ]
Executing S45install_default_realms.pl [ OK ]
Executing S47install_default_sandbox_EO.pl [ OK ]
Executing S50install-remediation-modules [ OK ]
Executing S51install_health_policy.pl [ OK ]
Executing S52install_system_policy.pl [ OK ]
Executing S53change_reconciliation_baseline.pl [ OK ]
Executing S70remove_casuser.pl [ OK ]
Executing S70update_sensor_objects.sh [ OK ]
Executing S85patch_history-init [ OK ]
Executing S96grow_var.sh [ OK ]
Executing S96install_vmware_tools.pl [ OK ]
********** Attention **********
Initializing the system's localization settings. Depending on available
system resources (CPU, memory, and disk), this may take 10 minutes
or more to complete.
********** Attention **********
Executing S96localize-templates [ OK ]
Executing S96ovf-data.pl [ OK ]
Executing S97compress-client-resources [ OK ]
Executing S97create_platinum_forms.pl [ OK ]
Executing S97install_cas [ OK ]
Executing S97install_cloud_support.pl [ OK ]
Executing S97install_geolocation.pl [ OK ]
Executing S97install_ssl_inspection.pl [ OK ]
Executing S97update_modprobe.pl [ OK ]
Executing S98check-db-integrity.sh [ OK ]
Executing S98htaccess-init [ OK ]
Executing S99configure_mysql [ OK ]
Executing S99correct_ipmi.pl [ OK ]
Executing S99ngfw_onbox [ OK ]
Executing S99ssl_hw_mode.sh [ OK ]
Executing S99start-system [ OK ]
Executing S99z_db_restore [ OK ]
Firstboot scripts finished.
Configuring NTP... [ OK ]
Stopping all devices.
Starting all devices.
Processing /etc/c3xxx_dev0.conf
Checking status of all devices.
There is 1 QAT acceleration device(s) in the system:
qat_dev0 - type: c3xxx, inst_id: 0, node_id: 0, bsf: 01:00.0, #accel: 3 #engines: 6 state: up
SIOCSIFADDR: No such device
br0: ERROR while getting interface flags: No such device
SIOCSIFNETMASK: No such device
br0: ERROR while getting interface flags: No such device
Model reconfigure detected, executing scripts
Pinging mysql
Found mysql is running
Executing 45update-sensor.pl [ OK ]
Executing 55recalculate_arc.pl [ OK ]
Sat Oct 3 01:27:33 UTC 2020
Starting MySQL...
Pinging mysql
Pinging mysql, try 1
Found mysql is running
Running initializeObjects...
Stopping MySQL...
Killing mysqld with pid 14511
Wait for mysqld to exit\c
done
Sat Oct 3 01:27:44 UTC 2020
Skipping sfifd for this platform...
Starting Cisco Firepower 1010 Threat Defense, please wait...No PM running!
...started.
Cisco FTD initialization finished successfully.
memif is not enabled.
IO Memory Nodes: 1
IO Memory Per Node: 549453824 bytes num_pages = 134144 page_size = 4096
Global Reserve Memory Per Node: 786432000 bytes Nodes=1
LCMB: got 1073741824 bytes on numa-id=0, phys=0x200000000, virt=0x2b8c80000000
LCMB: HEAP-CACHE POOL got 782237696 bytes on numa-id=0, virt=0x2b8cc0000000
total mem 2948718463 system 8394874880 kernel 11037767 image 111086672
new 2948718463 old 660540496 reserve 1855979520 priv new 1103776710 priv old 0
Processor memory: 2948718463
POST started...
POST finished, result is 0 (hint: 1 means it failed)
Compiled on Thu 19-Sep-19 17:23 PDT by builders
SSL Hardware Offload is Enabled
Snort trust pinhole is NOT Enabled
FPR-1010 platform
Total NICs found: 6
x550em_kr rev 0x11 10 Gigabit Ethernet, index 00 MAC: 00a0.c900.0000
en_vtun rev00 Backplane Ext-Mgmt Interface @ index 02 MAC: 5c5a.c7b8.f781
en_vtun rev00 Backplane Tap Interface @ index 03 MAC: 0000.0100.0001
en_vtun rev00 Backplane Control Interface @ index 05 MAC: 0000.0300.0101
WARNING: Attribute already exists in the dictionary.
License mode file was not found. Assuming this is the initial bootup. Setting the license mode to Smart Licensing.
INFO: Unable to read firewall mode from flash
Writing default firewall mode (single) to flash
INFO: Unable to read cluster interface-mode from flash
Writing default mode "None" to flash
*** Intel QAT Crypto on-board accelerator detected
Encryption hardware device : Cisco FP Crypto on-board accelerator (revision 0x11)
Driver version : 4.1.0
Encryption hardware device : Cisco FP Crypto on-board accelerator (revision 0x11)
Driver version : 4.1.0
Encryption hardware device : Cisco FP Crypto on-board accelerator (revision 0x11)
Driver version : 4.1.0
Encryption hardware device : Cisco FP Crypto on-board accelerator (revision 0x11)
Driver version : 4.1.0
Encryption hardware device : Cisco FP Crypto on-board accelerator (revision 0x11)
Driver version : 4.1.0
Encryption hardware device : Cisco FP Crypto on-board accelerator (revision 0x11)
Driver version : 4.1.0
****************************** Warning *******************************
This product contains cryptographic features and is
subject to United States and local country laws
governing, import, export, transfer, and use.
Delivery of Cisco cryptographic products does not
imply third-party authority to import, export,
distribute, or use encryption. Importers, exporters,
distributors and users are responsible for compliance
with U.S. and local country laws. By using this
product you agree to comply with applicable laws and
regulations. If you are unable to comply with U.S.
and local laws, return the enclosed items immediately.
A summary of U.S. laws governing Cisco cryptographic
products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by
sending email to export@cisco.com.
******************************* Warning *******************************
Copyright (c) 1996-2017 by Cisco Systems, Inc.
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Error No such device in set_linux_mac_address: Failed to assign MAC address for br0
Reading from flash...
!
Cryptochecksum (changed): 6929aede 6646bb60 e7c2f077 d48e4bc9
INFO: Power-On Self-Test in process.
.......................................................................
INFO: Power-On Self-Test complete.
INFO: Starting SW-DRBG health test...
INFO: SW-DRBG health test passed.
M_MMAP_THRESHOLD 65536, M_MMAP_MAX 44993
User enable_1 logged in to firepower
Logins over the last 1 days: 1.
Failed logins since the last login: 0.
Type help o '?' for a list of availabl¥+¹‘͹
firepower>
firepower login:
The ASA to FTD reimage completed around 35 minutes. I've assigned my laptop with a static IP 192.168.45.10/24 and HTTPS to 192.168.45.45 (FTD default Management IP address).
firepower login: admin
Password: <Admin123> // FTD DEFAULT PASSWORD
Successful login attempts for user 'admin' : 1
Copyright 2004-2019, Cisco and/or its affiliates. All rights reserved.
Cisco is a registered trademark of Cisco Systems, Inc.
All other trademarks are property of their respective owners.
Cisco Fire Linux OS v6.5.0 (build 4)
Cisco Firepower 1010 Threat Defense v6.5.0 (build 115)
Cisco Firepower Extensible Operating System (FX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (c) 2009-2019, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under
license.
Certain components of this software are licensed under the "GNU General Public
License, version 3" provided with ABSOLUTELY NO WARRANTY under the terms of
"GNU General Public License, Version 3", available here:
http://www.gnu.org/licenses/gpl.html. See User Manual (''Licensing'') for
details.
Certain components of this software are licensed under the "GNU General Public
License, version 2" provided with ABSOLUTELY NO WARRANTY under the terms of
"GNU General Public License, version 2", available here:
http://www.gnu.org/licenses/old-licenses/gpl-2.0.html. See User Manual
(''Licensing'') for details.
Certain components of this software are licensed under the "GNU LESSER GENERAL
PUBLIC LICENSE, version 3" provided with ABSOLUTELY NO WARRANTY under the terms
of "GNU LESSER GENERAL PUBLIC LICENSE" Version 3", available here:
http://www.gnu.org/licenses/lgpl.html. See User Manual (''Licensing'') for
details.
Certain components of this software are licensed under the "GNU Lesser General
Public License, version 2.1" provided with ABSOLUTELY NO WARRANTY under the
terms of "GNU Lesser General Public License, version 2", available here:
http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html. See User Manual
(''Licensing'') for details.
Certain components of this software are licensed under the "GNU Library General
Public License, version 2" provided with ABSOLUTELY NO WARRANTY under the terms
of "GNU Library General Public License, version 2", available here:
http://www.gnu.org/licenses/old-licenses/lgpl-2.0.html. See User Manual
(''Licensing'') for details.
firepower# connect ftd
You must accept the EULA to continue.
Press <ENTER> to display the EULA: <ENTER>
End User License Agreement
Effective: May 22, 2017
This is an agreement between You and Cisco Systems, Inc. or its affiliates
("Cisco") and governs your Use of Cisco Software. "You" and "Your" means the
individual or legal entity licensing the Software under this EULA. "Use" or
"Using" means to download, install, activate, access or otherwise use the
Software. "Software" means the Cisco computer programs and any Upgrades made
available to You by an Approved Source and licensed to You by Cisco.
"Documentation" is the Cisco user or technical manuals, training materials,
specifications or other documentation applicable to the Software and made
available to You by an Approved Source. "Approved Source" means (i) Cisco or
(ii) the Cisco authorized reseller, distributor or systems integrator from whom
you acquired the Software. "Entitlement" means the license detail; including
license metric, duration, and quantity provided in a product ID (PID) published
on Cisco's price list, claim certificate or right to use notification.
"Upgrades" means all updates, upgrades, bug fixes, error corrections,
enhancements and other modifications to the Software and backup copies thereof.
This agreement, any supplemental license terms and any specific product terms
at www.cisco.com/go/softwareterms (collectively, the "EULA") govern Your Use of
the Software.
1. Acceptance of Terms. By Using the Software, You agree to be bound by the
terms of the EULA. If you are entering into this EULA on behalf of an entity,
you represent that you have authority to bind that entity. If you do not have
such authority or you do not agree to the terms of the EULA, neither you nor
the entity may Use the Software and it may be returned to the Approved Source
for a refund within thirty (30) days of the date you acquired the Software or
Cisco product. Your right to return and refund applies only if you are the
original end user licensee of the Software.
2. License. Subject to payment of the applicable fees and compliance with this
EULA, Cisco grants You a limited, non-exclusive and non-transferable license to
Use object code versions of the Software and the Documentation solely for Your
internal operations and in accordance with the Entitlement and the
Documentation. Cisco licenses You the right to Use only the Software You
acquire from an Approved Source. Unless contrary to applicable law, You are not
licensed to Use the Software on secondhand or refurbished Cisco equipment not
authorized by Cisco, or on Cisco equipment not purchased through an Approved
Source. In the event that Cisco requires You to register as an end user, Your
license is valid only if the registration is complete and accurate. The
Software may contain open source software, subject to separate license terms
made available with the Cisco Software or Documentation.
If the Software is licensed for a specified term, Your license is valid solely
for the applicable term in the Entitlement. Your right to Use the Software
begins on the date the Software is made available for download or installation
and continues until the end of the specified term, unless otherwise terminated
in accordance with this Agreement.
3. Evaluation License. If You license the Software or receive Cisco product(s)
for evaluation purposes or other limited, temporary use as authorized by Cisco
("Evaluation Product"), Your Use of the Evaluation Product is only permitted
for the period limited by the license key or otherwise stated by Cisco in
writing. If no evaluation period is identified by the license key or in
writing, then the evaluation license is valid for thirty (30) days from the
date the Software or Cisco product is made available to You. You will be
invoiced for the list price of the Evaluation Product if You fail to return or
stop Using it by the end of the evaluation period. The Evaluation Product is
licensed "AS-IS" without support or warranty of any kind, expressed or implied.
Cisco does not assume any liability arising from any use of the Evaluation
Product. You may not publish any results of benchmark tests run on the
Evaluation Product without first obtaining written approval from Cisco. You
authorize Cisco to use any feedback or ideas You provide Cisco in connection
with Your Use of the Evaluation Product.
4. Ownership. Cisco or its licensors retain ownership of all intellectual
property rights in and to the Software, including copies, improvements,
enhancements, derivative works and modifications thereof. Your rights to Use
the Software are limited to those expressly granted by this EULA. No other
rights with respect to the Software or any related intellectual property rights
are granted or implied.
5. Limitations and Restrictions. You will not and will not allow a third party
to:
a. transfer, sublicense, or assign Your rights under this license to any other
person or entity (except as expressly provided in Section 12 below), unless
expressly authorized by Cisco in writing;
b. modify, adapt or create derivative works of the Software or Documentation;
c. reverse engineer, decompile, decrypt, disassemble or otherwise attempt to
derive the source code for the Software, except as provided in Section 16
below;
d. make the functionality of the Software available to third parties, whether
as an application service provider, or on a rental, service bureau, cloud
service, hosted service, or other similar basis unless expressly authorized by
Cisco in writing;
e. Use Software that is licensed for a specific device, whether physical or
virtual, on another device, unless expressly authorized by Cisco in writing; or
f. remove, modify, or conceal any product identification, copyright,
proprietary, intellectual property notices or other marks on or within the
Software.
6. Third Party Use of Software. You may permit a third party to Use the
Software licensed to You under this EULA if such Use is solely (i) on Your
behalf, (ii) for Your internal operations, and (iii) in compliance with this
EULA. You agree that you are liable for any breach of this EULA by that third
party.
7. Limited Warranty and Disclaimer.
a. Limited Warranty. Cisco warrants that the Software will substantially
conform to the applicable Documentation for the longer of (i) ninety (90) days
following the date the Software is made available to You for your Use or (ii)
as otherwise set forth at www.cisco.com/go/warranty. This warranty does not
apply if the Software, Cisco product or any other equipment upon which the
Software is authorized to be used: (i) has been altered, except by Cisco or its
authorized representative, (ii) has not been installed, operated, repaired, or
maintained in accordance with instructions supplied by Cisco, (iii) has been
subjected to abnormal physical or electrical stress, abnormal environmental
conditions, misuse, negligence, or accident; (iv) is licensed for beta,
evaluation, testing or demonstration purposes or other circumstances for which
the Approved Source does not receive a payment of a purchase price or license
fee; or (v) has not been provided by an Approved Source. Cisco will use
commercially reasonable efforts to deliver to You Software free from any
viruses, programs, or programming devices designed to modify, delete, damage or
disable the Software or Your data.
b. Exclusive Remedy. At Cisco's option and expense, Cisco shall repair,
replace, or cause the refund of the license fees paid for the non-conforming
Software. This remedy is conditioned on You reporting the non-conformance in
writing to Your Approved Source within the warranty period. The Approved Source
may ask You to return the Software, the Cisco product, and/or Documentation as
a condition of this remedy. This Section is Your exclusive remedy under the
warranty.
c. Disclaimer.
Except as expressly set forth above, Cisco and its licensors provide Software
"as is" and expressly disclaim all warranties, conditions or other terms,
whether express, implied or statutory, including without limitation,
warranties, conditions or other terms regarding merchantability, fitness for a
particular purpose, design, condition, capacity, performance, title, and
non-infringement. Cisco does not warrant that the Software will operate
uninterrupted or error-free or that all errors will be corrected. In addition,
Cisco does not warrant that the Software or any equipment, system or network on
which the Software is used will be free of vulnerability to intrusion or
attack.
8. Limitations and Exclusions of Liability. In no event will Cisco or its
licensors be liable for the following, regardless of the theory of liability or
whether arising out of the use or inability to use the Software or otherwise,
even if a party been advised of the possibility of such damages: (a) indirect,
incidental, exemplary, special or consequential damages; (b) loss or corruption
of data or interrupted or loss of business; or (c) loss of revenue, profits,
goodwill or anticipated sales or savings. All liability of Cisco, its
affiliates, officers, directors, employees, agents, suppliers and licensors
collectively, to You, whether based in warranty, contract, tort (including
negligence), or otherwise, shall not exceed the license fees paid by You to any
Approved Source for the Software that gave rise to the claim. This limitation
of liability for Software is cumulative and not per incident. Nothing in this
Agreement limits or excludes any liability that cannot be limited or excluded
under applicable law.
9. Upgrades and Additional Copies of Software. Notwithstanding any other
provision of this EULA, You are not permitted to Use Upgrades unless You, at
the time of acquiring such Upgrade:
a. already hold a valid license to the original version of the Software, are in
compliance with such license, and have paid the applicable fee for the Upgrade;
and
b. limit Your Use of Upgrades or copies to Use on devices You own or lease; and
c. unless otherwise provided in the Documentation, make and Use additional
copies solely for backup purposes, where backup is limited to archiving for
restoration purposes.
10. Audit. During the license term for the Software and for a period of three
(3) years after its expiration or termination, You will take reasonable steps
to maintain complete and accurate records of Your use of the Software
sufficient to verify compliance with this EULA. No more than once per twelve
(12) month period, You will allow Cisco and its auditors the right to examine
such records and any applicable books, systems (including Cisco product(s) or
other equipment), and accounts, upon reasonable advanced notice, during Your
normal business hours. If the audit discloses underpayment of license fees, You
will pay such license fees plus the reasonable cost of the audit within thirty
(30) days of receipt of written notice.
11. Term and Termination. This EULA shall remain effective until terminated or
until the expiration of the applicable license or subscription term. You may
terminate the EULA at any time by ceasing use of or destroying all copies of
Software. This EULA will immediately terminate if You breach its terms, or if
You fail to pay any portion of the applicable license fees and You fail to cure
that payment breach within thirty (30) days of notice. Upon termination of this
EULA, You shall destroy all copies of Software in Your possession or control.
12. Transferability. You may only transfer or assign these license rights to
another person or entity in compliance with the current Cisco
Relicensing/Transfer Policy (www.cisco.com/c/en/us/products/
cisco_software_transfer_relicensing_policy.html). Any attempted transfer or,
assignment not in compliance with the foregoing shall be void and of no effect.
13. US Government End Users. The Software and Documentation are "commercial
items," as defined at Federal Acquisition Regulation ("FAR") (48 C.F.R.) 2.101,
consisting of "commercial computer software" and "commercial computer software
documentation" as such terms are used in FAR 12.212. Consistent with FAR 12.211
(Technical Data) and FAR 12.212 (Computer Software) and Defense Federal
Acquisition Regulation Supplement ("DFAR") 227.7202-1 through 227.7202-4, and
notwithstanding any other FAR or other contractual clause to the contrary in
any agreement into which this EULA may be incorporated, Government end users
will acquire the Software and Documentation with only those rights set forth in
this EULA. Any license provisions that are inconsistent with federal
procurement regulations are not enforceable against the U.S. Government.
14. Export. Cisco Software, products, technology and services are subject to
local and extraterritorial export control laws and regulations. You and Cisco
each will comply with such laws and regulations governing use, export,
re-export, and transfer of Software, products and technology and will obtain
all required local and extraterritorial authorizations, permits or licenses.
Specific export information may be found at: tools.cisco.com/legal/export/pepd/
Search.do
15. Survival. Sections 4, 5, the warranty limitation in 7(a), 7(b) 7(c), 8, 10,
11, 13, 14, 15, 17 and 18 shall survive termination or expiration of this EULA.
16. Interoperability. To the extent required by applicable law, Cisco shall
provide You with the interface information needed to achieve interoperability
between the Software and another independently created program. Cisco will
provide this interface information at Your written request after you pay
Cisco's licensing fees (if any). You will keep this information in strict
confidence and strictly follow any applicable terms and conditions upon which
Cisco makes such information available.
17. Governing Law, Jurisdiction and Venue.
If You acquired the Software in a country or territory listed below, as
determined by reference to the address on the purchase order the Approved
Source accepted or, in the case of an Evaluation Product, the address where
Product is shipped, this table identifies the law that governs the EULA
(notwithstanding any conflict of laws provision) and the specific courts that
have exclusive jurisdiction over any claim arising under this EULA.
Country or Territory | Governing Law | Jurisdiction and Venue
=========================|=========================|===========================
United States, Latin | State of California, | Federal District Court,
America or the | United States of | Northern District of
Caribbean | America | California or Superior
| | Court of Santa Clara
| | County, California
-------------------------|-------------------------|---------------------------
Canada | Province of Ontario, | Courts of the Province of
| Canada | Ontario, Canada
-------------------------|-------------------------|---------------------------
Europe (excluding | Laws of England | English Courts
Italy), Middle East, | |
Africa, Asia or Oceania | |
(excluding Australia) | |
-------------------------|-------------------------|---------------------------
Japan | Laws of Japan | Tokyo District Court of
| | Japan
-------------------------|-------------------------|---------------------------
Australia | Laws of the State of | State and Federal Courts
| New South Wales | of New South Wales
-------------------------|-------------------------|---------------------------
Italy | Laws of Italy | Court of Milan
-------------------------|-------------------------|---------------------------
China | Laws of the People's | Hong Kong International
| Republic of China | Arbitration Center
-------------------------|-------------------------|---------------------------
All other countries or | State of California | State and Federal Courts
territories | | of California
-------------------------------------------------------------------------------
The parties specifically disclaim the application of the UN Convention on
Contracts for the International Sale of Goods. In addition, no person who is
not a party to the EULA shall be entitled to enforce or take the benefit of any
of its terms under the Contracts (Rights of Third Parties) Act 1999. Regardless
of the above governing law, either party may seek interim injunctive relief in
any court of appropriate jurisdiction with respect to any alleged breach of
such party's intellectual property or proprietary rights.
18. Integration. If any portion of this EULA is found to be void or
unenforceable, the remaining provisions of the EULA shall remain in full force
and effect. Except as expressly stated or as expressly amended in a signed
agreement, the EULA constitutes the entire agreement between the parties with
respect to the license of the Software and supersedes any conflicting or
additional terms contained in any purchase order or elsewhere, all of which
terms are excluded. The parties agree that the English version of the EULA will
govern in the event of a conflict between it and any version translated into
another language.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco
and/or its affiliates in the U.S. and other countries. To view a list of Cisco
trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks
mentioned are the property of their respective owners. The use of the word
partner does not imply a partnership relationship between Cisco and any other
company. (1110R)
Please enter 'YES' or press <ENTER> to AGREE to the EULA: <ENTER>
System initialization in progress. Please stand by.
You must configure the network to continue.
You must configure at least one of IPv4 or IPv6.
Do you want to configure IPv4? (y/n) [y]:
Do you want to configure IPv6? (y/n) [n]:
Configure IPv4 via DHCP or manually? (dhcp/manual) [manual]:
Enter an IPv4 address for the management interface [192.168.45.45]: 192.168.1.45
Enter an IPv4 netmask for the management interface [255.255.255.0]:
Enter the IPv4 default gateway for the management interface [data-interfaces]: 192.168.1.1
Enter a fully qualified hostname for this system [firepower]: fpr1010-lab
Enter a comma-separated list of DNS servers or 'none' [208.67.222.222,208.67.220.220]:
Enter a comma-separated list of search domains or 'none' []:
If your networking information has changed, you will need to reconnect.
Setting DNS servers: 208.67.222.222 208.67.220.220
No domain name specified to configure.
Setting hostname as fpr1010-lab
DHCP Server Disabled
Setting static IPv4: 192.168.1.45 netmask: 255.255.255.0 gateway: 192.168.1.1 on management0
Updating routing tables, please wait...
All configurations applied to the system. Took 3 Seconds.
Saving a copy of running network configuration to local disk.
For HTTP Proxy configuration, run 'configure network http-proxy'
Manage the device locally? (yes/no) [yes]: // HIT ENTER TO ACCESS FTD VIA FDM
Configuring firewall mode to routed
Update policy deployment information
- add device configuration
Successfully performed firstboot initial configuration steps for Firepower Device Manager for Firepower Threat Defense.
>
Re-login to FDM using the new Management IP address 192.168.1.45 and continue to the initial setup wizard.
No comments:
Post a Comment