My Network Security Journal: Reimaging Cisco ASA 5500-X to Firepower Threat Defense (FTD)

Firepower Threat Defense (FTD

Cisco’s Firepower Threat Defense (FTD) is a threat-focused Next Generation Firewall (NGFW), which is purpose built to get granular application control, while protecting against malware and providing insight into and control over threats and vulnerabilities. It helps shrink time to detection and remediation and reduces complexity with a single management interface.

Talking about management interfaces, there are 2 options available to manage your FTD:

1. Firepower Device Manager
2. Firepower Management Center

Firepower Device Manager (FDM)

Firepower Device Manager (FDM)is a web-based local manager. Users only have to point their browser at the firewall in order to configure and manage the device. The FDM provides firewall management through a thin client. It does not include Java in its design.

The Firepower Device Manager (FDM):

* Simplifies the initial setup of the device through a guided workflow. You are asked a series of
questions about such things as the interface you use to connect to the Internet, your preferred DNS settings, and your NTP server.

* Provides the ability to configure an access rule in a single interface page. You list the source and destination, the applications you want to control, the URLs to be included or excluded, and the intrusion and file policies you want applied.

* Helps users understand the system more easily with visual representations of configured access rules.

* Delivers easy-to-grasp system monitoring reports. In a single screen, green represents good,
red represents bad, and gray identifies things that have not been configured.

The FDM management option is available only for low to mid-range next-generation firewall devices.

FDM lets you configure the basic features of the software that are most commonly used for small networks. It is especially designed for networks that include a single device or just a few, where you do not want to use a high-powered multiple-device manager to control a large network containing many Firepower Threat Defense devices.

Firepower Management Center (FMC)

If you are managing large numbers of devices, or if you want to use the more complex features and
configurations that FTD allows, use Firepower Management Center (FMC) to configure your devices instead of the integrated Firepower Device Manager. The FMC provides complete and unified management over firewalls, application control, intrusion prevention, URL filtering, and advanced malware protection.

Some of the salient features of FMC include:

* Centralized Management - It’s easier than ever to manage events and policy for these network security solutions: Firepower Next-Generation Firewall (NGFW), ASA with FirePOWER Services, Firepower NGIPS, FirePOWER Threat Defense for ISR, and Advanced Malware Protection (AMP).

* Visibility - See the users, hosts, applications, files, mobile devices, virtual environments, threats, and vulnerabilities that exist in your constantly changing network. Because you can’t protect what you can’t see.

* Real-time threat management - Control access to your network, control application use, and defend against known attacks. Use AMP and sandboxing technologies to address unknown attacks and track malware infections through your network.

* Security Automation - The management center automatically correlates security events with the vulnerabilities in your environment. It prioritizes attacks so your team can easily see which events they need to investigate first. And it recommends the security policies to put in place.

The ASA-to-FTD and vice versa re-image procedure can be found on this Cisco guide.

I had a spare Cisco ASA5515-X firewall with SSD that I wanted to convert to Firepower Threat Defense (FTD) in order to get hands on. There are several things needed before reimaging the ASA firewall to FTD. The procedure is similar to reimaging an ASA FirePower module. You can refer to this Cisco link for the steps and some caveats.

1) These are the supported ASA 5500-X platforms that can be converted to FTD:

ASA 5506-X, 5506W-X, and 5506H-X (FTD 6.2.3 and earlier only)
ASA 5508-X
ASA 5512-X (FTD 6.2.3 and earlier only)
ASA 5515-X
ASA 5516-X
ASA 5525-X
ASA 5545-X
ASA 5555-X

2) The ASA ROMMON version must be 1.1.8 or above in order to perform FTD conversion. You can download the ASA 5500-X ROMMON Software from this link.

Verify the ROMMON version by issuing a show module command. I don't need to upgrade since it's on 2.1(9)8.

ciscoasa# show module

Mod Card Type Model Serial No.

---- -------------------------------------------- ------------------ -----------

0 ASA 5515-X with SW, 6 GE Data, 1 GE Mgmt, AC ASA5515 FCH1704JABC

ips Unknown N/A FCH1704JABC

cxsc Unknown N/A FCH1704JABC

sfr Unknown N/A FCH1704JABC

Mod MAC Address Range Hw Version Fw Version Sw Version

---- --------------------------------- ------------ ------------ ---------------

0 b0fa.eb97.72c8 to b0fa.eb97.72cf 1.0 2.1(9)8 9.5(2)2

ips b0fa.eb97.72c6 to b0fa.eb97.72c6 N/A N/A

cxsc b0fa.eb97.72c6 to b0fa.eb97.72c6 N/A N/A

sfr b0fa.eb97.72c6 to b0fa.eb97.72c6 N/A N/A

Mod SSM Application Name Status SSM Application Version

---- ------------------------------ ---------------- --------------------------

ips Unknown No Image Present Not Applicable

cxsc Unknown No Image Present Not Applicable

sfr Unknown No Image Present Not Applicable

Mod Status Data Plane Status Compatibility

---- ------------------ --------------------- -------------

0 Up Sys Not Applicable

ips Unresponsive Not Applicable

cxsc Unresponsive Not Applicable

sfr Unresponsive Not Applicable

Mod License Name License Status Time Remaining

---- -------------- --------------- ---------------

ips IPS Module Disabled perpetual

3) The FTD OS would require at least 3 GB and one of the requirement is to install a Solid State Drive (SSD) on the ASA. The ASA usually has a 4 GB flash space (disk0:) but it might not be enough whenever doing an OS upgrade, storing AnyConnect files, etc.

ciscoasa# show inventory

Name: "Chassis", DESCR: "ASA 5515-X with SW, 6 GE Data, 1 GE Mgmt, AC"

PID: ASA5515 , VID: V01 , SN: FGL17074ABC

Name: "Storage Device 1", DESCR: "Micron 128 GB SSD MLC, Model Number: C400-MTFDDAC128MAM"

PID: N/A , VID: N/A , SN: MSA18230XYZ

4) Perform a backup on the ASA config and activation-key (feature license).

ciscoasa# backup

[Press return to continue or enter a backup location]:disk0:

No filename provided! Using default ASA5515-X.backup.2019-07-15-200755.tar.gz // TRANSFER TO EXTERNAL FTP/TFTP SERVER

Begin backup ...

Backing up [ASA Version] ... Done!

Backing up [Running Configurations] ... Done!

Backing up [Startup Configurations] ... Done!

Backing up [WebVPN Data] ... Done!

Compressing the backup directory ... Done!

Copying Backup ... Done!

Cleaning up ... Done!

Backup finished!

ciscoasa# show activation-key ?

detail Show activation-key details
|       Output modifiers
<cr>
ciscoasa# show activation-key detail
Serial Number: JAD20080ABC
Running Permanent Activation Key: 0xf319c753 0x9c0e6651 0xbc534174 0x87548123 0x04191456

Licensed features for this platform:
Maximum Physical Interfaces       : Unlimited      perpetual
Maximum VLANs                     : 5              perpetual
Inside Hosts                      : Unlimited      perpetual
Failover                          : Disabled       perpetual
Encryption-DES                    : Enabled        perpetual
Encryption-3DES-AES               : Enabled        perpetual
Carrier                           : Disabled       perpetual
AnyConnect Premium Peers          : 2              perpetual
AnyConnect Essentials             : Disabled       perpetual
Other VPN Peers                   : 10             perpetual
Total VPN Peers                   : 12             perpetual
AnyConnect for Mobile             : Disabled       perpetual
AnyConnect for Cisco VPN Phone    : Disabled       perpetual
Advanced Endpoint Assessment      : Disabled       perpetual
Shared License                    : Disabled       perpetual
Total TLS Proxy Sessions          : 2              perpetual
Botnet Traffic Filter             : Disabled       perpetual
Cluster                           : Disabled       perpetual

This platform has a Base license.

Running Permanent Activation Key: 0xf319c753 0x9c0e6651 0xbc534174 0x87548123 0x04191456

Licensed permanent key features for this platform:
Maximum Physical Interfaces       : Unlimited      perpetual
Maximum VLANs                     : 5              perpetual
Inside Hosts                      : Unlimited      perpetual
Failover                          : Disabled       perpetual
Encryption-DES                    : Enabled        perpetual
Encryption-3DES-AES               : Enabled        perpetual
Carrier                           : Disabled       perpetual
AnyConnect Premium Peers          : 2              perpetual
AnyConnect Essentials             : Disabled       perpetual
Other VPN Peers                   : 10             perpetual
Total VPN Peers                   : 12             perpetual
AnyConnect for Mobile             : Disabled       perpetual
AnyConnect for Cisco VPN Phone    : Disabled       perpetual
Advanced Endpoint Assessment      : Disabled       perpetual
Shared License                    : Disabled       perpetual
Total TLS Proxy Sessions          : 2              perpetual
Botnet Traffic Filter             : Disabled       perpetual
Cluster                           : Disabled       perpetual

The flash permanent activation key is the SAME as the running permanent key.

I've skipped the step on keeping an ASA config and activation-key backup since I don't plan on rolling back to an ASA image.

5) Download the FTD boot image and software install package. Note the difference of the FTD boot image between the smaller platform, i.e. ASA 5506-X (.lfbff) versus the high-end platform, i.e. ASA 5515-X (.cdisk) and above.

You can download the FTD image files from the Cisco download website. Click on Firepower Threat Defense (FTD) Software.

The TAC recommended (with golden star or badge) FTD Software is 6.2.3.13 patch (as of this writing).

So I went for FTD 6.2.3 Software code and downloaded these files:

ftd-boot-9.9.2.0.cdisk
ftd-6.2.3-83.pkg

Reload the ASA using the reload command enter ROMMON mode by hitting the ESC key.

Use BREAK or ESC to interrupt boot.

Use SPACE to begin boot immediately.

Boot in 10 seconds.

Configure a temporary IP addresses and TFTP server to boot the FTD boot image.

rommon #0> interface gigabitethernet0/1 // MY LAPTOP LAN CONNECTS TO ASA G0/1

GigabitEthernet0/1

Link is DOWN

MAC Address: b0fa.eb97.72c9

rommon #1> address 192.168.1.2

rommon #2> netmask 255.255.255.0 // I SUSPECT 192.168.1.0 DEFAULTS TO A /24 NETMASK

Invalid or incorrect command. Use 'help' for help.

rrommon #2> help

Variables: Use "sync" to store in NVRAM

ADDRESS= <addr> local IP address

CONFIG= <name> config file path/name

GATEWAY= <addr> gateway IP address

IMAGE= <name> image file path/name

LINKTIMEOUT= <num> Link UP timeout (seconds)

PKTTIMEOUT= <num> packet timeout (seconds)

PORT= <name> ethernet interface port

RETRY= <num> Packet Retry Count (Ping/TFTP)

SERVER= <addr> server IP address

VLAN= <num> enable/disable DOT1Q tagging on the selected port

Commands:

? valid command list

address <addr> local IP address

boot <args> boot an image, valid args are:

- "image file spec" and/or

- "cfg=<config file spec>"

clear clear interface statistics

confreg <value> set hex configuration register

dev display platform interface devices

erase <arg> erase storage media

file <name> application image file path/name

gateway <addr> gateway IP address

gdb <cmd> edit image gdb settings

help valid command list

history display command history

interface <name> ethernet interface port

no <feat> clear feature settings

ping <addr> send ICMP echo

reboot halt and reboot system

reload halt and reboot system

repeat <arg> repeat previous command, valid arguments:

- no arg: repeat last command

- number: index into command history table

- string: most recent 1st arg match in command history table

reset halt and reboot system

server <addr> server IP address

set display all variable settings

show <cmd> display cmd-specific information

sync save variable settings in NVRAM

tftpdnld TFTP download

timeout <num> packet timeout (seconds)

trace toggle packet tracing

unset <varname> unset a variable name

rommon #3> server 192.168.1.1 // MY PC IS RUNNING A TFTP APPLICATION

rommon #4> gateway 192.168.1.1

rommon #5> file ftd-boot-9.9.2.0.cdisk

rommon #6> set

ROMMON Variable Settings:

ADDRESS=192.168.1.2

SERVER=192.168.1.1

GATEWAY=192.168.1.1

PORT=GigabitEthernet0/1

VLAN=untagged

IMAGE=ftd-boot-9.9.2.0.cdisk

CONFIG=

LINKTIMEOUT=20

PKTTIMEOUT=4

RETRY=20

rommon #7> sync

Updating NVRAM Parameters...

rommon #8> ping 192.168.1.1

Link State is Down // I CHANGED MY PATCH CABLE

rommon #9> ping 192.168.1.1

Sending 20, 100-byte ICMP Echoes to 192.168.1.1, timeout is 4 seconds:

?!!!!!!!!!!!!!!!!!!!

Success rate is 95 percent (19/20)

rommon #10> ping 192.168.1.1

Sending 20, 100-byte ICMP Echoes to 192.168.1.1, timeout is 4 seconds:

!!!!!!!!!!!!!!!!!!!!

Success rate is 100 percent (20/20)

rommon #11> tftpdnld

ROMMON Variable Settings:

ADDRESS=192.168.1.2

SERVER=192.168.1.1

GATEWAY=192.168.1.1

PORT=GigabitEthernet0/1

VLAN=untagged

IMAGE=ftd-boot-9.9.2.0.cdisk

CONFIG=

LINKTIMEOUT=20

PKTTIMEOUT=4

RETRY=20

tftp ftd-boot-9.9.2.0.cdisk@192.168.1.1 via 192.168.1.1

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

<SNIP>

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Received 103845888 bytes // IT TOOK AROUND 3-5 MINS TO FINISH THE TFTP TRANSFER

Launching TFTP Image...

Execute image at 0x14000

Cisco Security Appliance admin loader (3.0) #0: Sun Mar 25 17:31:57 PDT 2018

Platform ASA5515

IO memory blocks requested from bigphys 32bit: 41217

INIT: version 2.88 booting

Starting udev

Configuring network interfaces... done.

Populating dev cache

Found device serial number FCH1704JABC.

Found USB flash drive /dev/sdb

Found hard drive(s): /dev/sda

fsck from util-linux 2.23.2

dosfsck 2.11, 12 Mar 2005, FAT32, LFN

There are differences between boot sector and its backup.

Differences: (offset:original/backup)

65:01/00

Not automatically fixing this.

/dev/sdb1: 64 files, 40380/1951812 clusters

Launching boot CLI ...

Configuring network interface using DHCP

Bringing up network interface.

Depending on your network, this might take a couple of minutes when using DHCP...

ifup: interface lo already configured

IPv4 address not assigned. Run 'setup' before installation.

INIT: SwitchingStarting system message bus: dbus.

Starting OpenBSD Secure Shell server: sshd

generating ssh RSA key...

generating ssh ECDSA key...

generating ssh DSA key...

done.

Starting Advanced Configuration and Power Interface daemon: acpid.

acpid: starting up

acpid: 1 rule loaded

acpid: waiting for events: event logging is off

Starting ntpd: done

Starting syslog-ng:.

Starting crond: OK

Issue the setup command to configure a temporary management IP address.

Cisco FTD Boot 6.0.0 (9.9.2.)

Type ? for list of commands

ciscoasa-boot>?

show => Display system information. Enter show ? for options

system => Control system operation

setup => System Setup Wizard

support => Support information for TAC

delete => Delete files

ping => Ping a host to check reachability

traceroute => Trace the route to a remote host

exit => Exit the session

help => Get help on command syntax

ciscoasa-boot>setup

Welcome to Cisco FTD Setup

[hit Ctrl-C to abort]

Default values are inside []

Enter a hostname [ciscoasa]:

ciscoasa

Do you want to configure IPv4 address on management interface?(y/n) [Y]:

Do you want to enable DHCP for IPv4 address assignment on management interface?(y/n) [Y]: n

Enter an IPv4 address: 192.168.1.2

Enter the netmask: 255.255.255.0

Enter the gateway: 192.168.1.1

Do you want to configure static IPv6 address on management interface?(y/n) [N]:

Stateless autoconfiguration will be enabled for IPv6 addresses.

Enter the primary DNS server IP address: 8.8.8.8

Do you want to configure Secondary DNS Server? (y/n) [n]:

Do you want to configure Local Domain Name? (y/n) [n]:

Do you want to configure Search domains? (y/n) [n]:

Do you want to enable the NTP service? [Y]: n

Please review the final configuration:

Hostname: ciscoasa

Management Interface Configuration

IPv4 Configuration: static

IP Address: 192.168.1.2

Netmask: 255.255.255.0

Gateway: 192.168.1.1

IPv6 Configuration: Stateless autoconfiguration

DNS Configuration:

DNS Server:

8.8.8.8

NTP configuration: Disabled

CAUTION:

You have selected IPv6 stateless autoconfiguration, which assigns a global address

based on network prefix and a device identifier. Although this address is unlikely

to change, if it does change, the system will stop functioning correctly.

We suggest you use static addressing instead.

Apply the changes?(y,n) [Y]: <ENTER>

Configuration saved successfully!

Applying...

Restarting network services...

Done.

Press ENTER to continue...

ciscoasa-boot>system install ftp://anonymous:anonymous@192.168.1.1/ftd-6.2.3-83.pkg

######################## WARNING ############################

# The content of disk0: will be erased during installation! #

#############################################################

Do you want to continue? [y/N] y

Erasing disk0 ...

Extracting ...

Verifying

Downloading // FTP TRANSFER ONLY TOOK 5 MINS

Extracting...

Package Detail

Description: Cisco ASA-FTD 6.2.3-83 System Install

Requires reboot: Yes

Do you want to continue with upgrade? [y]: <ENTER>

Warning: Please do not interrupt the process or turn off the system.

Doing so might leave system in unusable state.

Starting upgrade process ...

Populating new system image...

Reboot is required to complete the upgrade. Press 'Enter' to reboot the system. <ENTER>

Broadcast message from root@ciscoasa (ttyS0) (Mon Jul 15 04:26:51 2019):

The system is going down for reboot NOW!

Stopping OpenBSD Secure Shell server: sshdstopped /usr/sbin/sshd (pid 1989)

Stopping Advanced Configuration and Power Interface daemon: stopped /usr/sbin/acpid (pid 1993)

acpid.

Stopping system message bus: dbus.

Stopping ntpd: start-stop-daemon: warning: killing process 1997: No such process

done

Stopping crond: OK

Deconfiguring network interfaces... done.

Sending all processes the TERM signal...

Sending all processes the KILL signal...

Deactivating swap...

Unmounting local filesystems...

Rebooting...

Use BREAK or ESC to interrupt boot.

Use SPACE to begin boot immediately.

Launching BootLoader...

Default configuration file contains 1 entry.

Searching / for images to boot.

Loading /os.img... Booting...

Platform ASA5515

IO memory blocks requested from bigphys 32bit: 41217

INIT: version 2.88 booting

Starting udev

Configuring network interfaces... done.

Populating dev cache

Found device serial number FCH1704J32Q.

Found USB flash drive /dev/sdb

Found hard drive(s): /dev/sda

fsck from util-linux 2.23.2

dosfsck 2.11, 12 Mar 2005, FAT32, LFN

/dev/sdb1: 5 files, 25395/1951767 clusters

==============================================

Use ESC to interrupt boot and launch boot CLI.

Use SPACE to launch Cisco FTD immediately.

Cisco FTD launch in 27 seconds ...

Running on saleenaprime

Mounting disk partitions ...

verify_fsic(start)

touch: cannot touch '/ngfw/var/log/sf/verify_file_integ.log': No such file or directory

/ngfw/usr/local/sf/bin/common_utils.sh: line 11: /ngfw/var/log/sf/verify_file_integ.log: No such file or directory

Running file integrity checks...

/ngfw/usr/local/sf/bin/common_utils.sh: line 11: /ngfw/var/log/sf/verify_file_integ.log: No such file or directory

FIPS mode is disabled. Skip verifying file integrity

Initializing Threat Defense ... [ OK ]

Starting system log daemon... [ OK ]

Disk free check passed, creating swap...

Building swapfile /ngfw/Volume/.swaptwo

1653404+0 records in

1653404+0 records out

1693085696 bytes (1.7 GB) copied, 4.07482 s, 415 MB/s

Setting up swapspace version 1, size = 1653400 KiB

no label, UUID=3e52110f-6b04-46ba-97ca-eb9ab5776dec

Adding swapfile /ngfw/Volume/.swaptwo

Flushing all current IPv4 rules and user defined chains: ...success

Clearing all current IPv4 rules and user defined chains: ...success

Applying iptables firewall rules:

Flushing chain `PREROUTING'

Flushing chain `INPUT'

Flushing chain `FORWARD'

Flushing chain `OUTPUT'

Flushing chain `POSTROUTING'

Flushing chain `INPUT'

Flushing chain `FORWARD'

Flushing chain `OUTPUT'

Applying rules successed

Flushing all current IPv6 rules and user defined chains: ...success

Clearing all current IPv6 rules and user defined chains: ...success

Applying ip6tables firewall rules:

Flushing chain `PREROUTING'

Flushing chain `INPUT'

Flushing chain `FORWARD'

Flushing chain `OUTPUT'

Flushing chain `POSTROUTING'

Flushing chain `INPUT'

Flushing chain `FORWARD'

Flushing chain `OUTPUT'

Applying rules successed

Starting nscd...

mkdir: created directory '/var/run/nscd' [ OK ]

Starting , please wait...grep: /ngfw/etc/motd: No such file or directory

...complete.

Firstboot detected, executing scripts

Executing S01reset_failopen_if [ OK ]

Executing S01virtual-machine-reconfigure [ OK ]

Executing S01z_copy_startup-config [ OK ]

Executing S02aws-pull-cfg [ OK ]

Executing S02configure_onbox [ OK ]

Executing S04fix-httpd.sh [ OK ]

Executing S05set-default-ipv4.pl [ OK ]

Executing S05set-mgmnt-port [ OK ]

Executing S06addusers [ OK ]

Executing S07uuid-init [ OK ]

Executing S08configure_mysql [ OK ]

************ Attention *********

Initializing the configuration database. Depending on available

system resources (CPU, memory, and disk), this may take 30 minutes

or more to complete.

************ Attention *********

Executing S09database-init

<SNIP>

Executing 55recalculate_arc.pl [ OK ]

Starting xinetd:

Mon Jul 15 04:35:36 UTC 2019

Starting MySQL...

Pinging mysql

Pinging mysql, try 1

Found mysql is running

Running initializeObjects...

Stopping MySQL...

Killing mysqld with pid 22880

Wait for mysqld to exit\c

done

Mon Jul 15 04:35:45 UTC 2019

Starting sfifd... [ OK ]

Starting Cisco ASA5515-X Threat Defense, please wait...No PM running!

...started.

INIT: SwitchingStarting system message bus: dbus.

Starting OpenBSD Secure Shell server: sshd

generating ssh RSA key...

generating ssh ECDSA key...

generating ssh DSA key...

done.

Starting Advanced Configuration and Power Interface daemon: acpid.

Starting crond: OK

Jul 15 04:35:50 ciscoasa SF-IMS[23291]: [23291] init script:system [INFO] pmmon Setting affinity to 1...

pid 23287's current affinity list: 0,1,3

pid 23287's new affinity list: 1

Jul 15 04:35:50 ciscoasa SF-IMS[23293]: [23293] init script:system [INFO] pmmon The Process Manager is not running...

Jul 15 04:35:50 ciscoasa SF-IMS[23294]: [23294] init script:system [INFO] pmmon Starting the Process Manager...

Jul 15 04:35:50 ciscoasa SF-IMS[23295]: [23295] pm:pm [INFO] Using model number 75F

Cisco ASA5515-X Threat Defense v6.2.3 (build 83)

ciscoasa login: IO Memory Nodes: 1

IO Memory Per Node: 169869312 bytes

Global Reserve Memory Per Node: 509607936 bytes Nodes=1

LCMB: got 169869312 bytes on numa-id=0, phys=0x1a8800000, virt=0x2aaab9400000

LCMB: HEAP-CACHE POOL got 507510784 bytes on numa-id=0, virt=0x2b24e1600000

Processor memory: 4368614566

POST started...

POST finished, result is 0 (hint: 1 means it failed)

Compiled on Sun 25-Mar-18 17:49 PDT by builders

SSL Hardware Offload is NOT Enabled

Total NICs found: 11

i82574L rev00 Gigabit Ethernet @ irq10 dev 0 index 06 MAC: b0fa.eb97.72cb

i82574L rev00 Gigabit Ethernet @ irq10 dev 0 index 05 MAC: b0fa.eb97.72ce

i82574L rev00 Gigabit Ethernet @ irq05 dev 0 index 04 MAC: b0fa.eb97.72ca

i82574L rev00 Gigabit Ethernet @ irq05 dev 0 index 03 MAC: b0fa.eb97.72cd

i82574L rev00 Gigabit Ethernet @ irq10 dev 0 index 02 MAC: b0fa.eb97.72c9

i82574L rev00 Gigabit Ethernet @ irq10 dev 0 index 01 MAC: b0fa.eb97.72cc

i82574L rev00 Gigabit Ethernet @ irq11 dev 0 index 00 MAC: b0fa.eb97.72c8

en_vtun rev00 Backplane Control Interface @ index 07 MAC: 0000.0001.0001

en_vtun rev00 Backplane Int-Mgmt Interface @ index 08 MAC: 0000.0001.0003

en_vtun rev00 Backplane Ext-Mgmt Interface @ index 09 MAC: 0000.0000.0000

en_vtun rev00 Backplane Tap Interface @ index 10 MAC: 0000.0100.0001

WARNING: Attribute already exists in the dictionary.

INFO: Unable to read firewall mode from flash

Writing default firewall mode (single) to flash

INFO: Unable to read cluster interface-mode from flash

Writing default mode "None" to flash

Encryption hardware device : Cisco ASA Crypto on-board accelerator (revision 0x1)

Boot microcode : CNPx-MC-BOOT-2.00

SSL/IKE microcode : CNPx-MC-SSL-SB-PLUS-0005

IPSec microcode : CNPx-MC-IPSEC-MAIN-0026

****************************** Warning *******************************

This product contains cryptographic features and is

subject to United States and local country laws

governing, import, export, transfer, and use.

Delivery of Cisco cryptographic products does not

imply third-party authority to import, export,

distribute, or use encryption. Importers, exporters,

distributors and users are responsible for compliance

with U.S. and local country laws. By using this

product you agree to comply with applicable laws and

regulations. If you are unable to comply with U.S.

and local laws, return the enclosed items immediately.

A summary of U.S. laws governing Cisco cryptographic

products may be found at:

http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by

sending email to export@cisco.com.

******************************* Warning *******************************

Restricted Rights Legend

Use, duplication, or disclosure by the Government is

subject to restrictions as set forth in subparagraph

Rights clause at FAR sec. 52.227-19 and subparagraph

Software clause at DFARS sec. 252.227-7013.

Cisco Systems, Inc.

170 West Tasman Drive

San Jose, California 95134-1706

Reading from flash...

Cryptochecksum (changed): 7df5bae1 c22d3ae2 e93edd07 2fe86d77

INFO: Power-On Self-Test in process.

.......................................................................

INFO: Power-On Self-Test complete.

INFO: Starting HW-DRBG health test...

INFO: HW-DRBG health test passed.

INFO: Starting SW-DRBG health test...

INFO: SW-DRBG health test passed.

User enable_1 logged in to firepower

Logins over the last 1 days: 1.

Failed logins since the last login: 0.

Type help o '?' for a list

Cisco ASA5515-X Threat Defense v6.2.3 (build 83) // FTD FINISHED INITIALIZING IN 7-10 MINS

firepower login: admin

Password: <Admin123>

Cisco is a registered trademark of Cisco Systems, Inc.

All other trademarks are property of their respective owners.

Cisco Fire Linux OS v6.2.3 (build 13)

Cisco ASA5515-X Threat Defense v6.2.3 (build 83)

You must accept the EULA to continue.

Press <ENTER> to display the EULA: <ENTER>

End User License Agreement

Effective: May 22, 2017

This is an agreement between You and Cisco Systems, Inc. or its affiliates

("Cisco") and governs your Use of Cisco Software. "You" and "Your" means the

individual or legal entity licensing the Software under this EULA. "Use" or

"Using" means to download, install, activate, access or otherwise use the

Software. "Software" means the Cisco computer programs and any Upgrades made

available to You by an Approved Source and licensed to You by Cisco.

"Documentation" is the Cisco user or technical manuals, training materials,

specifications or other documentation applicable to the Software and made

available to You by an Approved Source. "Approved Source" means (i) Cisco or

(ii) the Cisco authorized reseller, distributor or systems integrator from whom

you acquired the Software. "Entitlement" means the license detail; including

license metric, duration, and quantity provided in a product ID (PID) published

on Cisco's price list, claim certificate or right to use notification.

"Upgrades" means all updates, upgrades, bug fixes, error corrections,

enhancements and other modifications to the Software and backup copies thereof.

This agreement, any supplemental license terms and any specific product terms

at www.cisco.com/go/softwareterms (collectively, the "EULA") govern Your Use of

the Software.

<SNIP>

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco

and/or its affiliates in the U.S. and other countries. To view a list of Cisco

trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks

mentioned are the property of their respective owners. The use of the word

partner does not imply a partnership relationship between Cisco and any other

company. (1110R)

Please enter 'YES' or press <ENTER> to AGREE to the EULA: <ENTER>

System initialization in progress. Please stand by.

You must change the password for 'admin' to continue.

Enter new password: <cisco123>

Confirm new password: <cisco123>

You must configure the network to continue.

You must configure at least one of IPv4 or IPv6.

Do you want to configure IPv4? (y/n) [y]:

Do you want to configure IPv6? (y/n) [n]:

Configure IPv4 via DHCP or manually? (dhcp/manual) [manual]:

Enter an IPv4 address for the management interface [192.168.45.45]: 192.168.1.2

Enter an IPv4 netmask for the management interface [255.255.255.0]:

Enter the IPv4 default gateway for the management interface [data-interfaces]: 192.168.1.1 // I MOVED THE PATCH CABLE FROM ASA G0/1 TO MGMT INTERFACE

Enter a fully qualified hostname for this system [firepower]:

Enter a comma-separated list of DNS servers or 'none' [208.67.222.222,208.67.220.220]:

Enter a comma-separated list of search domains or 'none' []:

If your networking information has changed, you will need to reconnect.

DHCP Server Disabled

The DHCP server has been disabled. You may re-enable with configure network ipv4 dhcp-server-enable

For HTTP Proxy configuration, run 'configure network http-proxy'

Manage the device locally? (yes/no) [yes]: <ENTER> // VIA FIREPOWER DEVICE MANAGEMENT (FDM); FTD CLI configure manager local

Configuring firewall mode to routed

Update policy deployment information

- add device configuration

Successfully performed firstboot initial configuration steps for Firepower Device Manager for Firepower Threat Defense.

> // TYPE ? TO SHOW AVAILABLE COMMANDS

aaa-server Specify a AAA server

app-agent Configure appagent features

asdm Disconnect a specific ASDM session

asp Configure ASP parameters

blocks Set block diagnostic parameters

capture Capture inbound and outbound packets on one or more interfaces

capture-traffic Display traffic or save to specified file

cd Change current directory

clear Reset functions

cluster Cluster exec mode commands

configure Change to Configuration mode

copy Copy from one file to another

cpu general CPU stats collection tools

crashinfo Crash information

crypto Execute crypto Commands

debug Debugging functions (see also 'undebug')

delete Delete a file

dir List files on a filesystem

dns Update FQDN IP addresses

downgrade Downgrade the file system and reboot

eject Eject a device

eotool Change to Enterprise Object Tool Mode

erase Erase a filesystem

exit Exit this CLI session

expert Invoke a shell

failover Perform failover operation in Exec mode

file Change to File Mode

format Format a filesystem

fsck Filesystem check

help Interactive help for commands

history Display the current session's command line history

kill Terminate a telnet session

ldapsearch Test LDAP configuration

logging Configure flash file name to save logging buffer

logout Logout of the current CLI session

memory Memory tools

mkdir Create new directory

My Network Security Journal

Friday, July 26, 2019

Reimaging Cisco ASA 5500-X to Firepower Threat Defense (FTD)

No comments:

Post a Comment