Friday, July 26, 2019

Reimaging Cisco ASA 5500-X to Firepower Threat Defense (FTD)

Firepower Threat Defense (FTD

Cisco’s Firepower Threat Defense (FTD) is a threat-focused Next Generation Firewall (NGFW), which is purpose built to get granular application control, while protecting against malware and providing insight into and control over threats and vulnerabilities. It helps shrink time to detection and remediation and reduces complexity with a single management interface.

Talking about management interfaces, there are 2 options available to manage your FTD:

1. Firepower Device Manager
2. Firepower Management Center


Firepower Device Manager (FDM)

Firepower Device Manager (FDM)is a web-based local manager. Users only have to point their browser at the firewall in order to configure and manage the device. The FDM provides firewall management through a thin client. It does not include Java in its design.

The Firepower Device Manager (FDM):

* Simplifies the initial setup of the device through a guided workflow. You are asked a series of
questions about such things as the interface you use to connect to the Internet, your preferred DNS settings, and your NTP server.

* Provides the ability to configure an access rule in a single interface page. You list the source and destination, the applications you want to control, the URLs to be included or excluded, and the intrusion and file policies you want applied.

* Helps users understand the system more easily with visual representations of configured access rules.

* Delivers easy-to-grasp system monitoring reports. In a single screen, green represents good,
red represents bad, and gray identifies things that have not been configured.

The FDM management option is available only for low to mid-range next-generation firewall devices.

FDM lets you configure the basic features of the software that are most commonly used for small networks. It is especially designed for networks that include a single device or just a few, where you do not want to use a high-powered multiple-device manager to control a large network containing many Firepower Threat Defense devices.


Firepower Management Center (FMC)

If you are managing large numbers of devices, or if you want to use the more complex features and
configurations that FTD allows, use Firepower Management Center (FMC) to configure your devices instead of the integrated Firepower Device Manager. The FMC provides complete and unified management over firewalls, application control, intrusion prevention, URL filtering, and advanced malware protection.

Some of the salient features of FMC include:

* Centralized Management - It’s easier than ever to manage events and policy for these network security solutions: Firepower Next-Generation Firewall (NGFW), ASA with FirePOWER Services, Firepower NGIPS, FirePOWER Threat Defense for ISR, and Advanced Malware Protection (AMP).

* Visibility - See the users, hosts, applications, files, mobile devices, virtual environments, threats, and vulnerabilities that exist in your constantly changing network. Because you can’t protect what you can’t see.

* Real-time threat management - Control access to your network, control application use, and defend against known attacks. Use AMP and sandboxing technologies to address unknown attacks and track malware infections through your network.

* Security Automation - The management center automatically correlates security events with the vulnerabilities in your environment. It prioritizes attacks so your team can easily see which events they need to investigate first. And it recommends the security policies to put in place.


The ASA-to-FTD and vice versa re-image procedure can be found on this Cisco guide.


I had a spare Cisco ASA5515-X firewall with SSD that I wanted to convert to Firepower Threat Defense (FTD) in order to get hands on. There are several things needed before reimaging the ASA firewall to FTD. The procedure is similar to reimaging an ASA FirePower module. You can refer to this Cisco link for the steps and some caveats.

1) These are the supported ASA 5500-X platforms that can be converted to FTD:

ASA 5506-X, 5506W-X, and 5506H-X (FTD 6.2.3 and earlier only)
ASA 5508-X
ASA 5512-X (FTD 6.2.3 and earlier only)
ASA 5515-X
ASA 5516-X
ASA 5525-X
ASA 5545-X
ASA 5555-X



2) The ASA ROMMON version  must be 1.1.8 or above in order to perform FTD conversion. You can download the ASA 5500-X ROMMON Software from this link.


Verify the ROMMON version by issuing a show module command. I don't need to upgrade since it's on 2.1(9)8.

ciscoasa# show module

Mod  Card Type                                    Model              Serial No.
---- -------------------------------------------- ------------------ -----------
   0 ASA 5515-X with SW, 6 GE Data, 1 GE Mgmt, AC ASA5515            FCH1704JABC
 ips Unknown                                      N/A                FCH1704JABC
cxsc Unknown                                      N/A                FCH1704JABC
 sfr Unknown                                      N/A                FCH1704JABC

Mod  MAC Address Range                 Hw Version   Fw Version   Sw Version    
---- --------------------------------- ------------ ------------ ---------------
   0 b0fa.eb97.72c8 to b0fa.eb97.72cf  1.0          2.1(9)8      9.5(2)2
 ips b0fa.eb97.72c6 to b0fa.eb97.72c6  N/A          N/A         
cxsc b0fa.eb97.72c6 to b0fa.eb97.72c6  N/A          N/A         
 sfr b0fa.eb97.72c6 to b0fa.eb97.72c6  N/A          N/A         

Mod  SSM Application Name           Status           SSM Application Version
---- ------------------------------ ---------------- --------------------------
 ips Unknown                        No Image Present Not Applicable
cxsc Unknown                        No Image Present Not Applicable
 sfr Unknown                        No Image Present Not Applicable

Mod  Status             Data Plane Status     Compatibility
---- ------------------ --------------------- -------------
   0 Up Sys             Not Applicable       
 ips Unresponsive       Not Applicable       
cxsc Unresponsive       Not Applicable       
 sfr Unresponsive       Not Applicable       

Mod  License Name   License Status  Time Remaining
---- -------------- --------------- ---------------
 ips IPS Module     Disabled        perpetual


3) The FTD OS would require at least 3 GB and one of the requirement is to install a Solid State Drive (SSD) on the ASA. The ASA usually has a 4 GB flash space (disk0:) but it might not be enough whenever doing an OS upgrade, storing AnyConnect files, etc.

ciscoasa# show inventory
Name: "Chassis", DESCR: "ASA 5515-X with SW, 6 GE Data, 1 GE Mgmt, AC"
PID: ASA5515           , VID: V01     , SN: FGL17074ABC

Name: "Storage Device 1", DESCR: "Micron 128 GB SSD MLC, Model Number: C400-MTFDDAC128MAM"
PID: N/A               , VID: N/A     , SN: MSA18230XYZ


4) Perform a backup on the ASA config and activation-key (feature license).

ciscoasa# backup
[Press return to continue or enter a backup location]:disk0:

No filename provided! Using default ASA5515-X.backup.2019-07-15-200755.tar.gz   // TRANSFER TO EXTERNAL FTP/TFTP SERVER
Begin backup ...
Backing up [ASA Version] ... Done!
Backing up [Running Configurations] ... Done!
Backing up [Startup Configurations] ... Done!
Backing up [WebVPN Data] ... Done!
Compressing the backup directory ... Done!
Copying Backup ... Done!
Cleaning up ... Done!

Backup finished!


ciscoasa# show activation-key ?    

  detail  Show activation-key details
  |       Output modifiers
  <cr>
ciscoasa# show activation-key detail
Serial Number:  JAD20080ABC
Running Permanent Activation Key: 0xf319c753 0x9c0e6651 0xbc534174 0x87548123 0x04191456

Licensed features for this platform:
Maximum Physical Interfaces       : Unlimited      perpetual
Maximum VLANs                     : 5              perpetual
Inside Hosts                      : Unlimited      perpetual
Failover                          : Disabled       perpetual
Encryption-DES                    : Enabled        perpetual
Encryption-3DES-AES               : Enabled        perpetual
Carrier                           : Disabled       perpetual
AnyConnect Premium Peers          : 2              perpetual
AnyConnect Essentials             : Disabled       perpetual
Other VPN Peers                   : 10             perpetual
Total VPN Peers                   : 12             perpetual
AnyConnect for Mobile             : Disabled       perpetual
AnyConnect for Cisco VPN Phone    : Disabled       perpetual
Advanced Endpoint Assessment      : Disabled       perpetual
Shared License                    : Disabled       perpetual
Total TLS Proxy Sessions          : 2              perpetual
Botnet Traffic Filter             : Disabled       perpetual
Cluster                           : Disabled       perpetual

This platform has a Base license.

Running Permanent Activation Key: 0xf319c753 0x9c0e6651 0xbc534174 0x87548123 0x04191456

Licensed permanent key features for this platform:
Maximum Physical Interfaces       : Unlimited      perpetual
Maximum VLANs                     : 5              perpetual
Inside Hosts                      : Unlimited      perpetual
Failover                          : Disabled       perpetual
Encryption-DES                    : Enabled        perpetual
Encryption-3DES-AES               : Enabled        perpetual
Carrier                           : Disabled       perpetual
AnyConnect Premium Peers          : 2              perpetual
AnyConnect Essentials             : Disabled       perpetual
Other VPN Peers                   : 10             perpetual
Total VPN Peers                   : 12             perpetual
AnyConnect for Mobile             : Disabled       perpetual
AnyConnect for Cisco VPN Phone    : Disabled       perpetual
Advanced Endpoint Assessment      : Disabled       perpetual
Shared License                    : Disabled       perpetual
Total TLS Proxy Sessions          : 2              perpetual
Botnet Traffic Filter             : Disabled       perpetual
Cluster                           : Disabled       perpetual

The flash permanent activation key is the SAME as the running permanent key.


I've skipped the step on keeping an ASA config and activation-key backup since I don't plan on rolling back to an ASA image.


5) Download the FTD boot image and software install package. Note the difference of the FTD boot image between the smaller platform, i.e. ASA 5506-X (.lfbff) versus the high-end platform, i.e. ASA 5515-X (.cdisk) and above.

You can download the FTD image files from the Cisco download website. Click on Firepower Threat Defense (FTD) Software.


The TAC recommended (with golden star or badge) FTD Software is 6.2.3.13 patch (as of this writing).


So I went for FTD 6.2.3 Software code and downloaded these files:

ftd-boot-9.9.2.0.cdisk
ftd-6.2.3-83.pkg


Reload the ASA using the reload command enter ROMMON mode by hitting the ESC key.

Use BREAK or ESC to interrupt boot.
Use SPACE to begin boot immediately.
Boot in  10 seconds.


Configure a temporary IP addresses and TFTP server to boot the FTD boot image.

rommon #0> interface gigabitethernet0/1    // MY LAPTOP LAN CONNECTS TO ASA G0/1
GigabitEthernet0/1
Link is DOWN
MAC Address: b0fa.eb97.72c9

rommon #1> address 192.168.1.2
rommon #2> netmask 255.255.255.0   // I SUSPECT 192.168.1.0 DEFAULTS TO A /24 NETMASK
Invalid or incorrect command.  Use 'help' for help.   
rrommon #2> help 

   Variables:     Use "sync" to store in NVRAM
ADDRESS=     <addr>  local IP address
CONFIG=      <name>  config file path/name
GATEWAY=     <addr>  gateway IP address
IMAGE=       <name>  image file path/name
LINKTIMEOUT= <num>   Link UP timeout (seconds)
PKTTIMEOUT=  <num>   packet timeout (seconds)
PORT=        <name>  ethernet interface port
RETRY=       <num>   Packet Retry Count (Ping/TFTP)
SERVER=      <addr>  server IP address
VLAN=        <num>   enable/disable DOT1Q tagging on the selected port

   Commands:
?                 valid command list
address   <addr>  local IP address
boot      <args>  boot an image, valid args are:
     - "image file spec" and/or
     - "cfg=<config file spec>"
clear             clear interface statistics
confreg   <value> set hex configuration register
dev               display platform interface devices
erase     <arg>   erase storage media
file      <name>  application image file path/name
gateway   <addr>  gateway IP address
gdb       <cmd>   edit image gdb settings
help              valid command list
history           display command history
interface <name>  ethernet interface port
no        <feat>  clear feature settings
ping      <addr>  send ICMP echo
reboot            halt and reboot system
reload            halt and reboot system
repeat    <arg>   repeat previous command, valid arguments:
     - no arg: repeat last command
     - number: index into command history table
     - string: most recent 1st arg match in command history table
reset             halt and reboot system
server    <addr>  server IP address
set               display all variable settings
show      <cmd>   display cmd-specific information
sync              save variable settings in NVRAM
tftpdnld          TFTP download
timeout   <num>   packet timeout (seconds)
trace             toggle packet tracing
unset   <varname> unset a variable name

rommon #3> server 192.168.1.1    // MY PC IS RUNNING A TFTP APPLICATION
rommon #4> gateway 192.168.1.1
rommon #5> file ftd-boot-9.9.2.0.cdisk
rommon #6> set
ROMMON Variable Settings:
  ADDRESS=192.168.1.2
  SERVER=192.168.1.1
  GATEWAY=192.168.1.1
  PORT=GigabitEthernet0/1
  VLAN=untagged
  IMAGE=ftd-boot-9.9.2.0.cdisk
  CONFIG=
  LINKTIMEOUT=20
  PKTTIMEOUT=4
  RETRY=20

rommon #7> sync

Updating NVRAM Parameters...

rommon #8> ping 192.168.1.1

Link State is Down    // I CHANGED MY PATCH CABLE
rommon #9> ping 192.168.1.1
Sending 20, 100-byte ICMP Echoes to 192.168.1.1, timeout is 4 seconds:
?!!!!!!!!!!!!!!!!!!!
Success rate is 95 percent (19/20)
rommon #10> ping 192.168.1.1
Sending 20, 100-byte ICMP Echoes to 192.168.1.1, timeout is 4 seconds:
!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (20/20)
rommon #11> tftpdnld
ROMMON Variable Settings:
  ADDRESS=192.168.1.2
  SERVER=192.168.1.1
  GATEWAY=192.168.1.1
  PORT=GigabitEthernet0/1
  VLAN=untagged
  IMAGE=ftd-boot-9.9.2.0.cdisk
  CONFIG=
  LINKTIMEOUT=20
  PKTTIMEOUT=4
  RETRY=20

tftp ftd-boot-9.9.2.0.cdisk@192.168.1.1 via 192.168.1.1
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

<SNIP>

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Received 103845888 bytes   // IT TOOK AROUND 3-5 MINS TO FINISH THE TFTP TRANSFER

Launching TFTP Image...

Execute image at 0x14000
Cisco Security Appliance admin loader (3.0) #0: Sun Mar 25 17:31:57 PDT 2018
Platform ASA5515

Loading...
IO memory blocks requested from bigphys 32bit: 41217
INIT: version 2.88 booting
Starting udev
Configuring network interfaces... done.
Populating dev cache
Found device serial number FCH1704JABC.
Found USB flash drive /dev/sdb
Found hard drive(s):  /dev/sda
fsck from util-linux 2.23.2
dosfsck 2.11, 12 Mar 2005, FAT32, LFN
There are differences between boot sector and its backup.
Differences: (offset:original/backup)
  65:01/00
  Not automatically fixing this.
/dev/sdb1: 64 files, 40380/1951812 clusters
Launching boot CLI ...
Configuring network interface using DHCP
Bringing up network interface.
Depending on your network, this might take a couple of minutes when using DHCP...
ifup: interface lo already configured
IPv4 address not assigned. Run 'setup' before installation.
INIT: SwitchingStarting system message bus: dbus.
Starting OpenBSD Secure Shell server: sshd
  generating ssh RSA key...
  generating ssh ECDSA key...
  generating ssh DSA key...
done.
Starting Advanced Configuration and Power Interface daemon: acpid.
acpid: starting up

acpid: 1 rule loaded

acpid: waiting for events: event logging is off

Starting ntpd: done
Starting syslog-ng:.
Starting crond: OK


Issue the setup command to configure a temporary management IP address.

            Cisco FTD Boot 6.0.0 (9.9.2.)
              Type ? for list of commands
ciscoasa-boot>?
    show             => Display system information. Enter show ? for options
    system           => Control system operation
    setup            => System Setup Wizard
    support          => Support information for TAC
    delete           => Delete files
    ping             => Ping a host to check reachability
    traceroute       => Trace the route to a remote host
    exit             => Exit the session
    help             => Get help on command syntax
ciscoasa-boot>setup


                Welcome to Cisco FTD Setup
                  [hit Ctrl-C to abort]
                Default values are inside []

Enter a hostname [ciscoasa]:
ciscoasa
Do you want to configure IPv4 address on management interface?(y/n) [Y]:
Y
Do you want to enable DHCP for IPv4 address assignment on management interface?(y/n) [Y]: n
Enter an IPv4 address: 192.168.1.2
Enter the netmask: 255.255.255.0
Enter the gateway: 192.168.1.1
Do you want to configure static IPv6 address on management interface?(y/n) [N]:
N
Stateless autoconfiguration will be enabled for IPv6 addresses.
Enter the primary DNS server IP address: 8.8.8.8
Do you want to configure Secondary DNS Server? (y/n) [n]:
n
Do you want to configure Local Domain Name? (y/n) [n]:
n
Do you want to configure Search domains? (y/n) [n]:
n
Do you want to enable the NTP service? [Y]: n
Please review the final configuration:
Hostname:               ciscoasa
Management Interface Configuration

IPv4 Configuration:     static
        IP Address:     192.168.1.2
        Netmask:        255.255.255.0
        Gateway:        192.168.1.1

IPv6 Configuration:     Stateless autoconfiguration

DNS Configuration:
        DNS Server:
                        8.8.8.8

NTP configuration:      Disabled

CAUTION:
You have selected IPv6 stateless autoconfiguration, which assigns a global address
based on network prefix and a device identifier. Although this address is unlikely
to change, if it does change, the system will stop functioning correctly.
We suggest you use static addressing instead.

Apply the changes?(y,n) [Y]: <ENTER>
Y
Configuration saved successfully!
Applying...
Restarting network services...
Done.
Press ENTER to continue...
ciscoasa-boot>system install ftp://anonymous:anonymous@192.168.1.1/ftd-6.2.3-83.pkg

######################## WARNING ############################
# The content of disk0: will be erased during installation! #
#############################################################

Do you want to continue? [y/N] y
Erasing disk0 ...
Extracting   ...
Verifying    
Downloading   // FTP TRANSFER ONLY TOOK 5 MINS
Extracting...
Package Detail
        Description:                    Cisco ASA-FTD 6.2.3-83 System Install
        Requires reboot:                Yes

Do you want to continue with upgrade? [y]: <ENTER>
y
Warning: Please do not interrupt the process or turn off the system.
Doing so might leave system in unusable state.

Starting upgrade process ...    
Populating new system image... 

Reboot is required to complete the upgrade. Press 'Enter' to reboot the system.   <ENTER>

Broadcast message from root@ciscoasa (ttyS0) (Mon Jul 15 04:26:51 2019):

The system is going down for reboot NOW!
Stopping OpenBSD Secure Shell server: sshdstopped /usr/sbin/sshd (pid 1989)
.
Stopping Advanced Configuration and Power Interface daemon: stopped /usr/sbin/acpid (pid 1993)
acpid.
Stopping system message bus: dbus.
Stopping ntpd: start-stop-daemon: warning: killing process 1997: No such process
done
Stopping crond: OK
Deconfiguring network interfaces... done.
Sending all processes the TERM signal...
Sending all processes the KILL signal...
Deactivating swap...
Unmounting local filesystems...
Rebooting...


Use BREAK or ESC to interrupt boot.
Use SPACE to begin boot immediately.
                                               
Launching BootLoader...
Default configuration file contains 1 entry.

Searching / for images to boot.

Loading /os.img... Booting...
Platform ASA5515

Loading...
IO memory blocks requested from bigphys 32bit: 41217
INIT: version 2.88 booting
Starting udev
Configuring network interfaces... done.
Populating dev cache
Found device serial number FCH1704J32Q.
Found USB flash drive /dev/sdb
Found hard drive(s):  /dev/sda
fsck from util-linux 2.23.2
dosfsck 2.11, 12 Mar 2005, FAT32, LFN
/dev/sdb1: 5 files, 25395/1951767 clusters


==============================================
Use ESC to interrupt boot and launch boot CLI.
Use SPACE to launch Cisco FTD immediately.
Cisco FTD launch in 27 seconds ...
Running on saleenaprime
Mounting disk partitions ...
verify_fsic(start)
touch: cannot touch '/ngfw/var/log/sf/verify_file_integ.log': No such file or directory
/ngfw/usr/local/sf/bin/common_utils.sh: line 11: /ngfw/var/log/sf/verify_file_integ.log: No such file or directory
Running file integrity checks...
/ngfw/usr/local/sf/bin/common_utils.sh: line 11: /ngfw/var/log/sf/verify_file_integ.log: No such file or directory
FIPS mode is disabled. Skip verifying file integrity
Initializing Threat Defense ...                                       [  OK  ]
Starting system log daemon...                                         [  OK  ]
Disk free check passed, creating swap...
Building swapfile /ngfw/Volume/.swaptwo
1653404+0 records in
1653404+0 records out
1693085696 bytes (1.7 GB) copied, 4.07482 s, 415 MB/s
Setting up swapspace version 1, size = 1653400 KiB
no label, UUID=3e52110f-6b04-46ba-97ca-eb9ab5776dec
Adding swapfile /ngfw/Volume/.swaptwo
Flushing all current IPv4 rules and user defined chains: ...success
Clearing all current IPv4 rules and user defined chains: ...success
Applying iptables firewall rules:
Flushing chain `PREROUTING'
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Flushing chain `POSTROUTING'
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Applying rules successed
Flushing all current IPv6 rules and user defined chains: ...success
Clearing all current IPv6 rules and user defined chains: ...success
Applying ip6tables firewall rules:
Flushing chain `PREROUTING'
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Flushing chain `POSTROUTING'
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Applying rules successed
Starting nscd...
mkdir: created directory '/var/run/nscd'                              [  OK  ]
Starting , please wait...grep: /ngfw/etc/motd: No such file or directory
...complete.
Firstboot detected, executing scripts
Executing S01reset_failopen_if                                        [  OK  ]
Executing S01virtual-machine-reconfigure                              [  OK  ]
Executing S01z_copy_startup-config                                    [  OK  ]
Executing S02aws-pull-cfg                                             [  OK  ]
Executing S02configure_onbox                                          [  OK  ]
Executing S04fix-httpd.sh                                             [  OK  ]
Executing S05set-default-ipv4.pl                                      [  OK  ]
Executing S05set-mgmnt-port                                           [  OK  ]
Executing S06addusers                                                 [  OK  ]
Executing S07uuid-init                                                [  OK  ]
Executing S08configure_mysql                                          [  OK  ]

************ Attention *********

   Initializing the configuration database.  Depending on available
   system resources (CPU, memory, and disk), this may take 30 minutes
   or more to complete.

************ Attention *********

Executing S09database-init


<SNIP>

Executing 55recalculate_arc.pl                                        [  OK  ]
Starting xinetd:
Mon Jul 15 04:35:36 UTC 2019
Starting MySQL...
Pinging mysql
Pinging mysql, try 1
Found mysql is running
Running initializeObjects...
Stopping MySQL...
Killing mysqld with pid 22880
Wait for mysqld to exit\c
 done
Mon Jul 15 04:35:45 UTC 2019
Starting sfifd...                                                     [  OK  ]
Starting Cisco ASA5515-X Threat Defense, please wait...No PM running!
...started.
INIT: SwitchingStarting system message bus: dbus.
Starting OpenBSD Secure Shell server: sshd
  generating ssh RSA key...
  generating ssh ECDSA key...
  generating ssh DSA key...
done.
Starting Advanced Configuration and Power Interface daemon: acpid.
Starting crond: OK
Jul 15 04:35:50 ciscoasa SF-IMS[23291]: [23291] init script:system [INFO] pmmon Setting affinity to 1...
pid 23287's current affinity list: 0,1,3
pid 23287's new affinity list: 1
Jul 15 04:35:50 ciscoasa SF-IMS[23293]: [23293] init script:system [INFO] pmmon The Process Manager is not running...
Jul 15 04:35:50 ciscoasa SF-IMS[23294]: [23294] init script:system [INFO] pmmon Starting the Process Manager...
Jul 15 04:35:50 ciscoasa SF-IMS[23295]: [23295] pm:pm [INFO] Using model number 75F

Cisco ASA5515-X Threat Defense v6.2.3 (build 83)
ciscoasa login: IO Memory Nodes: 1
IO Memory Per Node: 169869312 bytes

Global Reserve Memory Per Node: 509607936 bytes Nodes=1

LCMB: got 169869312 bytes on numa-id=0, phys=0x1a8800000, virt=0x2aaab9400000
LCMB: HEAP-CACHE POOL got 507510784 bytes on numa-id=0, virt=0x2b24e1600000
Processor memory:   4368614566
POST started...
POST finished, result is 0 (hint: 1 means it failed)

Compiled on Sun 25-Mar-18 17:49 PDT by builders
SSL Hardware Offload is NOT Enabled

Total NICs found: 11
i82574L rev00 Gigabit Ethernet @ irq10 dev 0 index 06 MAC: b0fa.eb97.72cb
i82574L rev00 Gigabit Ethernet @ irq10 dev 0 index 05 MAC: b0fa.eb97.72ce
i82574L rev00 Gigabit Ethernet @ irq05 dev 0 index 04 MAC: b0fa.eb97.72ca
i82574L rev00 Gigabit Ethernet @ irq05 dev 0 index 03 MAC: b0fa.eb97.72cd
i82574L rev00 Gigabit Ethernet @ irq10 dev 0 index 02 MAC: b0fa.eb97.72c9
i82574L rev00 Gigabit Ethernet @ irq10 dev 0 index 01 MAC: b0fa.eb97.72cc
i82574L rev00 Gigabit Ethernet @ irq11 dev 0 index 00 MAC: b0fa.eb97.72c8
en_vtun rev00 Backplane Control Interface  @ index 07 MAC: 0000.0001.0001
en_vtun rev00 Backplane Int-Mgmt Interface     @ index 08 MAC: 0000.0001.0003
en_vtun rev00 Backplane Ext-Mgmt Interface     @ index 09 MAC: 0000.0000.0000
en_vtun rev00 Backplane Tap Interface     @ index 10 MAC: 0000.0100.0001
WARNING: Attribute already exists in the dictionary.
WARNING: Attribute already exists in the dictionary.

INFO: Unable to read firewall mode from flash
       Writing default firewall mode (single) to flash

INFO: Unable to read cluster interface-mode from flash
        Writing default mode "None" to flash
Encryption hardware device : Cisco ASA Crypto on-board accelerator (revision 0x1)
                             Boot microcode        : CNPx-MC-BOOT-2.00
                             SSL/IKE microcode     : CNPx-MC-SSL-SB-PLUS-0005
                             IPSec microcode       : CNPx-MC-IPSEC-MAIN-0026

  ****************************** Warning *******************************
  This product contains cryptographic features and is
  subject to United States and local country laws
  governing, import, export, transfer, and use.
  Delivery of Cisco cryptographic products does not
  imply third-party authority to import, export,
  distribute, or use encryption. Importers, exporters,
  distributors and users are responsible for compliance
  with U.S. and local country laws. By using this
  product you agree to comply with applicable laws and
  regulations. If you are unable to comply with U.S.
  and local laws, return the enclosed items immediately.

  A summary of U.S. laws governing Cisco cryptographic
  products may be found at:

  If you require further assistance please contact us by
  sending email to export@cisco.com.
  ******************************* Warning *******************************

Copyright (c) 1996-2017 by Cisco Systems, Inc.

                Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

                Cisco Systems, Inc.
                170 West Tasman Drive
                San Jose, California 95134-1706

Reading from flash...
!
Cryptochecksum (changed): 7df5bae1 c22d3ae2 e93edd07 2fe86d77

INFO: Power-On Self-Test in process.
.......................................................................
INFO: Power-On Self-Test complete.

INFO: Starting HW-DRBG health test...
INFO: HW-DRBG health test passed.

INFO: Starting SW-DRBG health test...
INFO: SW-DRBG health test passed.
User enable_1 logged in to firepower   
Logins over the last 1 days: 1. 
Failed logins since the last login: 0. 
Type help o '?' for a list
Cisco ASA5515-X Threat Defense v6.2.3 (build 83)   // FTD FINISHED INITIALIZING IN 7-10 MINS
firepower login: admin
Password:  <Admin123>

Copyright 2004-2018, Cisco and/or its affiliates. All rights reserved.
Cisco is a registered trademark of Cisco Systems, Inc.
All other trademarks are property of their respective owners.

Cisco Fire Linux OS v6.2.3 (build 13)
Cisco ASA5515-X Threat Defense v6.2.3 (build 83)

You must accept the EULA to continue.
Press <ENTER> to display the EULA:  <ENTER>
End User License Agreement

Effective: May 22, 2017

This is an agreement between You and Cisco Systems, Inc. or its affiliates
("Cisco") and governs your Use of Cisco Software. "You" and "Your" means the
individual or legal entity licensing the Software under this EULA. "Use" or
"Using" means to download, install, activate, access or otherwise use the
Software. "Software" means the Cisco computer programs and any Upgrades made
available to You by an Approved Source and licensed to You by Cisco.
"Documentation" is the Cisco user or technical manuals, training materials,
specifications or other documentation applicable to the Software and made
available to You by an Approved Source. "Approved Source" means (i) Cisco or
(ii) the Cisco authorized reseller, distributor or systems integrator from whom
you acquired the Software. "Entitlement" means the license detail; including
license metric, duration, and quantity provided in a product ID (PID) published
on Cisco's price list, claim certificate or right to use notification.
"Upgrades" means all updates, upgrades, bug fixes, error corrections,
enhancements and other modifications to the Software and backup copies thereof.

This agreement, any supplemental license terms and any specific product terms
at www.cisco.com/go/softwareterms (collectively, the "EULA") govern Your Use of
the Software.

<SNIP>

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco
and/or its affiliates in the U.S. and other countries. To view a list of Cisco
trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks
mentioned are the property of their respective owners. The use of the word
partner does not imply a partnership relationship between Cisco and any other
company. (1110R)

Please enter 'YES' or press <ENTER> to AGREE to the EULA:  <ENTER>

System initialization in progress.  Please stand by. 
You must change the password for 'admin' to continue.
Enter new password:  <cisco123>
Confirm new password:  <cisco123>
You must configure the network to continue.
You must configure at least one of IPv4 or IPv6.
Do you want to configure IPv4? (y/n) [y]:
Do you want to configure IPv6? (y/n) [n]:
Configure IPv4 via DHCP or manually? (dhcp/manual) [manual]:
Enter an IPv4 address for the management interface [192.168.45.45]: 192.168.1.2
Enter an IPv4 netmask for the management interface [255.255.255.0]:
Enter the IPv4 default gateway for the management interface [data-interfaces]: 192.168.1.1   // I MOVED THE PATCH CABLE FROM ASA G0/1 TO MGMT INTERFACE
Enter a fully qualified hostname for this system [firepower]:
Enter a comma-separated list of DNS servers or 'none' [208.67.222.222,208.67.220.220]:
Enter a comma-separated list of search domains or 'none' []:
If your networking information has changed, you will need to reconnect.
DHCP Server Disabled
The DHCP server has been disabled. You may re-enable with configure network ipv4 dhcp-server-enable
For HTTP Proxy configuration, run 'configure network http-proxy'

Manage the device locally? (yes/no) [yes]:  <ENTER>    // VIA FIREPOWER DEVICE MANAGEMENT (FDM); FTD CLI configure manager local
Configuring firewall mode to routed

Update policy deployment information
    - add device configuration
Successfully performed firstboot initial configuration steps for Firepower Device Manager for Firepower Threat Defense.

>    // TYPE ? TO SHOW AVAILABLE COMMANDS
  aaa-server           Specify a AAA server
  app-agent            Configure appagent features
  asdm                 Disconnect a specific ASDM session
  asp                  Configure ASP parameters
  blocks               Set block diagnostic parameters
  capture              Capture inbound and outbound packets on one or more interfaces
  capture-traffic      Display traffic or save to specified file
  cd                   Change current directory
  clear                Reset functions
  cluster              Cluster exec mode commands
  configure            Change to Configuration mode
  copy                 Copy from one file to another
  cpu                  general CPU stats collection tools
  crashinfo            Crash information
  crypto               Execute crypto Commands
  debug                Debugging functions (see also 'undebug')
  delete               Delete a file
  dir                  List files on a filesystem
  dns                  Update FQDN IP addresses
  downgrade            Downgrade the file system and reboot
  eject                Eject a device
  eotool               Change to Enterprise Object Tool Mode
  erase                Erase a filesystem
  exit                 Exit this CLI session
  expert               Invoke a shell
  failover             Perform failover operation in Exec mode
  file                 Change to File Mode
  format               Format a filesystem
  fsck                 Filesystem check
  help                 Interactive help for commands
  history              Display the current session's command line history
  kill                 Terminate a telnet session
  ldapsearch           Test LDAP configuration
  logging              Configure flash file name to save logging buffer
  logout               Logout of the current CLI session
  memory               Memory tools
  mkdir                Create new directory
  more                 Display the contents of a file
  no                   Negate a command or set its defaults
  nslookup             Look up an IP address or host name with the DNS servers
  packet-tracer        trace packets in F1 data path
  perfmon              Change or view performance monitoring options
  pigtail              Tail log files for debugging (pigtail)
  ping                 Test connectivity from specified interface to an IP address
  pmtool               Change to PMTool Mode
  pwd                  Display current working directory
  reboot               Reboot the sensor
  redundant-interface  Redundant interface
  rename               Rename a file
  rmdir                Remove existing directory
  sftunnel-status      Show sftunnel status
  show                 Show running system information
  shun                 Manages the filtering of packets from undesired hosts
  shutdown             Shutdown the sensor
  system               Change to System Mode
  tail-logs            Tails the logs selected by the user
  test                 Test subsystems, memory, interfaces, and configurations
  traceroute           Find route to remote network
  undebug              Disable debugging functions (see also 'debug')
  verify               Verify a file
  vpn-sessiondb        Configure the VPN Session Manager
  webvpn-cache         Remove cached object
  write                Write running configuration to memory, network, or terminal


> show managers
Managed locally.
 
> write
  net       Save the active configuration to the tftp server
  terminal  Display the current active configuration
  <cr>     

> write
Building configuration...
Cryptochecksum: 93493ab2 ef76c1de 8cd464fe 3ae95459

3795 bytes copied in 0.770 secs
[OK]


Access FDM via HTTPS to 192.168.1.2. In Mozilla Firefox web browser, click Advanced > Accept the Risk and Continue.