Firepower Threat Defense (FTD
Cisco’s Firepower Threat Defense (FTD) is a threat-focused Next Generation Firewall (NGFW), which is purpose built to get granular application control, while protecting against malware and providing insight into and control over threats and vulnerabilities. It helps shrink time to detection and remediation and reduces complexity with a single management interface.
Talking about management interfaces, there are 2 options available to manage your FTD:
1. Firepower Device Manager
2. Firepower Management Center
Firepower Device Manager (FDM)
Firepower Device Manager (FDM)is a web-based local manager. Users only have to point their browser at the firewall in order to configure and manage the device. The FDM provides firewall management through a thin client. It does not include Java in its design.
The Firepower Device Manager (FDM):
* Simplifies the initial setup of the device through a guided workflow. You are asked a series of
questions about such things as the interface you use to connect to the Internet, your preferred DNS settings, and your NTP server.
* Provides the ability to configure an access rule in a single interface page. You list the source and destination, the applications you want to control, the URLs to be included or excluded, and the intrusion and file policies you want applied.
* Helps users understand the system more easily with visual representations of configured access rules.
* Delivers easy-to-grasp system monitoring reports. In a single screen, green represents good,
red represents bad, and gray identifies things that have not been configured.
The FDM management option is available only for low to mid-range next-generation firewall devices.
FDM lets you configure the basic features of the software that are most commonly used for small networks. It is especially designed for networks that include a single device or just a few, where you do not want to use a high-powered multiple-device manager to control a large network containing many Firepower Threat Defense devices.
Firepower Management Center (FMC)
If you are managing large numbers of devices, or if you want to use the more complex features and
configurations that FTD allows, use Firepower Management Center (FMC) to configure your devices instead of the integrated Firepower Device Manager. The FMC provides complete and unified management over firewalls, application control, intrusion prevention, URL filtering, and advanced malware protection.
Some of the salient features of FMC include:
* Centralized Management - It’s easier than ever to manage events and policy for these network security solutions: Firepower Next-Generation Firewall (NGFW), ASA with FirePOWER Services, Firepower NGIPS, FirePOWER Threat Defense for ISR, and Advanced Malware Protection (AMP).
* Visibility - See the users, hosts, applications, files, mobile devices, virtual environments, threats, and vulnerabilities that exist in your constantly changing network. Because you can’t protect what you can’t see.
* Real-time threat management - Control access to your network, control application use, and defend against known attacks. Use AMP and sandboxing technologies to address unknown attacks and track malware infections through your network.
* Security Automation - The management center automatically correlates security events with the vulnerabilities in your environment. It prioritizes attacks so your team can easily see which events they need to investigate first. And it recommends the security policies to put in place.
The ASA-to-FTD and vice versa re-image procedure can be found on this Cisco guide.
I had a spare Cisco ASA5515-X firewall with SSD that I wanted to convert to Firepower Threat Defense (FTD) in order to get hands on. There are several things needed before reimaging the ASA firewall to FTD. The procedure is similar to reimaging an ASA FirePower module. You can refer to this Cisco link for the steps and some caveats.
1) These are the supported ASA 5500-X platforms that can be converted to FTD:
ASA 5506-X, 5506W-X, and 5506H-X (FTD 6.2.3 and earlier only)
ASA 5508-X
ASA 5512-X (FTD 6.2.3 and earlier only)
ASA 5515-X
ASA 5516-X
ASA 5525-X
ASA 5545-X
ASA 5555-X
2) The ASA ROMMON version must be 1.1.8 or above in order to perform FTD conversion. You can download the ASA 5500-X ROMMON Software from this link.
Verify the ROMMON version by issuing a show module command. I don't need to upgrade since it's on 2.1(9)8.
3) The FTD OS would require at least 3 GB and one of the requirement is to install a Solid State Drive (SSD) on the ASA. The ASA usually has a 4 GB flash space (disk0:) but it might not be enough whenever doing an OS upgrade, storing AnyConnect files, etc.
4) Perform a backup on the ASA config and activation-key (feature license).
ciscoasa# show activation-key ?
detail Show activation-key details
| Output modifiers
<cr>
ciscoasa# show activation-key detail
Serial Number: JAD20080ABC
Running Permanent Activation Key: 0xf319c753 0x9c0e6651 0xbc534174 0x87548123 0x04191456
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 5 perpetual
Inside Hosts : Unlimited perpetual
Failover : Disabled perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Carrier : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 10 perpetual
Total VPN Peers : 12 perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
Shared License : Disabled perpetual
Total TLS Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Cluster : Disabled perpetual
This platform has a Base license.
Running Permanent Activation Key: 0xf319c753 0x9c0e6651 0xbc534174 0x87548123 0x04191456
Licensed permanent key features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 5 perpetual
Inside Hosts : Unlimited perpetual
Failover : Disabled perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Carrier : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 10 perpetual
Total VPN Peers : 12 perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
Shared License : Disabled perpetual
Total TLS Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Cluster : Disabled perpetual
The flash permanent activation key is the SAME as the running permanent key.
I've skipped the step on keeping an ASA config and activation-key backup since I don't plan on rolling back to an ASA image.
5) Download the FTD boot image and software install package. Note the difference of the FTD boot image between the smaller platform, i.e. ASA 5506-X (.lfbff) versus the high-end platform, i.e. ASA 5515-X (.cdisk) and above.
You can download the FTD image files from the Cisco download website. Click on Firepower Threat Defense (FTD) Software.
The TAC recommended (with golden star or badge) FTD Software is 6.2.3.13 patch (as of this writing).
So I went for FTD 6.2.3 Software code and downloaded these files:
ftd-boot-9.9.2.0.cdisk
ftd-6.2.3-83.pkg
Reload the ASA using the reload command enter ROMMON mode by hitting the ESC key.
Configure a temporary IP addresses and TFTP server to boot the FTD boot image.
Issue the setup command to configure a temporary management IP address.
<SNIP>
Cisco’s Firepower Threat Defense (FTD) is a threat-focused Next Generation Firewall (NGFW), which is purpose built to get granular application control, while protecting against malware and providing insight into and control over threats and vulnerabilities. It helps shrink time to detection and remediation and reduces complexity with a single management interface.
Talking about management interfaces, there are 2 options available to manage your FTD:
1. Firepower Device Manager
2. Firepower Management Center
Firepower Device Manager (FDM)
Firepower Device Manager (FDM)is a web-based local manager. Users only have to point their browser at the firewall in order to configure and manage the device. The FDM provides firewall management through a thin client. It does not include Java in its design.
The Firepower Device Manager (FDM):
* Simplifies the initial setup of the device through a guided workflow. You are asked a series of
questions about such things as the interface you use to connect to the Internet, your preferred DNS settings, and your NTP server.
* Provides the ability to configure an access rule in a single interface page. You list the source and destination, the applications you want to control, the URLs to be included or excluded, and the intrusion and file policies you want applied.
* Helps users understand the system more easily with visual representations of configured access rules.
* Delivers easy-to-grasp system monitoring reports. In a single screen, green represents good,
red represents bad, and gray identifies things that have not been configured.
The FDM management option is available only for low to mid-range next-generation firewall devices.
FDM lets you configure the basic features of the software that are most commonly used for small networks. It is especially designed for networks that include a single device or just a few, where you do not want to use a high-powered multiple-device manager to control a large network containing many Firepower Threat Defense devices.
Firepower Management Center (FMC)
If you are managing large numbers of devices, or if you want to use the more complex features and
configurations that FTD allows, use Firepower Management Center (FMC) to configure your devices instead of the integrated Firepower Device Manager. The FMC provides complete and unified management over firewalls, application control, intrusion prevention, URL filtering, and advanced malware protection.
Some of the salient features of FMC include:
* Centralized Management - It’s easier than ever to manage events and policy for these network security solutions: Firepower Next-Generation Firewall (NGFW), ASA with FirePOWER Services, Firepower NGIPS, FirePOWER Threat Defense for ISR, and Advanced Malware Protection (AMP).
* Visibility - See the users, hosts, applications, files, mobile devices, virtual environments, threats, and vulnerabilities that exist in your constantly changing network. Because you can’t protect what you can’t see.
* Real-time threat management - Control access to your network, control application use, and defend against known attacks. Use AMP and sandboxing technologies to address unknown attacks and track malware infections through your network.
* Security Automation - The management center automatically correlates security events with the vulnerabilities in your environment. It prioritizes attacks so your team can easily see which events they need to investigate first. And it recommends the security policies to put in place.
The ASA-to-FTD and vice versa re-image procedure can be found on this Cisco guide.
I had a spare Cisco ASA5515-X firewall with SSD that I wanted to convert to Firepower Threat Defense (FTD) in order to get hands on. There are several things needed before reimaging the ASA firewall to FTD. The procedure is similar to reimaging an ASA FirePower module. You can refer to this Cisco link for the steps and some caveats.
1) These are the supported ASA 5500-X platforms that can be converted to FTD:
ASA 5506-X, 5506W-X, and 5506H-X (FTD 6.2.3 and earlier only)
ASA 5508-X
ASA 5512-X (FTD 6.2.3 and earlier only)
ASA 5515-X
ASA 5516-X
ASA 5525-X
ASA 5545-X
ASA 5555-X
2) The ASA ROMMON version must be 1.1.8 or above in order to perform FTD conversion. You can download the ASA 5500-X ROMMON Software from this link.
Verify the ROMMON version by issuing a show module command. I don't need to upgrade since it's on 2.1(9)8.
ciscoasa#
show module
Mod Card Type Model Serial No.
----
-------------------------------------------- ------------------ -----------
0 ASA 5515-X with SW, 6 GE Data, 1 GE Mgmt,
AC ASA5515 FCH1704JABC
ips Unknown N/A FCH1704JABC
cxsc
Unknown
N/A FCH1704JABC
sfr Unknown N/A FCH1704JABC
Mod MAC Address Range Hw Version Fw Version
Sw Version
----
--------------------------------- ------------ ------------ ---------------
0 b0fa.eb97.72c8 to b0fa.eb97.72cf 1.0
2.1(9)8 9.5(2)2
ips b0fa.eb97.72c6 to b0fa.eb97.72c6 N/A
N/A
cxsc
b0fa.eb97.72c6 to b0fa.eb97.72c6
N/A N/A
sfr b0fa.eb97.72c6 to b0fa.eb97.72c6 N/A
N/A
Mod SSM Application Name Status SSM Application Version
----
------------------------------ ---------------- --------------------------
ips Unknown No Image Present Not
Applicable
cxsc
Unknown No Image
Present Not Applicable
sfr Unknown No Image Present Not
Applicable
Mod Status Data Plane Status Compatibility
----
------------------ --------------------- -------------
0 Up Sys Not Applicable
ips Unresponsive Not Applicable
cxsc
Unresponsive Not Applicable
sfr Unresponsive Not Applicable
Mod License Name
License Status Time Remaining
----
-------------- --------------- ---------------
ips IPS Module Disabled perpetual
3) The FTD OS would require at least 3 GB and one of the requirement is to install a Solid State Drive (SSD) on the ASA. The ASA usually has a 4 GB flash space (disk0:) but it might not be enough whenever doing an OS upgrade, storing AnyConnect files, etc.
ciscoasa#
show inventory
Name:
"Chassis", DESCR: "ASA 5515-X with SW, 6 GE Data, 1 GE Mgmt,
AC"
PID:
ASA5515 , VID: V01 , SN: FGL17074ABC
Name: "Storage Device 1", DESCR:
"Micron 128 GB SSD MLC, Model Number: C400-MTFDDAC128MAM"
PID: N/A , VID: N/A , SN: MSA18230XYZ
4) Perform a backup on the ASA config and activation-key (feature license).
ciscoasa#
backup
[Press
return to continue or enter a backup location]:disk0:
No
filename provided! Using default ASA5515-X.backup.2019-07-15-200755.tar.gz // TRANSFER TO EXTERNAL FTP/TFTP SERVER
Begin
backup ...
Backing
up [ASA Version] ... Done!
Backing
up [Running Configurations] ... Done!
Backing
up [Startup Configurations] ... Done!
Backing
up [WebVPN Data] ... Done!
Compressing
the backup directory ... Done!
Copying
Backup ... Done!
Cleaning
up ... Done!
Backup
finished!
ciscoasa# show activation-key ?
detail Show activation-key details
| Output modifiers
<cr>
ciscoasa# show activation-key detail
Serial Number: JAD20080ABC
Running Permanent Activation Key: 0xf319c753 0x9c0e6651 0xbc534174 0x87548123 0x04191456
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 5 perpetual
Inside Hosts : Unlimited perpetual
Failover : Disabled perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Carrier : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 10 perpetual
Total VPN Peers : 12 perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
Shared License : Disabled perpetual
Total TLS Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Cluster : Disabled perpetual
This platform has a Base license.
Running Permanent Activation Key: 0xf319c753 0x9c0e6651 0xbc534174 0x87548123 0x04191456
Licensed permanent key features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 5 perpetual
Inside Hosts : Unlimited perpetual
Failover : Disabled perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Carrier : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 10 perpetual
Total VPN Peers : 12 perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
Shared License : Disabled perpetual
Total TLS Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Cluster : Disabled perpetual
The flash permanent activation key is the SAME as the running permanent key.
I've skipped the step on keeping an ASA config and activation-key backup since I don't plan on rolling back to an ASA image.
5) Download the FTD boot image and software install package. Note the difference of the FTD boot image between the smaller platform, i.e. ASA 5506-X (.lfbff) versus the high-end platform, i.e. ASA 5515-X (.cdisk) and above.
You can download the FTD image files from the Cisco download website. Click on Firepower Threat Defense (FTD) Software.
The TAC recommended (with golden star or badge) FTD Software is 6.2.3.13 patch (as of this writing).
So I went for FTD 6.2.3 Software code and downloaded these files:
ftd-boot-9.9.2.0.cdisk
ftd-6.2.3-83.pkg
Reload the ASA using the reload command enter ROMMON mode by hitting the ESC key.
Use BREAK or ESC to interrupt boot.
Use SPACE
to begin boot immediately.
Boot
in 10 seconds.
Configure a temporary IP addresses and TFTP server to boot the FTD boot image.
rommon
#0> interface gigabitethernet0/1 // MY LAPTOP LAN CONNECTS TO ASA G0/1
GigabitEthernet0/1
Link is DOWN
MAC
Address: b0fa.eb97.72c9
rommon
#1> address 192.168.1.2
rommon
#2> netmask 255.255.255.0 // I SUSPECT 192.168.1.0 DEFAULTS
TO A /24 NETMASK
Invalid
or incorrect command. Use 'help' for
help.
rrommon
#2> help
Variables: Use "sync" to store in NVRAM
ADDRESS= <addr> local IP address
CONFIG= <name> config file path/name
GATEWAY= <addr> gateway IP address
IMAGE= <name> image file path/name
LINKTIMEOUT=
<num> Link UP timeout (seconds)
PKTTIMEOUT= <num>
packet timeout (seconds)
PORT= <name> ethernet interface port
RETRY= <num> Packet Retry Count (Ping/TFTP)
SERVER= <addr> server IP address
VLAN= <num> enable/disable DOT1Q tagging on the selected
port
Commands:
? valid command list
address <addr>
local IP address
boot <args> boot an image, valid args are:
- "image file spec" and/or
- "cfg=<config file spec>"
clear clear interface statistics
confreg <value> set hex configuration register
dev display platform interface
devices
erase <arg> erase storage media
file <name> application image file path/name
gateway <addr>
gateway IP address
gdb <cmd> edit image gdb settings
help valid command list
history display command history
interface
<name> ethernet interface port
no <feat> clear feature settings
ping <addr> send ICMP echo
reboot halt and reboot system
reload halt and reboot system
repeat <arg> repeat previous command, valid arguments:
- no arg: repeat last command
- number: index into command history table
- string: most recent 1st arg match in
command history table
reset halt and reboot system
server <addr> server IP address
set display all variable settings
show <cmd> display cmd-specific information
sync save variable settings in NVRAM
tftpdnld TFTP download
timeout <num>
packet timeout (seconds)
trace toggle packet tracing
unset <varname> unset a variable name
rommon
#3> server 192.168.1.1 // MY PC IS RUNNING A TFTP APPLICATION
rommon
#4> gateway 192.168.1.1
rommon
#5> file ftd-boot-9.9.2.0.cdisk
rommon
#6> set
ROMMON
Variable Settings:
ADDRESS=192.168.1.2
SERVER=192.168.1.1
GATEWAY=192.168.1.1
PORT=GigabitEthernet0/1
VLAN=untagged
IMAGE=ftd-boot-9.9.2.0.cdisk
CONFIG=
LINKTIMEOUT=20
PKTTIMEOUT=4
RETRY=20
rommon
#7> sync
Updating
NVRAM Parameters...
rommon
#8> ping 192.168.1.1
Link State is Down // I CHANGED MY PATCH CABLE
rommon
#9> ping 192.168.1.1
Sending
20, 100-byte ICMP Echoes to 192.168.1.1, timeout is 4 seconds:
?!!!!!!!!!!!!!!!!!!!
Success
rate is 95 percent (19/20)
rommon
#10> ping 192.168.1.1
Sending
20, 100-byte ICMP Echoes to 192.168.1.1, timeout is 4 seconds:
!!!!!!!!!!!!!!!!!!!!
Success
rate is 100 percent (20/20)
rommon
#11> tftpdnld
ROMMON
Variable Settings:
ADDRESS=192.168.1.2
SERVER=192.168.1.1
GATEWAY=192.168.1.1
PORT=GigabitEthernet0/1
VLAN=untagged
IMAGE=ftd-boot-9.9.2.0.cdisk
CONFIG=
LINKTIMEOUT=20
PKTTIMEOUT=4
RETRY=20
tftp
ftd-boot-9.9.2.0.cdisk@192.168.1.1 via 192.168.1.1
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
<SNIP>
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Received
103845888 bytes // IT TOOK AROUND 3-5
MINS TO FINISH THE TFTP TRANSFER
Launching
TFTP Image...
Execute
image at 0x14000
Cisco
Security Appliance admin loader (3.0) #0: Sun Mar 25 17:31:57 PDT 2018
Platform
ASA5515
Loading...
IO memory
blocks requested from bigphys 32bit: 41217
INIT:
version 2.88 booting
Starting
udev
Configuring
network interfaces... done.
Populating
dev cache
Found
device serial number FCH1704JABC.
Found USB
flash drive /dev/sdb
Found
hard drive(s): /dev/sda
fsck from
util-linux 2.23.2
dosfsck
2.11, 12 Mar 2005, FAT32, LFN
There are
differences between boot sector and its backup.
Differences:
(offset:original/backup)
65:01/00
Not automatically fixing this.
/dev/sdb1:
64 files, 40380/1951812 clusters
Launching
boot CLI ...
Configuring
network interface using DHCP
Bringing
up network interface.
Depending
on your network, this might take a couple of minutes when using DHCP...
ifup:
interface lo already configured
IPv4
address not assigned. Run 'setup' before installation.
INIT:
SwitchingStarting system message bus: dbus.
Starting
OpenBSD Secure Shell server: sshd
generating ssh RSA key...
generating ssh ECDSA key...
generating ssh DSA key...
done.
Starting
Advanced Configuration and Power Interface daemon: acpid.
acpid:
starting up
acpid: 1
rule loaded
acpid:
waiting for events: event logging is off
Starting
ntpd: done
Starting
syslog-ng:.
Starting
crond: OK
Issue the setup command to configure a temporary management IP address.
Cisco FTD Boot 6.0.0 (9.9.2.)
Type ? for list of commands
ciscoasa-boot>?
show => Display system information.
Enter show ? for options
system => Control system operation
setup => System Setup Wizard
support => Support information for TAC
delete => Delete files
ping => Ping a host to check
reachability
traceroute => Trace the route to a remote host
exit => Exit the session
help => Get help on command syntax
ciscoasa-boot>setup
Welcome to Cisco FTD Setup
[hit Ctrl-C to abort]
Default values are inside []
Enter a
hostname [ciscoasa]:
ciscoasa
Do you
want to configure IPv4 address on management interface?(y/n) [Y]:
Y
Do you
want to enable DHCP for IPv4 address assignment on management interface?(y/n)
[Y]: n
Enter an
IPv4 address: 192.168.1.2
Enter the
netmask: 255.255.255.0
Enter the
gateway: 192.168.1.1
Do you
want to configure static IPv6 address on management interface?(y/n) [N]:
N
Stateless
autoconfiguration will be enabled for IPv6 addresses.
Enter the
primary DNS server IP address: 8.8.8.8
Do you
want to configure Secondary DNS Server? (y/n) [n]:
n
Do you
want to configure Local Domain Name? (y/n) [n]:
n
Do you
want to configure Search domains? (y/n) [n]:
n
Do you
want to enable the NTP service? [Y]: n
Please
review the final configuration:
Hostname: ciscoasa
Management
Interface Configuration
IPv4
Configuration: static
IP Address: 192.168.1.2
Netmask: 255.255.255.0
Gateway: 192.168.1.1
IPv6
Configuration: Stateless
autoconfiguration
DNS
Configuration:
DNS Server:
8.8.8.8
NTP
configuration: Disabled
CAUTION:
You have
selected IPv6 stateless autoconfiguration, which assigns a global address
based on
network prefix and a device identifier. Although this address is unlikely
to
change, if it does change, the system will stop functioning correctly.
We
suggest you use static addressing instead.
Apply the
changes?(y,n) [Y]: <ENTER>
Y
Configuration
saved successfully!
Applying...
Restarting
network services...
Done.
Press
ENTER to continue...
ciscoasa-boot>system install ftp://anonymous:anonymous@192.168.1.1/ftd-6.2.3-83.pkg
########################
WARNING ############################
# The
content of disk0: will be erased during installation! #
#############################################################
Do you
want to continue? [y/N] y
Erasing
disk0 ...
Extracting ...
Verifying
Downloading // FTP TRANSFER ONLY TOOK 5 MINS
Extracting...
Package
Detail
Description: Cisco ASA-FTD 6.2.3-83
System Install
Requires reboot: Yes
Do you
want to continue with upgrade? [y]: <ENTER>
y
Warning:
Please do not interrupt the process or turn off the system.
Doing so
might leave system in unusable state.
Starting
upgrade process ...
Populating
new system image...
Reboot is
required to complete the upgrade. Press 'Enter' to reboot the system. <ENTER>
Broadcast
message from root@ciscoasa (ttyS0) (Mon Jul 15 04:26:51 2019):
The
system is going down for reboot NOW!
Stopping
OpenBSD Secure Shell server: sshdstopped /usr/sbin/sshd (pid 1989)
.
Stopping
Advanced Configuration and Power Interface daemon: stopped /usr/sbin/acpid (pid
1993)
acpid.
Stopping
system message bus: dbus.
Stopping
ntpd: start-stop-daemon: warning: killing process 1997: No such process
done
Stopping
crond: OK
Deconfiguring
network interfaces... done.
Sending
all processes the TERM signal...
Sending
all processes the KILL signal...
Deactivating
swap...
Unmounting
local filesystems...
Rebooting...
Use BREAK
or ESC to interrupt boot.
Use SPACE
to begin boot immediately.
Launching
BootLoader...
Default
configuration file contains 1 entry.
Searching
/ for images to boot.
Loading
/os.img... Booting...
Platform
ASA5515
Loading...
IO memory
blocks requested from bigphys 32bit: 41217
INIT:
version 2.88 booting
Starting
udev
Configuring
network interfaces... done.
Populating
dev cache
Found
device serial number FCH1704J32Q.
Found USB
flash drive /dev/sdb
Found
hard drive(s): /dev/sda
fsck from
util-linux 2.23.2
dosfsck
2.11, 12 Mar 2005, FAT32, LFN
/dev/sdb1:
5 files, 25395/1951767 clusters
==============================================
Use ESC
to interrupt boot and launch boot CLI.
Use SPACE
to launch Cisco FTD immediately.
Cisco FTD
launch in 27 seconds ...
Running
on saleenaprime
Mounting
disk partitions ...
verify_fsic(start)
touch:
cannot touch '/ngfw/var/log/sf/verify_file_integ.log': No such file or
directory
/ngfw/usr/local/sf/bin/common_utils.sh:
line 11: /ngfw/var/log/sf/verify_file_integ.log: No such file or directory
Running
file integrity checks...
/ngfw/usr/local/sf/bin/common_utils.sh:
line 11: /ngfw/var/log/sf/verify_file_integ.log: No such file or directory
FIPS mode
is disabled. Skip verifying file integrity
Initializing
Threat Defense ... [ OK ]
Starting
system log daemon... [ OK ]
Disk free
check passed, creating swap...
Building
swapfile /ngfw/Volume/.swaptwo
1653404+0
records in
1653404+0
records out
1693085696
bytes (1.7 GB) copied, 4.07482 s, 415 MB/s
Setting
up swapspace version 1, size = 1653400 KiB
no label,
UUID=3e52110f-6b04-46ba-97ca-eb9ab5776dec
Adding
swapfile /ngfw/Volume/.swaptwo
Flushing
all current IPv4 rules and user defined chains: ...success
Clearing
all current IPv4 rules and user defined chains: ...success
Applying
iptables firewall rules:
Flushing
chain `PREROUTING'
Flushing
chain `INPUT'
Flushing
chain `FORWARD'
Flushing
chain `OUTPUT'
Flushing
chain `POSTROUTING'
Flushing
chain `INPUT'
Flushing
chain `FORWARD'
Flushing
chain `OUTPUT'
Applying
rules successed
Flushing
all current IPv6 rules and user defined chains: ...success
Clearing
all current IPv6 rules and user defined chains: ...success
Applying
ip6tables firewall rules:
Flushing
chain `PREROUTING'
Flushing
chain `INPUT'
Flushing
chain `FORWARD'
Flushing
chain `OUTPUT'
Flushing
chain `POSTROUTING'
Flushing
chain `INPUT'
Flushing
chain `FORWARD'
Flushing
chain `OUTPUT'
Applying
rules successed
Starting
nscd...
mkdir:
created directory '/var/run/nscd' [ OK ]
Starting
, please wait...grep: /ngfw/etc/motd: No such file or directory
...complete.
Firstboot
detected, executing scripts
Executing
S01reset_failopen_if [ OK ]
Executing
S01virtual-machine-reconfigure [ OK ]
Executing
S01z_copy_startup-config [ OK ]
Executing
S02aws-pull-cfg
[ OK ]
Executing
S02configure_onbox
[ OK ]
Executing
S04fix-httpd.sh
[ OK ]
Executing
S05set-default-ipv4.pl [ OK ]
Executing
S05set-mgmnt-port
[ OK ]
Executing
S06addusers
[ OK ]
Executing
S07uuid-init
[ OK ]
Executing
S08configure_mysql
[ OK ]
************
Attention *********
Initializing the configuration
database. Depending
on available
system
resources (CPU, memory, and disk), this may take 30 minutes
or more to
complete.
************
Attention *********
Executing
S09database-init
<SNIP>
Executing
55recalculate_arc.pl [ OK ]
Starting
xinetd:
Mon Jul
15 04:35:36 UTC 2019
Starting
MySQL...
Pinging
mysql
Pinging
mysql, try 1
Found
mysql is running
Running
initializeObjects...
Stopping
MySQL...
Killing
mysqld with pid 22880
Wait for
mysqld to exit\c
done
Mon Jul
15 04:35:45 UTC 2019
Starting
sfifd...
[ OK ]
Starting
Cisco ASA5515-X Threat Defense, please wait...No PM running!
...started.
INIT:
SwitchingStarting system message bus: dbus.
Starting
OpenBSD Secure Shell server: sshd
generating ssh RSA key...
generating ssh ECDSA key...
generating ssh DSA key...
done.
Starting
Advanced Configuration and Power Interface daemon: acpid.
Starting
crond: OK
Jul 15
04:35:50 ciscoasa SF-IMS[23291]: [23291] init script:system [INFO] pmmon
Setting affinity to 1...
pid
23287's current affinity list: 0,1,3
pid
23287's new affinity list: 1
Jul 15
04:35:50 ciscoasa SF-IMS[23293]: [23293] init script:system [INFO] pmmon The
Process Manager is not running...
Jul 15
04:35:50 ciscoasa SF-IMS[23294]: [23294] init script:system [INFO] pmmon
Starting the Process Manager...
Jul 15
04:35:50 ciscoasa SF-IMS[23295]: [23295] pm:pm [INFO] Using model number 75F
Cisco
ASA5515-X Threat Defense v6.2.3 (build 83)
ciscoasa
login: IO Memory Nodes: 1
IO Memory
Per Node: 169869312 bytes
Global
Reserve Memory Per Node: 509607936 bytes Nodes=1
LCMB: got
169869312 bytes on numa-id=0, phys=0x1a8800000, virt=0x2aaab9400000
LCMB:
HEAP-CACHE POOL got 507510784 bytes on numa-id=0, virt=0x2b24e1600000
Processor
memory: 4368614566
POST
started...
POST
finished, result is 0 (hint: 1 means it failed)
Compiled
on Sun 25-Mar-18 17:49 PDT by builders
SSL
Hardware Offload is NOT Enabled
Total
NICs found: 11
i82574L
rev00 Gigabit Ethernet @ irq10 dev 0 index 06 MAC: b0fa.eb97.72cb
i82574L
rev00 Gigabit Ethernet @ irq10 dev 0 index 05 MAC: b0fa.eb97.72ce
i82574L
rev00 Gigabit Ethernet @ irq05 dev 0 index 04 MAC: b0fa.eb97.72ca
i82574L
rev00 Gigabit Ethernet @ irq05 dev 0 index 03 MAC: b0fa.eb97.72cd
i82574L
rev00 Gigabit Ethernet @ irq10 dev 0 index 02 MAC: b0fa.eb97.72c9
i82574L
rev00 Gigabit Ethernet @ irq10 dev 0 index 01 MAC: b0fa.eb97.72cc
i82574L
rev00 Gigabit Ethernet @ irq11 dev 0 index 00 MAC: b0fa.eb97.72c8
en_vtun
rev00 Backplane Control Interface @
index 07 MAC: 0000.0001.0001
en_vtun
rev00 Backplane Int-Mgmt Interface @
index 08 MAC: 0000.0001.0003
en_vtun
rev00 Backplane Ext-Mgmt Interface @
index 09 MAC: 0000.0000.0000
en_vtun
rev00 Backplane Tap Interface @ index
10 MAC: 0000.0100.0001
WARNING:
Attribute already exists in the dictionary.
WARNING:
Attribute already exists in the dictionary.
INFO:
Unable to read firewall mode from flash
Writing default firewall mode (single)
to flash
INFO:
Unable to read cluster interface-mode from flash
Writing default mode "None"
to flash
Encryption
hardware device : Cisco ASA Crypto on-board accelerator (revision 0x1)
Boot
microcode : CNPx-MC-BOOT-2.00
SSL/IKE
microcode : CNPx-MC-SSL-SB-PLUS-0005
IPSec
microcode : CNPx-MC-IPSEC-MAIN-0026
****************************** Warning
*******************************
This product contains cryptographic features
and is
subject to United States and local country
laws
governing, import, export, transfer, and use.
Delivery of Cisco cryptographic products does
not
imply third-party authority to import,
export,
distribute, or use encryption. Importers,
exporters,
distributors and users are responsible for
compliance
with U.S. and local country laws. By using
this
product you agree to comply with applicable
laws and
regulations. If you are unable to comply with
U.S.
and local laws, return the enclosed items
immediately.
A summary of U.S. laws governing Cisco
cryptographic
products may be found at:
If you require further assistance please
contact us by
sending email to export@cisco.com.
******************************* Warning
*******************************
Copyright
(c) 1996-2017 by Cisco Systems, Inc.
Restricted Rights Legend
Use,
duplication, or disclosure by the Government is
subject
to restrictions as set forth in subparagraph
(c) of
the Commercial Computer Software - Restricted
Rights
clause at FAR sec. 52.227-19 and subparagraph
(c) (1)
(ii) of the Rights in Technical Data and Computer
Software
clause at DFARS sec. 252.227-7013.
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Reading
from flash...
!
Cryptochecksum
(changed): 7df5bae1 c22d3ae2 e93edd07 2fe86d77
INFO:
Power-On Self-Test in process.
.......................................................................
INFO:
Power-On Self-Test complete.
INFO:
Starting HW-DRBG health test...
INFO:
HW-DRBG health test passed.
INFO:
Starting SW-DRBG health test...
INFO:
SW-DRBG health test passed.
User
enable_1 logged in to firepower
Logins
over the last 1 days: 1.
Failed
logins since the last login: 0.
Type help
o '?' for a list
Cisco
ASA5515-X Threat Defense v6.2.3 (build 83)
// FTD FINISHED INITIALIZING IN 7-10 MINS
firepower
login: admin
Password: <Admin123>
Copyright
2004-2018, Cisco and/or its affiliates. All rights reserved.
Cisco is
a registered trademark of Cisco Systems, Inc.
All other
trademarks are property of their respective owners.
Cisco
Fire Linux OS v6.2.3 (build 13)
Cisco
ASA5515-X Threat Defense v6.2.3 (build 83)
You must
accept the EULA to continue.
Press
<ENTER> to display the EULA: <ENTER>
End User
License Agreement
Effective:
May 22, 2017
This is
an agreement between You and Cisco Systems, Inc. or its affiliates
("Cisco")
and governs your Use of Cisco Software. "You" and "Your"
means the
individual
or legal entity licensing the Software under this EULA. "Use" or
"Using"
means to download, install, activate, access or otherwise use the
Software.
"Software" means the Cisco computer programs and any Upgrades made
available
to You by an Approved Source and licensed to You by Cisco.
"Documentation"
is the Cisco user or technical manuals, training materials,
specifications
or other documentation applicable to the Software and made
available
to You by an Approved Source. "Approved Source" means (i) Cisco or
(ii) the
Cisco authorized reseller, distributor or systems integrator from whom
you
acquired the Software. "Entitlement" means the license detail;
including
license
metric, duration, and quantity provided in a product ID (PID) published
on
Cisco's price list, claim certificate or right to use notification.
"Upgrades"
means all updates, upgrades, bug fixes, error corrections,
enhancements
and other modifications to the Software and backup copies thereof.
This
agreement, any supplemental license terms and any specific product terms
at www.cisco.com/go/softwareterms
(collectively, the "EULA") govern Your Use of
the
Software.
<SNIP>
Cisco and
the Cisco logo are trademarks or registered trademarks of Cisco
and/or
its affiliates in the U.S. and other countries. To view a list of Cisco
trademarks,
go to this URL: www.cisco.com/go/trademarks.
Third-party trademarks
mentioned
are the property of their respective owners. The use of the word
partner
does not imply a partnership relationship between Cisco and any other
company.
(1110R)
Please
enter 'YES' or press <ENTER> to AGREE to the EULA: <ENTER>
System
initialization in progress. Please stand
by.
You must
change the password for 'admin' to continue.
Enter new
password: <cisco123>
Confirm
new password: <cisco123>
You must
configure the network to continue.
You must
configure at least one of IPv4 or IPv6.
Do you
want to configure IPv4? (y/n) [y]:
Do you
want to configure IPv6? (y/n) [n]:
Configure
IPv4 via DHCP or manually? (dhcp/manual) [manual]:
Enter an
IPv4 address for the management interface [192.168.45.45]: 192.168.1.2
Enter an
IPv4 netmask for the management interface [255.255.255.0]:
Enter the
IPv4 default gateway for the management interface [data-interfaces]:
192.168.1.1 // I MOVED THE PATCH CABLE FROM ASA G0/1 TO MGMT INTERFACE
Enter a
fully qualified hostname for this system [firepower]:
Enter a
comma-separated list of DNS servers or 'none' [208.67.222.222,208.67.220.220]:
Enter a
comma-separated list of search domains or 'none' []:
If your
networking information has changed, you will need to reconnect.
DHCP
Server Disabled
The DHCP
server has been disabled. You may re-enable with configure network ipv4
dhcp-server-enable
For HTTP
Proxy configuration, run 'configure network http-proxy'
Manage the device locally? (yes/no)
[yes]: <ENTER> // VIA FIREPOWER DEVICE MANAGEMENT (FDM); FTD CLI configure
manager local
Configuring
firewall mode to routed
Update
policy deployment information
- add device configuration
Successfully
performed firstboot initial configuration steps for Firepower Device Manager
for Firepower Threat Defense.
> // TYPE ? TO SHOW AVAILABLE COMMANDS
aaa-server Specify a AAA server
app-agent Configure appagent features
asdm Disconnect a specific ASDM
session
asp Configure ASP parameters
blocks Set block diagnostic parameters
capture Capture inbound and outbound
packets on one or more interfaces
capture-traffic Display traffic or save to specified file
cd Change current directory
clear Reset functions
cluster Cluster exec mode commands
configure Change to Configuration mode
copy Copy from one file to another
cpu general CPU stats collection
tools
crashinfo Crash information
crypto Execute crypto Commands
debug Debugging functions (see also
'undebug')
delete Delete a file
dir List files on a filesystem
dns Update FQDN IP addresses
downgrade Downgrade the file system and
reboot
eject Eject a device
eotool Change to Enterprise Object Tool
Mode
erase Erase a filesystem
exit Exit this CLI session
expert Invoke a shell
failover Perform failover operation in Exec
mode
file Change to File Mode
format Format a filesystem
fsck Filesystem check
help Interactive help for commands
history Display the current session's
command line history
kill Terminate a telnet session
ldapsearch Test LDAP configuration
logging Configure flash file name to save
logging buffer
logout Logout of the current CLI
session
memory Memory tools
mkdir Create new directory
more Display the contents of a file
no Negate a command or set its
defaults
nslookup Look up an IP address or host name
with the DNS servers
packet-tracer trace packets in F1 data path
perfmon Change or view performance
monitoring options
pigtail Tail log files for debugging
(pigtail)
ping Test connectivity from
specified interface to an IP address
pmtool Change to PMTool Mode
pwd Display current working
directory
reboot Reboot the sensor
redundant-interface Redundant interface
rename Rename a file
rmdir Remove existing directory
sftunnel-status Show sftunnel status
show Show running system
information
shun Manages the filtering of
packets from undesired hosts
shutdown Shutdown the sensor
system Change to System Mode
tail-logs Tails the logs selected by the user
test Test subsystems, memory,
interfaces, and configurations
traceroute Find route to remote network
undebug Disable debugging functions (see
also 'debug')
verify Verify a file
vpn-sessiondb Configure the VPN Session Manager
webvpn-cache Remove cached object
write Write running configuration to
memory, network, or terminal
> show
managers
Managed locally.
>
write
net
Save the active configuration to the tftp server
terminal
Display the current active configuration
<cr>
>
write
Building
configuration...
Cryptochecksum:
93493ab2 ef76c1de 8cd464fe 3ae95459
3795
bytes copied in 0.770 secs
[OK]
Access FDM via HTTPS to 192.168.1.2. In Mozilla Firefox web browser, click Advanced > Accept the
Risk and Continue.