Saturday, December 10, 2022

Cisco Firepower 2120 ASA Initial Bootup and Configuration

Here's a link regarding the Cisco Firepower (FPR) 2100 series platform architecture. You can order the FPR 2100 either with the FTD or ASA software pre-installed. You can re-image the FPR 2100 if you received the wrong software.

The FPR 2120 has one USB slot for additional flash memory which can be used to re-image or perform a code upgrade, one out-of-band (OOB) GE MGMT interface (Management1/1), one CONSOLE port, 12x GigabitEthernet ports, 4x SFP based ports 13, 14, 15 and 16 (1 GE on 2110/2120 and 10 GE on 2130/2140), 2x network module slots and a single power supply (rear).

We ordered a Cisco FPR ASA 2120 with ASA code bundled/pre-installed. If you received ASA 9.12 and below, it runs in Platform mode which means you'll need to go into FX-OS mode in order to enable additional interfaces, configure NTP, code upgrade and other system settings. The ASA 9.13 and above runs in Appliance mode, which natively runs in ASA mode. You still have the FX-OS but it's not used as much.


Here's what the initial bootup and config looks like:

lina_monitor pro
Cisco ASA: CMD=-stop, CSP-ID=cisco-asa.9.12.1.2__asa_001_TSP2621AGGPXB5MK91, FLAG=''
Cisco ASA stopping ...
Cisco ASA stopped successfully.
Stopping all devices.
Stopping Octeon Serial Logd...
Stopping Octeon Serial Logd... success
Stopping OpenBSD Secure Shell server: sshd
stopped /usr/sbin/sshd (pid 11166)
done.
Stopping Octeon NPU ...
Stopping Octeon NPU ... success
Stopping Advanced Configuration and Power Interface daemon: stopped /usr/sbin/acpid (pid 1841)
acpid.
Stopping system message bus: dbus.
stopping mountd: done
stopping nfsd: .done
Stopping ntpd: stopped process in pidfile '/var/run/ntp.pid' (pid 11243)
done
Stopping internet superserver: xinetd.
stopping statd: done
Failed to stop kdump!
Stopping crond: OK
Stopping rpcbind daemon...
done.
Stopping fan control daemon: fancontrol... no process in pidfile '/var/run/fancontrol.pid' found; none killed
done.
Stopping sensors logging daemon: sensord... stopped /usr/sbin/sensord (pid 3867)
done.
Deconfiguring network interfaces... done.
ip6tables: Setting chains to policy ACCEPT: filter [  OK  ]
ip6tables: Flushing firewall rules: [  OK  ]
ip6tables: Unloading modules: [  OK  ]
iptables: Setting chains to policy ACCEPT: raw filter [  OK  ]
iptables: Flushing firewall rules: [  OK  ]
iptables: Unloading modules: [  OK  ]
SSP-Security-Module is shutting down ...
Fri Aug 26 09:23:48 UTC 2022 SHUTDOWN WARNING: Beginning System Shutdown request for CSP Apps
Fri Aug 26 09:23:48 UTC 2022 SHUTDOWN WARNING: Continue System Shutdown request for CSP Apps
Sending ALL processes the TERM signal ...
Note: SIGKILL_ALL will be triggered after after 1 + 2 secs ...
Sending ALL processes the KILL signal ...
Deactivating swap...
Unmounting local filesystems...
Rebooting... [50141.398394] reboot: Restarting system


*******************************************************************************
Cisco System ROMMON, Version 1.0.12, RELEASE SOFTWARE
Copyright (c) 1994-2019  by Cisco Systems, Inc.
Compiled Mon 06/17/2019 16:23:23.36 by builder
*******************************************************************************

Current image running: Boot ROM0
Last reset cause: ResetRequest (0x00001000)
DIMM_1/1 : Present
DIMM_2/1 : Absent

Platform FPR-2120 with 16384 MBytes of main memory

WARNING: This board is using a temporary MAC address.
WARNING: The temporary MAC address override value = 00:11:22:33:12:34
WARNING: Please clear this value to use the programmed MAC address.
WARNING: Use the following two CLI commands:
WARNING:   unset MACADDR
WARNING:   sync

BIOS has been successfully locked !!
MAC Address: 18:59:f5:d8:12:34

Use BREAK or ESC to interrupt boot.
Use SPACE to begin boot immediately.
                   

Located '.boot_string' @ cluster 342569.


Attempt autoboot: "boot disk0:installables/switch/fxos-k8-fp2k-lfbff.2.6.1.113.SPA"
Located 'installables/switch/fxos-k8-fp2k-lfbff.2.6.1.113.SPA' @ cluster 5200.

####################################################################

####################################################################

+-------------------------------------------------------------------+
+------------------------- SUCCESS ---------------------------------+
+-------------------------------------------------------------------+
|                                                                   |
|             LFBFF signature authentication passed !!!             |
|                                                                   |
+-------------------------------------------------------------------+
LFBFF signature verified.
+-------------------------------------------------------------------+
+------------------------- SUCCESS ---------------------------------+
+-------------------------------------------------------------------+
|                                                                   |
|              LFBFF controller type check passed !!!               |
|                                                                   |
+-------------------------------------------------------------------+
INIT: version 2.88 booting
Starting udev
Hardware tweak APPLIED: Disable SATA Throttle.1
Hardware tweak APPLIED: Disable SATA Throttle.2
Configuring network interfaces... done.
Populating dev cache
Starting Power Off Shutdown Handler (poshd)
poshd: using FPGA version 2.0.00 and PSEQ version 2.13
Primary SSD discovered
eMMC Flash not detected; retrying
fsck from util-linux 2.26.2
[/sbin/fsck.ext3 (1) -- /dev/sda1] fsck.ext3 -a /dev/sda1
/dev/sda1: clean, 105/61056 files, 10037/244224 blocks
fsck(/dev/sda1) returned 0
fsck from util-linux 2.26.2
[/sbin/fsck.ext3 (1) -- /dev/sda2] fsck.ext3 -a /dev/sda2
/dev/sda2: clean, 92/61056 files, 9525/243968 blocks
fsck(/dev/sda2) returned 0
fsck from util-linux 2.26.2
[/sbin/fsck.ext3 (1) -- /dev/sda3] fsck.ext3 -a /dev/sda3
/dev/sda3: clean, 13/732960 files, 85969/2929664 blocks
fsck(/dev/sda3) returned 0
fsck from util-linux 2.26.2
[/sbin/fsck.vfat (1) -- /dev/sdb1] fsck.vfat -a /dev/sdb1
fsck.fat 3.0.28 (2015-05-16)
/dev/sdb1: 46 files, 342570/1919063 clusters
fsck(/dev/sdb1) returned 0
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
FIPS POST Test Script
NOTICE: The FIPS POST is not run because the FIPS feature is not enabled
Running postinst /etc/rpm-postinsts/100-dnsmasq...
INIT: Entering runlevel: 3
Starting system message bus: dbus.
Stopping all devices.
Starting all devices.
Checking status of all devices.
There is 0 QAT acceleration device(s) in the system:
ip6tables: Applying firewall rules: [  OK  ]
iptables: Applying firewall rules: [  OK  ]
Starting OpenBSD Secure Shell server: sshd
done.
Starting rpcbind daemon...done.
starting statd: done
Starting Advanced Configuration and Power Interface daemon: acpid.
acpid: starting up with netlink and the input layer
acpid: 1 rule loaded
acpid: waiting for events: event logging is off
starting 8 nfsd kernel threads: done
starting mountd: done
Starting ntpd: done
Starting internet superserver: xinetd.
No makedumpfile found.
Starting Octeon NPU ...
Starting Octeon NPU ... success
Starting fan control daemon: fancontrol... done.
INFO: in validating image ...
INFO: kp_validate_image: fxmgr_absfilename /mnt/boot/installables/switch/fxos-k9-fp2k-manager.2.6.1.113.SPA
INFO: Validating image /mnt/boot/installables/switch/fxos-k9-fp2k-manager.2.6.1.113.SPA signature ...
: File /mnt/boot/installables/switch/fxos-k9-fp2k-manager.2.6.1.113.SPA size 26203440
Computed Hash   SHA2: 5459f80962a0295805756dcc59027832
                      f63153ed9600c7aa55d722e98d3f38f2
                      3065d8964292148dc19c77b7ff252895
                      db4559a5e096d5de9cd4c0d41ddd397b
                      
Embedded Hash   SHA2: 5459f80962a0295805756dcc59027832
                      f63153ed9600c7aa55d722e98d3f38f2
                      3065d8964292148dc19c77b7ff252895
                      db4559a5e096d5de9cd4c0d41ddd397b
                      
The digital signature of the file: fxos-k9-fp2k-manager.2.6.1.113.SPA verified successfully
INFO: kp_validate_image: chmgr_absfilename /mnt/boot/installables/switch/fxos-k9-mgmtext.2.6.1.82.SPA
INFO: Validating image /mnt/boot/installables/switch/fxos-k9-mgmtext.2.6.1.82.SPA signature ...
: File /mnt/boot/installables/switch/fxos-k9-mgmtext.2.6.1.82.SPA size 36161120
Computed Hash   SHA2: 0772e040d437c58c833fb0ee439c35fd
                      37fa9fa98481b28e7d9a910137575c24
                      cdcb7cb528c59678808102ae2b7b4ebf
                      9fe40c8205a30cc03fbcd10f2e711234
                      
Embedded Hash   SHA2: 0772e040d437c58c833fb0ee439c35fd
                      37fa9fa98481b28e7d9a910137575c24
                      cdcb7cb528c59678808102ae2b7b4ebf
                      9fe40c8205a30cc03fbcd10f2e711234
                      
The digital signature of the file: fxos-k9-mgmtext.2.6.1.82.SPA verified successfully
INFO: beginning of kp_install
INFO: do nothing
INFO: kp_install: fxmgr=/mnt/boot/installables/switch/fxos-k9-fp2k-manager.2.6.1.113.SPA chmgr=/mnt/boot/installables/switch/fxos-k9-mgmtext.2.6.1.82.SPA update=false
INFO: mkdir -p /tmp/fxmgr
INFO: /bin/tar -xvzf /tmp/fxmgr/fxos-kp-manager.2.6.1.113.tgz ...
INFO: kp_install: shutting down the old version ...
INFO: Terminating DME and all AGs ...
INFO: --
INFO: kp_install: Unlinking a old libraries ...
INFO: kp_install: Deleting the old manager image ...
INFO: kp_install: Installing the new image ...
INFO: deleting unnecessary xml file..!!
INFO: deleted unnecessary xml file..!!
INFO: kp_post_install ...
INFO: kp_post_install: fxmgr=/mnt/boot/installables/switch/fxos-k9-fp2k-manager.2.6.1.113.SPA chmgr=/mnt/boot/installables/switch/fxos-k9-mgmtext.2.6.1.82.SPA update=false
INFO: kp_post_install: Linking libraries ...
INFO: kp_post_install: Linking binaries ...
INFO: mkdir -p /tmp/chmgr
INFO: creating /isan/apache/chassis-mgr/
INFO: Change permission /isan/apache/chassis-mgr/.deploy_onbox.sh
INFO: Change permission /isan/apache/chassis-mgr/.httpd.conf
INFO: Change permission /isan/apache/chassis-mgr/kpmgmt/onbox-version.txt
INFO: kp_post_install: succesful install chassis mgr
INFO: Trying to add iptables and ip6tables rules ...
INFO: Set up Lina Diagnostic Interface ...
INFO: Configure management interface ...


ERROR: interface management0 is not ready after waiting for 60 seconds.
Current link status: [11: management0: <NO-CARRIER,BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default \    link/ether 18:59:f5:d8:f9:80 brd ff:ff:ff:ff:ff:ff]
INFO: Configure system files ...
INFO: System Name is: firepower-2120
Starting sensors logging daemon: sensord... done.
INFO: /mnt/boot/installables/switch/fxos-k8-fp2k-npu.2.6.1.113.SPA
INFO: Need to validate the image
: File /mnt/boot/installables/switch/fxos-k8-fp2k-npu.2.6.1.113.SPA size 46248064
Computed Hash   SHA2: 46a4b9f95a3c3e1487c2db1ff67110c3
                      24c31452101c329bedc8ca6908c96a4b
                      304d16e6a06ab9cab43d1bf853cc8502
                      e160a5e881de6cdb1b97cf8d0b78afe4
                      
Embedded Hash   SHA2: 46a4b9f95a3c3e1487c2db1ff67110c3
                      24c31452101c329bedc8ca6908c96a4b
                      304d16e6a06ab9cab43d1bf853cc8502
                      e160a5e881de6cdb1b97cf8d0b78afe4
                      
The digital signature of the file: fxos-k8-fp2k-npu.2.6.1.113.SPA verified successfully
INFO: mkdir -p /tmp/npu
INFO: all files are there ...
INFO: kp_startup: setting up fxmgr apache ...
INFO: kp_startup: Start KP httpd setup...
INFO: kp_startup: using HTTPD_INFO persistent cache
/bin/rm: cannot remove '/tmp/openssl.conf': No such file or directory
 httpdRegister INFO: [httpd.3915 -s -4 192.168.45.45 -n localhost]
 httpdRegister INFO: SKIP httpd syntax check
 httpdRegister INFO: Starting httpd setup/registration...
 httpdRegister INFO: Completed httpd setup/registration!
 INFO: httpdRegister [httpd.3915 script exit]
INFO: kp_startup: Completed KP httpd setup!
INFO: kp_startup: configuring chassis manager
INFO: unconfig older conf files
 httpdAppconf INFO: [httpd.3971 -d /isan/apache/.httpd.conf]
 httpdAppconf [fpr21xx] PARAMS: [GLOBAL_DEL:/isan/apache/.httpd.conf]
 httpdAppconf INFO: /isan/apache/.httpd.conf changes already removed
 httpdAppconf INFO: httpd.conf GLOBAL_DEL update for /isan/apache/.httpd.conf already applied
 INFO: httpdAppconf [httpd.3971 script exit]
 httpdAppconf INFO: [httpd.3999 -V -d /isan/apache/.httpd.conf]
 httpdAppconf [fpr21xx] PARAMS: [VHOST_DEL:/isan/apache/.httpd.conf]
 httpdAppconf INFO: SUCCESSFUL httpd.conf VHOST_DEL update for /isan/apache/.httpd.conf
 INFO: httpdAppconf [httpd.3999 script exit]
INFO: Configuring httpd
 httpdAppconf INFO: [httpd.4038 -V -a /isan/apache/.httpd.conf]
 httpdAppconf [fpr21xx] PARAMS: [VHOST_ADD:/isan/apache/.httpd.conf]
 httpdAppconf INFO: SUCCESSFUL httpd.conf VHOST_ADD update for /isan/apache/.httpd.conf
 INFO: httpdAppconf [httpd.4038 script exit]
INFO: kp_startup: successfully configured chassis mgr
Starting crond: OK
FTD
1:/opt/cisco/csp/cores
/opt/cisco/csp/cores 31457280

Cisco ASA: CMD=-bootup, CSP-ID=cisco-asa.9.12.1.2__asa_001_TSP2621AGGPXB5M123, FLAG=''
Cisco ASA booting up ...
INFO:-MspCheck: Configuration Xml found is /opt/cisco/csp/applications/configs/cssp_multi_instance_mode.sh: NATIVE mode detected
INFO: System Disks /dev/sda is present. Status: Operable. /dev/sdb is present. Status: Inoperable.

Cisco FPR Series Security Appliance

firepower-2120 login: admin   // DEFAULT LOGIN
Password: Admin123
Cisco ASA: CMD=-bootup, CSP-ID=cisco-asa.9.12.1.2__asa_001_TSP2621AGGPXB5M123, FLAG='fromHconfFile'
Cisco ASA booting up ...

Last login: Fri Aug 26 09:06:29 UTC 2022 on pts/0
Successful login attempts for user 'admin' : 1
Cisco ASA started successfully.
Cisco Firepower Extensible Operating System (FX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (c) 2009-2018, Cisco Systems, Inc. All rights reserved.

The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under
license.

Certain components of this software are licensed under the "GNU General Public
License, version 3" provided with ABSOLUTELY NO WARRANTY under the terms of
"GNU General Public License, Version 3", available here:
http://www.gnu.org/licenses/gpl.html. See User Manual (''Licensing'') for
details.

Certain components of this software are licensed under the "GNU General Public
License, version 2" provided with ABSOLUTELY NO WARRANTY under the terms of
"GNU General Public License, version 2", available here:
http://www.gnu.org/licenses/old-licenses/gpl-2.0.html. See User Manual
(''Licensing'') for details.

Certain components of this software are licensed under the "GNU LESSER GENERAL
PUBLIC LICENSE, version 3" provided with ABSOLUTELY NO WARRANTY under the terms
of "GNU LESSER GENERAL PUBLIC LICENSE" Version 3", available here:
http://www.gnu.org/licenses/lgpl.html. See User Manual (''Licensing'') for
details.

Certain components of this software are licensed under the "GNU Lesser General
Public License, version 2.1" provided with ABSOLUTELY NO WARRANTY under the
terms of "GNU Lesser General Public License, version 2", available here:
http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html. See User Manual
(''Licensing'') for details.

Certain components of this software are licensed under the "GNU Library General
Public License, version 2" provided with ABSOLUTELY NO WARRANTY under the terms
of "GNU Library General Public License, version 2", available here:
http://www.gnu.org/licenses/old-licenses/lgpl-2.0.html. See User Manual
(''Licensing'') for details.

firepower-2120#
firepower-2120# connect asa   // GO INTO ASA MODE (SIMILAR TO A VIRTUAL MACHINE)
ASA has not yet started. Please try again later.
firepower-2120# Aug 26 09:26:56 firepower-2120 port-manager  : Alert: Internal1/2 link changed to UP

Aug 26 09:29:12 firepower-2120 port-manager  : Alert: Internal1/2 link changed to UP
total mem 7159221453 new 7159221453 old 1073741824 reserv 1073741824 pri new 6146949120 pri old 0 system 7220690944 kernel 61469491 image 0
Number of Cores 8
memif is not enabled.
Processor memory:   7159221453

POST started...
POST finished, result is 0 (hint: 1 means it failed)

Compiled on Thu 21-Mar-19 16:32 PDT by builders
Platform is FPR-2120
Adding Cavium NIC interface 1 port 0

Total NICs found: 4

NIC pci:id 00, slot 0, port 1, bus -1, dev -1 func 0, irq 00, internal, ten_gb-ethernet, ind 1
NIC pci:id 01, slot 0, port -1, bus 0, dev 0 func 0, irq 00, internal, , ind 0
NIC pci:id 02, slot 1, port 1, bus -1, dev -1 func -1, irq 00, external, gb-ethernet, ind 1
NIC pci:id 03, slot 1, port 1, bus -1, dev -1 func -1, irq 00, internal, gb-ethernet, ind 1
Aug 26 09:29:29 firepower-2120 port-manager  : Alert: Internal1/3 link changed to UP
en_vtun rev00 Backplane Ext-Mgmt Interface     @ index 02 MAC: 1859.f5d8.f981
en_vtun rev00 Backplane Tap Interface     @ index 03 MAC: 0000.0100.0001
WARNING: Attribute already exists in the dictionary.
The 3DES/AES algorithms require a Encryption-3DES-AES entitlement.
The 3DES/AES algorithms require a Encryption-3DES-AES entitlement.

Cisco Adaptive Security Appliance Software Version 9.12(1)2

  ****************************** Warning *******************************
  This product contains cryptographic features and is
  subject to United States and local country laws
  governing, import, export, transfer, and use.
  Delivery of Cisco cryptographic products does not
  imply third-party authority to import, export,
  distribute, or use encryption. Importers, exporters,
  distributors and users are responsible for compliance
  with U.S. and local country laws. By using this
  product you agree to comply with applicable laws and
  regulations. If you are unable to comply with U.S.
  and local laws, return the enclosed items immediately.

  A summary of U.S. laws governing Cisco cryptographic
  products may be found at:
  http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

  If you require further assistance please contact us by
  sending email to export@cisco.com.
  ******************************* Warning *******************************
Cisco Adaptive Security Appliance Software, version 9.12
Copyright (c) 1996-2019 by Cisco Systems, Inc.
For licenses and notices for open source software used in this product, please visit
http://www.cisco.com/go/asa-opensource

                Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

                Cisco Systems, Inc.
                170 West Tasman Drive
                San Jose, California 95134-1706

Reading from flash...
Flash read failed
ERROR: MIGRATION - Could not get the startup configuration.

Cryptochecksum (changed): d41d8cd9 8f00b204 e9800998 ecf8427e
INFO: converting 'fixup protocol dns maximum-length 512' to MPF commands
ERROR: Inspect configuration of this type exists, first remove
that configuration and then add the new configuration
INFO: converting 'fixup protocol ftp 21' to MPF commands
INFO: converting 'fixup protocol h323_h225 1720' to MPF commands
INFO: converting 'fixup protocol h323_ras 1718-1719' to MPF commands
INFO: converting 'fixup protocol ip-options 1' to MPF commands
INFO: converting 'fixup protocol netbios 137-138' to MPF commands
INFO: converting 'fixup protocol rsh 514' to MPF commands
INFO: converting 'fixup protocol rtsp 554' to MPF commands
INFO: converting 'fixup protocol sip 5060' to MPF commands
INFO: converting 'fixup protocol skinny 2000' to MPF commands
INFO: converting 'fixup protocol smtp 25' to MPF commands
INFO: converting 'fixup protocol sqlnet 1521' to MPF commands
INFO: converting 'fixup protocol sunrpc 111' to MPF commands
INFO: converting 'fixup protocol sunrpc_udp 111' to MPF commands
INFO: converting 'fixup protocol tftp 69' to MPF commands
INFO: converting 'fixup protocol sip udp 5060' to MPF commands
INFO: converting 'fixup protocol xdmcp 177' to MPF commands

INFO: Power-On Self-Test in process.
.............
INFO: Power-On Self-Test complete.

INFO: Starting SW-DRBG health test...
INFO: SW-DRBG health test passed.

INFO: Starting SW-DRBG health test...
INFO: SW-DRBG health test passed.
Creating trustpoint "_SmartCallHome_ServerCA" and installing certificate...

Trustpoint CA certificate accepted.
INFO: Security level for "management" set to 0 by default.
INFO: Security level for "outside" set to 0 by default.
INFO: Security level for "inside" set to 100 by default.
WARNING: This command will not take effect until interface 'outside' has been assigned an IPv4 address


User enable_1 logged in to ciscoasa
Logins over the last 1 days: 1.  
Failed logins since the last login: 0.  
 
firepower-2120# connect asa
Attaching to ASA CLI ... Press 'Ctrl+a then d' to detach.
Type help or '?' for a list of available commands.

ciscoasa> enable
The enable password is not set.  Please set it now.
Enter  Password: ********
Repeat Password: ********
 

It has the same look and CLI commands used in a Cisco ASA firewall.


ciscoasa# show inventory
Name: "module 0", DESCR: "Firepower 2120 Appliance, 1RU, 12 GE, 4 xSFP, 1 MGMT"
PID: FPR-2120          , VID: V04     , SN: TSP26211234   // CHASSIS SERIAL FOR SMARNET


ciscoasa# show version

Cisco Adaptive Security Appliance Software Version 9.12(1)2    // PLATFORM MODE
Firepower Extensible Operating System Version 2.6(1.113)
Device Manager Version 7.12(1)

Compiled on Thu 21-Mar-19 16:32 PDT by builders
System image file is "disk0:/mnt/boot/installables/switch/fxos-k8-fp2k-npu.2.6.1.113.SPA"
Config file at boot was "startup-config"

ciscoasa up 1 min 10 secs

Hardware:   FPR-2120, 6828 MB RAM, CPU MIPS 1200 MHz, 1 CPU (8 cores)


 1: Int: Internal-Data0/1    : address is 000f.b748.4801, irq 0
 3: Ext: Management1/1       : address is 1859.f5d8.f981, irq 0
 4: Int: Internal-Data1/1    : address is 0000.0100.0001, irq 0

License mode: Smart Licensing

Licensed features for this platform:
Maximum Physical Interfaces       : Unlimited      
Maximum VLANs                     : 1024           
Inside Hosts                      : Unlimited      
Failover                          : Active/Active  
Encryption-DES                    : Enabled        
Encryption-3DES-AES               : Disabled       // NEED TO ADD STRONG ENCRYPTION LICENSE
Security Contexts                 : 2              
Carrier                           : Disabled       
AnyConnect Premium Peers          : 3500           
AnyConnect Essentials             : Disabled       
Other VPN Peers                   : 3500           
Total VPN Peers                   : 3500           
AnyConnect for Mobile             : Enabled        
AnyConnect for Cisco VPN Phone    : Enabled        
Advanced Endpoint Assessment      : Enabled        
Shared License                    : Disabled       
Total TLS Proxy Sessions          : 8000           
Cluster                           : Disabled       

Serial Number: JAD26095678   // SERIAL FOR SMART LICENSE
Configuration last modified by enable_1 at 09:30:41.659 UTC Fri Aug 26 2022
 

Only Ethernet1/1 (WAN/Outside), Ethernet1/2 (LAN/Inside) and Management1/1 interfaces are enabled by default.


ciscoasa# show interface ip brief
Interface                  IP-Address      OK?           Method Status      Protocol
Internal-Data0/1           unassigned      YES           unset  up          up  
Ethernet1/1                unassigned      YES           DHCP   down        down
Ethernet1/2                192.168.1.1     YES           CONFIG down        down

Ethernet1/3                unassigned      YES           unset  admin down  down
Ethernet1/4                unassigned      YES           unset  admin down  down
Ethernet1/5                unassigned      YES           unset  admin down  down
Ethernet1/6                unassigned      YES           unset  admin down  down
Ethernet1/7                unassigned      YES           unset  admin down  down
Ethernet1/8                unassigned      YES           unset  admin down  down
Ethernet1/9                unassigned      YES           unset  admin down  down
Ethernet1/10               unassigned      YES           unset  admin down  down
Ethernet1/11               unassigned      YES           unset  admin down  down
Ethernet1/12               unassigned      YES           unset  admin down  down
Ethernet1/13               unassigned      YES           unset  admin down  down
Ethernet1/14               unassigned      YES           unset  admin down  down
Ethernet1/15               unassigned      YES           unset  admin down  down
Ethernet1/16               unassigned      YES           unset  admin down  down
Internal-Data1/1           169.254.1.1     YES           unset  up          up  
Management1/1              192.168.45.1    YES           CONFIG up          up  


ciscoasa# show run
: Saved

:
: Serial Number: JAD26095678
: Hardware:   FPR-2120, 6828 MB RAM, CPU MIPS 1200 MHz, 1 CPU (8 cores)
:
ASA Version 9.12(1)2
!
hostname ciscoasa
enable password ***** pbkdf2
names
no mac-address auto

!
interface Ethernet1/1
 nameif outside
 security-level 0
 ip address dhcp setroute
!
interface Ethernet1/2
 nameif inside
 security-level 100
 ip address 192.168.1.1 255.255.255.0
!
interface Ethernet1/3
 shutdown     
 no nameif
 no security-level
 no ip address
!
interface Ethernet1/4
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet1/5
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet1/6
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet1/7
 shutdown     
 no nameif
 no security-level
 no ip address
!
interface Ethernet1/8
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet1/9
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet1/10
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet1/11
 shutdown     
 no nameif
 no security-level
 no ip address
!
interface Ethernet1/12
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet1/13
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet1/14
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet1/15
 shutdown     
 no nameif
 no security-level
 no ip address
!
interface Ethernet1/16
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Management1/1
 management-only
 nameif management
 security-level 100
 ip address 192.168.45.1 255.255.255.0
!
ftp mode passive
dns domain-lookup outside
dns server-group DefaultDNS
 name-server 208.67.220.220
 name-server 208.67.222.222
object network obj_any
 subnet 0.0.0.0 0.0.0.0

pager lines 24
mtu management 1500
mtu outside 1500
mtu inside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
arp rate-limit 32768
!
object network obj_any
 nat (any,outside) dynamic interface

timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
timeout conn-holddown 0:00:15
timeout igp stale-route 0:01:10
user-identity default-domain LOCAL
aaa authentication login-history
http server enable
http 192.168.45.0 255.255.255.0 management
ip-client outside
no snmp-server location
no snmp-server contact
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpoint _SmartCallHome_ServerCA
 no validation-usage
 crl configure
crypto ca trustpool policy
 auto-import
crypto ca certificate chain _SmartCallHome_ServerCA
 certificate ca 0509
    308205b7 3082039f a0030201 02020205 09300d06 092a8648 86f70d01 01050500
    3045310b 30090603 55040613 02424d31 19301706 0355040a 13105175 6f566164 


<OUTPUT TRUNCATED>


    f1e3b1ef df918f54 2a0b25c1 2619c452 100565d5 8210eac2 31cd2e
  quit
telnet timeout 5
ssh stricthostkeycheck
ssh timeout 5
console timeout 0
dhcpd auto_config outside
!
dhcpd address 192.168.1.20-192.168.1.254 inside
dhcpd enable inside

!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
dynamic-access-policy-record DfltAccessPolicy
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum client auto
  message-length maximum 512
  no tcp-inspection
policy-map global_policy
 class inspection_default
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect ip-options
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny  
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip  
  inspect xdmcp
  inspect dns preset_dns_map
policy-map type inspect dns migrated_dns_map_2
 parameters
  message-length maximum client auto
  message-length maximum 512
  no tcp-inspection
policy-map type inspect dns migrated_dns_map_1
 parameters
  message-length maximum client auto
  message-length maximum 512
  no tcp-inspection
!
service-policy global_policy global
prompt hostname context
call-home
 profile License
  destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
  destination transport-method http
 profile CiscoTAC-1
  no active
  destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
  destination address email callhome@cisco.com
  destination transport-method http
  subscribe-to-alert-group diagnostic
  subscribe-to-alert-group environment
  subscribe-to-alert-group inventory periodic monthly
  subscribe-to-alert-group configuration periodic monthly
  subscribe-to-alert-group telemetry periodic daily
app-agent heartbeat interval 1000 retry-count 3
Cryptochecksum:c5168f1a1f3129f600c5715f33cd4151
: end
  

Here are some useful FX-OS CLI commands. I'll enable Ethernet1/3 for my DMZ and Ethernet1/12 for the failover link to the Secondary ASA.

ciscoasa# scope eth-uplink

ciscoasa /eth-uplink # scope fabric a

ciscoasa /eth-uplink/fabric # show interface

 

Interface:

    Port Name      Port Type          Admin State Oper State       State Reason

    -------------- ------------------ ----------- ---------------- ------------

    Ethernet1/1    Data               Enabled     Up               Up

    Ethernet1/2    Data               Enabled     Up               Up

    Ethernet1/3    Data               Disabled    Link Down        Down

    Ethernet1/4    Data               Disabled    Link Down        Down

    Ethernet1/5    Data               Disabled    Link Down        Down

    Ethernet1/6    Data               Disabled    Link Down        Down

    Ethernet1/7    Data               Disabled    Link Down        Down

    Ethernet1/8    Data               Disabled    Link Down        Down

    Ethernet1/9    Data               Disabled    Link Down        Down

    Ethernet1/10   Data               Disabled    Link Down        Down

    Ethernet1/11   Data               Disabled    Link Down        Down

    Ethernet1/12   Data               Disabled    Link Down        Down

    Ethernet1/13   Data               Disabled    Link Down        Down

    Ethernet1/14   Data               Disabled    Link Down        Down

    Ethernet1/15   Data               Disabled    Link Down        Down

    Ethernet1/16   Data               Disabled    Link Down        Down

ciscoasa /eth-uplink/fabric #

ciscoasa /eth-uplink/fabric # enter interface Ethernet1/3

ciscoasa /eth-uplink/fabric/interface # enable

ciscoasa /eth-uplink/fabric/interface* # exit

ciscoasa /eth-uplink/fabric* # enter interface Ethernet1/12

ciscoasa /eth-uplink/fabric/interface* # enable

ciscoasa /eth-uplink/fabric/interface* # commit-buffer    // SAVE CONFIG

ciscoasa /eth-uplink/fabric/interface # Sep 10 02:27:03 firepower-2120 port-manager  : Alert: Ethernet1/12 link changed to UP

Sep 10 02:27:03 firepower-2120 port-manager  : Alert: Ethernet1/3 link changed to UP

 

ciscoasa /eth-uplink/fabric/interface # scope fabric a

ciscoasa /fabric-interconnect # exit

ciscoasa# scope eth-uplink

ciscoasa/eth-uplink # scope fabric a

ciscoasa /eth-uplink/fabric # show interface   // VERIFY INTERFACE STATUS

 

Interface:

    Port Name      Port Type          Admin State Oper State       State Reason

    -------------- ------------------ ----------- ---------------- ------------

    Ethernet1/1    Data               Enabled     Up               Up

    Ethernet1/2    Data               Enabled     Up               Up

    Ethernet1/3    Data               Enabled     Up               Up

    Ethernet1/4    Data               Disabled    Link Down        Down

    Ethernet1/5    Data               Disabled    Link Down        Down

    Ethernet1/6    Data               Disabled    Link Down        Down

    Ethernet1/7    Data               Disabled    Link Down        Down

    Ethernet1/8    Data               Disabled    Link Down        Down

    Ethernet1/9    Data               Disabled    Link Down        Down

    Ethernet1/10   Data               Disabled    Link Down        Down

    Ethernet1/11   Data               Disabled    Link Down        Down

    Ethernet1/12   Data               Enabled     Up               Up

    Ethernet1/13   Data               Disabled    Link Down        Down

    Ethernet1/14   Data               Disabled    Link Down        Down

    Ethernet1/15   Data               Disabled    Link Down        Down

    Ethernet1/16   Data               Disabled    Link Down        Down

  

Here's the bootup and initial configuration of another Cisco FPR ASA 2120 that I've received which runs ASA 9.16 in Appliance mode (default).

*******************************************************************************

Cisco System ROMMON, Version 1.0.12, RELEASE SOFTWARE

Copyright (c) 1994-2019  by Cisco Systems, Inc.

Compiled Mon 06/17/2019 16:23:23.36 by builder

*******************************************************************************


Current image running: Boot ROM0
Last reset cause: PowerCycleRequest (0x00002000)
DIMM_1/1 : Present
DIMM_2/1 : Absent

Platform FPR-2120 with 16384 MBytes of main memory

WARNING: This board is using a temporary MAC address.
WARNING: The temporary MAC address override value = 00:11:22:33:44:56
WARNING: Please clear this value to use the programmed MAC address.
WARNING: Use the following two CLI commands:
WARNING:   unset MACADDR
WARNING:   sync


BIOS has been successfully locked !!
MAC Address: 3c:26:e4:04:9a:bc

Use BREAK or ESC to interrupt boot.

Use SPACE to begin boot immediately.

Boot in 10 seconds.

Located '.boot_string' @ cluster 349407.


Attempt autoboot: "boot disk0:installables/switch/fxos-k8-fp2k-lfbff.2.10.1.172.SPA"
Located 'installables/switch/fxos-k8-fp2k-lfbff.2.10.1.172.SPA' @ cluster 5200.

##################################################################

##################################################################

+-------------------------------------------------------------------+

+------------------------- SUCCESS ---------------------------------+

+-------------------------------------------------------------------+

|                                                                   |

|             LFBFF signature authentication passed !!!             |

|                                                                   |

+-------------------------------------------------------------------+

LFBFF signature verified.

+-------------------------------------------------------------------+

+------------------------- SUCCESS ---------------------------------+

+-------------------------------------------------------------------+

|                                                                   |

|              LFBFF controller type check passed !!!               |

|                                                                   |

+-------------------------------------------------------------------+


Linux version: 4.18.45-yocto-standard (oe-user@oe-host) #1 SMP Sun Aug 1 20:02:03 UTC 2021
kernel_image = 0x8dafd9f8, kernel_size=0x6402a0
Image validated

INIT: version 2.88 booting

Starting udev
Hardware tweak APPLIED: Disable SATA Throttle.1
Hardware tweak APPLIED: Disable SATA Throttle.2
Configuring network interfaces... done.
Starting random number generator daemon.
Starting Power Off Shutdown Handler (poshd)
poshd: using FPGA version  and PSEQ version
Starting TAm services ...
Device configuration status = TAM_SUCCESS
TAm Services started successfully
Primary SSD discovered
fsck from util-linux 2.32.1
[/sbin/fsck.ext3 (1) -- /dev/sda1] fsck.ext3 -a /dev/sda1
/dev/sda1: recovering journal
/dev/sda1: clean, 115/61056 files, 9415/244224 blocks
fsck(/dev/sda1) returned 0
fsck from util-linux 2.32.1
[/sbin/fsck.ext3 (1) -- /dev/sda2] fsck.ext3 -a /dev/sda2
/dev/sda2: recovering journal
/dev/sda2: Clearing orphaned inode 15272 (uid=0, gid=0, mode=0140600, size=0)
/dev/sda2: Clearing orphaned inode 15269 (uid=0, gid=0, mode=0140600, size=0)
/dev/sda2: clean, 100/61056 files, 8759/243968 blocks
fsck(/dev/sda2) returned 0
fsck from util-linux 2.32.1
[/sbin/fsck.ext3 (1) -- /dev/sda3] fsck.ext3 -a /dev/sda3
/dev/sda3: recovering journal
/dev/sda3: clean, 13/732960 files, 69569/2929664 blocks
fsck(/dev/sda3) returned 0
mount_disk_xfs. device: /dev/sda4, dir: /opt/cisco/csp, mount returned: 0.
fsck from util-linux 2.32.1
[/sbin/fsck.vfat (1) -- /dev/sdb1] fsck.vfat -a /dev/sdb1
fsck.fat 4.1 (2017-01-24)
0x41: Dirty bit is set. Fs was not properly unmounted and some data may be corrupt.
 Automatically removing dirty bit.
Performing changes.
/dev/sdb1: 48 files, 349408/1919062 clusters
fsck(/dev/sdb1) returned 1
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.

FIPS POST Test Script

NOTICE: The FIPS POST is not run because the FIPS feature is not enabled
Configuring packages on first bo
INIT: Entering runlevel: 3
Starting system message bus: dbus.
Starting OpenBSD Secure Shell server: sshd
done.
Starting rpcbind daemon...done.
starting statd: done
Starting Advanced Configuration and Power Interface daemon: acpid.
acpid: starting up with netlink and the input layer
acpid: 1 rule loaded
acpid: waiting for events: event logging is off

Starting DHCP server: .

starting 8 nfsd kernel threads: done
starting mountd: done
Starting ntpd: done
Starting internet superserver: xinetd.
Starting Octeon NPU ...
Starting Octeon NPU ... success
Starting fan control daemon: fancontrol... done.
INFO: beginning of manager_install
INFO: manager_install: fxmgr=/mnt/boot/installables/switch/fxos-k9-fp2k-manager.2.10.1.172.SPA chmgr=/mnt/boot/installables/switch/fxos-k9-mgmtext.2.10.1.56.SPA update=false
INFO: manager_install: fxmgr is dummy, skip_fxmgr_install=true
INFO: in validating image ...
INFO: manager_validate_image: fxmgr_absfilename /mnt/boot/installables/switch/fxos-k9-fp2k-manager.2.10.1.172.SPA
INFO: Validating image /mnt/boot/installables/switch/fxos-k9-fp2k-manager.2.10.1.172.SPA signature ...
: File /mnt/boot/installables/switch/fxos-k9-fp2k-manager.2.10.1.172.SPA size 1296

Done!

Computed Hash   SHA2: 274b7096a45e70409710e4c68932f049
                      155f9cdaf2474464ba96eecdd5b6c07f
                      b5bbe96fbbca8ec6258b6c0961cdf365
                      238e1b36c3aaccf8f293897e07b4              

Embedded Hash   SHA2: 274b7096a45e70409710e4c68932f049
                      155f9cdaf2474464ba96eecdd5b6c07f
                      b5bbe96fbbca8ec6258b6c0961cdf365
                      238e1b36c3aaccf8f293897e07b4                   

The digital signature of the file: fxos-k9-fp2k-manager.2.10.1.172.SPA verified successfully
INFO: manager_validate_image: chmgr_absfilename /mnt/boot/installables/switch/fxos-k9-mgmtext.2.10.1.56.SPA
INFO: Validating image /mnt/boot/installables/switch/fxos-k9-mgmtext.2.10.1.56.SPA signature ...
: File /mnt/boot/installables/switch/fxos-k9-mgmtext.2.10.1.56.SPA size 37136160

Done!

Computed Hash   SHA2: b3f080a08c44e4606e7ddde319c8ba3a
                      649a58ba202b149475250273c48f2326
                      0f9e7d060a620fbb68f56b35a1226e5d
                      1b4a0af4387940803b56475322d7

                     
Embedded Hash   SHA2: b3f080a08c44e4606e7ddde319c8ba3a
                      649a58ba202b149475250273c48f2326
                      0f9e7d060a620fbb68f56b35a1226e5d
                      1b4a0af4387940803b56475322d7

                     
The digital signature of the file: fxos-k9-mgmtext.2.10.1.56.SPA verified successfully
INFO: manager_install: skip_fxmgr_install=true - delete unnecessary files and skip
INFO: deleting unnecessary xml file..!!
INFO: deleted unnecessary xml file..!!
INFO: manager_post_install ...
INFO: manager_post_install: fxmgr=/mnt/boot/installables/switch/fxos-k9-fp2k-manager.2.10.1.172.SPA chmgr=/mnt/boot/installables/switch/fxos-k9-mgmtext.2.10.1.56.SPA update=false
INFO: manager_post_install: fxmgr is dummy
INFO: manager_post_install: Linking libraries ...
INFO: manager_post_install: Linking binaries ...
INFO: Creating directory /tmp/chmgr
INFO: creating /isan/apache/chassis-mgr/
INFO: Change permission /isan/apache/chassis-mgr/.deploy_onbox.sh
INFO: Change permission /isan/apache/chassis-mgr/.httpd.conf
INFO: Change permission /isan/apache/chassis-mgr/kpmgmt/onbox-version.txt
INFO: manager_post_install: succesful install chassis mgr
INFO: Trying to add iptables and ip6tables rules ...
INFO: Set up Application Diagnostic Interface ...
INFO: Configure management0 interface ...
ERROR: interface management0 is not ready after waiting for 60 seconds.

Current link status: [10: management0: <NO-CARRIER,BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default qlen 1000\    link/ether 3c:26:e4:04:9e:80 brd ff:ff:ff:ff:ff:ff]
INFO: Configure system files ...
INFO: System Name is: firepower-2120
Starting sensors logging daemon: sensord... done.
INFO: /mnt/boot/installables/switch/fxos-k8-fp2k-npu.2.10.1.172.SPA
INFO: Need to validate the image
: File /mnt/boot/installables/switch/fxos-k8-fp2k-npu.2.10.1.172.SPA size 73105392

Done!

Computed Hash   SHA2: 68d4ecba1366c1ab2e8e29c2966a2d47
                      bd34acf29916f43678ec2b337764024a
                      699e58e1a115912795b3f5d8fc4091fd
                      a08cd4fe0a1f33e68ae3e385fba8
                    
Embedded Hash   SHA2: 68d4ecba1366c1ab2e8e29c2966a2d47
                      bd34acf29916f43678ec2b337764024a
                      699e58e1a115912795b3f5d8fc4091fd
                      a08cd4fe0a1f33e68ae3e385fba8
                     
The digital signature of the file: fxos-k8-fp2k-npu.2.10.1.172.SPA verified successfully
INFO: Creating directory /tmp/npu
INFO: all files are there ...
INFO: fp2100 asa copy appliance mode
INFO: cur reboot count is 0
INFO: max reboot count is 7
INFO: console : ttyS0, speed : 9600
INFO: manager_startup: setting up fxmgr apache ...
INFO: manager_startup: Start manager httpd setup...
INFO: manager_startup: using HTTPD_INFO persistent cache
/bin/rm: cannot remove '/tmp/openssl.conf': No such file or directory
 httpdRegister INFO: [httpd.2543 -s -4 0.0.0.0 -n localhost]
 httpdRegister INFO: SKIP httpd syntax check
 httpdRegister INFO: Starting httpd setup/registration...
 httpdRegister INFO: Completed httpd setup/registration!
 INFO: httpdRegister [httpd.2543 script exit]
INFO: manager_startup: Completed manager httpd setup!
INFO: manager_startup: configuring chassis manager
INFO: unconfig older conf files
 httpdAppconf INFO: [httpd.2605 -d /isan/apache/.httpd.conf]
 httpdAppconf [fpr21xx] PARAMS: [GLOBAL_DEL:/isan/apache/.httpd.conf]
 httpdAppconf INFO: /isan/apache/.httpd.conf changes already removed
 httpdAppconf INFO: httpd.conf GLOBAL_DEL update for /isan/apache/.httpd.conf already applied
 INFO: httpdAppconf [httpd.2605 script exit]
 httpdAppconf INFO: [httpd.2637 -V -d /isan/apache/.httpd.conf]
 httpdAppconf [fpr21xx] PARAMS: [VHOST_DEL:/isan/apache/.httpd.conf]
 httpdAppconf INFO: SUCCESSFUL httpd.conf VHOST_DEL update for /isan/apache/.httpd.conf
 INFO: httpdAppconf [httpd.2637 script exit]
INFO: Configuring httpd
 httpdAppconf INFO: [httpd.2686 -V -a /isan/apache/.httpd.conf]
 httpdAppconf [fpr21xx] PARAMS: [VHOST_ADD:/isan/apache/.httpd.conf]
 httpdAppconf INFO: SUCCESSFUL httpd.conf VHOST_ADD update for /isan/apache/.httpd.conf
 INFO: httpdAppconf [httpd.2686 script exit]
INFO: manager_startup: successfully configured chassis mgr
Starting crond: OK

FTD

1:/opt/cisco/csp/cores
/opt/cisco/csp/cores 31457280
Cisco ASA: CMD=-bootup, CSP-ID=cisco-asa.9.16.2.3__asa_001_JMX2630X263NOV1234, FLAG=''
Cisco ASA booting up ...
INFO:-MspCheck: Configuration Xml found is /opt/cisco/csp/applications/configs/cspCfg_cisco-asa.9.16.2.3__asa_001_JMX2630X263NOV1234.xml

INFO:

firepower-2120 login: admin (automatic login)

Last login: Wed Jul 20 19:53:26 UTC 2022 on ttyS0
Successful login attempts for user 'admin' : 1
INFO: System Disks /dev/sda is present. Status: Operable. /dev/sdb is present. Status: Inoperable.
kill: usage: kill [-s sigspec | -n signum | -sigspec] pid | jobspec ... or kill -l [sigspec]

Waiting for Application infrastructure to be ready...
Verifying the signature of the Application image...

Cisco ASA: CMD=-bootup, CSP-ID=cisco-asa.9.16.2.3__asa_001_JMX2630X263NOV0U01, FLAG='fromHconfFile'
Cisco ASA booting up ...
Cisco ASA started successfully.
Please wait for Cisco ASA to come online...1...
Please wait for Cisco ASA to come online...2...
Please wait for Cisco ASA to come online...3...
Please wait for Cisco ASA to come online...4...
Please wait for Cisco ASA to come online...5...
Please wait for Cisco ASA to come online...6...
Please wait for Cisco ASA to come online...7...
Please wait for Cisco ASA to come online...8...
Please wait for Cisco ASA to come online...9...
Please wait for Cisco ASA to come online...10...
Please wait for Cisco ASA to come online...11...
Please wait for Cisco ASA to come online...12...
Please wait for Cisco ASA to come online...13...
lina_init_env: memif is not enabled.
System Cores 8 Nodes 1 Max Cores 48
Number of Cores 8
Global Reserve Memory Per Node: 692060160 bytes Nodes=1

LCMB: HEAP-CACHE POOL got 687865856 bytes on numa-id=0, virt=0x0000005555600000

total_reserved_mem = 1073741824

total_heapcache_mem = 687865856
total mem 7167608587 system 7222214656 kernel 54606069 image 0
new 7167608587 old 1073741824 reserve 1761607680 priv new 5460606976 priv old 0
Processor memory:   6907641856
POST started...
POST finished, result is 0 (hint: 1 means it failed)

Cisco Adaptive Security Appliance Software Version 9.16(2)3

Compiled on Mon 06-Sep-21 19:54 GMT by builders
Platform is FPR-2120
Adding Cavium NIC interface 1 port 0

Total NICs found: 5

NIC pci:id 00, slot 0, port 1, bus -1, dev -1 func 0, irq 00, internal, ten_gb-ethernet, ind 1
NIC pci:id 01, slot 0, port -1, bus 0, dev 0 func 0, irq 00, internal, , ind 0
NIC pci:id 02, slot 1, port 1, bus -1, dev -1 func -1, irq 00, internal, gb-ethernet, ind 1
NIC pci:id 03, slot 1, port 1, bus -1, dev -1 func -1, irq 00, external, gb-ethernet, ind 1
NIC pci:id 04, slot 1, port 1, bus -1, dev -1 func -1, irq 00, internal, gb-ethernet, ind 1
en_vtun rev00 Backplane Ext-Mgmt Interface     @ index 03 MAC: 3c26.e404.9e81
en_vtun rev00 Backplane Tap Interface     @ index 04 MAC: 0000.0100.0001
WARNING: Attribute already exists in the dictionary.
Use software crypto.
The 3DES/AES algorithms require a Encryption-3DES-AES entitlement.
The 3DES/AES algorithms require a Encryption-3DES-AES entitlement.


Cisco Adaptive Security Appliance Software Version 9.16(2)3

  ****************************** Warning *******************************
  This product contains cryptographic features and is
  subject to United States and local country laws
  governing, import, export, transfer, and use.
  Delivery of Cisco cryptographic products does not
  imply third-party authority to import, export,
  distribute, or use encryption. Importers, exporters,
  distributors and users are responsible for compliance
  with U.S. and local country laws. By using this
  product you agree to comply with applicable laws and
  regulations. If you are unable to comply with U.S.
  and local laws, return the enclosed items immediately.

  A summary of U.S. laws governing Cisco cryptographic
  products may be found at:
  http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

  If you require further assistance please contact us by
  sending email to export@cisco.com.
  ******************************* Warning *******************************
Cisco Adaptive Security Appliance Software, version 9.16
Copyright (c) 1996-2021 by Cisco Systems, Inc.
For licenses and notices for open source software used in this product, please visit
http://www.cisco.com/go/asa-opensource

                Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

                Cisco Systems, Inc.
                170 West Tasman Drive
                San Jose, California 95134-1706

config_fetcher: channel open failed
WARNING: MIGRATION - no startup configuration or configuration not found.

INFO: Power-On Self-Test in process.
..............
INFO: Power-On Self-Test complete.

INFO: Starting SW-DRBG health test...
INFO: SW-DRBG health test passed.
Creating trustpoint "_SmartCallHome_ServerCA" and installing certificate...

Trustpoint CA certificate accepted.
Creating trustpoint "_SmartCallHome_ServerCA2" and installing certificate...

Trustpoint CA certificate accepted.
INFO: Security level for "management" set to 0 by default.
INFO: Security level for "outside" set to 0 by default.
INFO: Security level for "inside" set to 100 by default.


User enable_1 logged in to ciscoasa
Logins over the last 1 days: 1.  
Failed logins since the last login: 0.  
 Attaching to ASA CLI ... Press 'Ctrl+a then d' to detach.
Type help or '?' for a list of available commands.

ciscoasa> enable
The enable password is not set.  Please set it now.
Enter  Password: ********
Repeat Password: ********
Note: Save your configuration so that the password can be used for FXOS failsafe access and persists across reboots

("write memory" or "copy running-config startup-config").
 

ciscoasa# show version

Cisco Adaptive Security Appliance Software Version 9.16(2)3
SSP Operating System Version 2.10(1.172)
Device Manager Version 7.16(1)

Compiled on Mon 06-Sep-21 19:54 GMT by builders
System image file is "disk0:/mnt/boot/installables/switch/fxos-k8-fp2k-npu.2.10.1.172.SPA"
Config file at boot was "startup-config"

ciscoasa up 39 secs

Hardware:   FPR-2120, 6588 MB RAM, CPU MIPS 1200 MHz, 1 CPU (8 cores)


 1: Int: Internal-Data0/1    : address is 000f.b748.4801, irq 0
 3: Int: Not licensed        : irq 0
 4: Ext: Management1/1       : address is 3c26.e404.9e81, irq 0
 5: Int: Internal-Data1/1    : address is 0000.0100.0001, irq 0

License mode: Smart Licensing

Licensed features for this platform:
Maximum Physical Interfaces       : Unlimited      
Maximum VLANs                     : 1024           
Inside Hosts                      : Unlimited      
Failover                          : Active/Active  
Encryption-DES                    : Enabled        
Encryption-3DES-AES               : Disabled       
Security Contexts                 : 2              
Carrier                           : Disabled       
AnyConnect Premium Peers          : 3500           
AnyConnect Essentials             : Disabled       
Other VPN Peers                   : 3500           
Total VPN Peers                   : 3500           
AnyConnect for Mobile             : Enabled        
AnyConnect for Cisco VPN Phone    : Enabled        
Advanced Endpoint Assessment      : Enabled        
Shared License                    : Disabled       
Total TLS Proxy Sessions          : 8000           
Cluster                           : Disabled       

Serial Number: JAD26295678
Configuration register is 0x1
Configuration last modified by enable_1 at 08:19:10.249 UTC Sun Dec 11 2022
 

ciscoasa# show interface ip brief
Interface                  IP-Address      OK?           Method Status      Protocol
Internal-Data0/1           unassigned      YES           unset  up          up  
Ethernet1/1                unassigned      YES           DHCP   down        down
Ethernet1/2                192.168.1.1     YES           CONFIG down        down

Ethernet1/3                unassigned      YES           unset  admin down  down
Ethernet1/4                unassigned      YES           unset  admin down  down
Ethernet1/5                unassigned      YES           unset  admin down  down
Ethernet1/6                unassigned      YES           unset  admin down  down
Ethernet1/7                unassigned      YES           unset  admin down  down
Ethernet1/8                unassigned      YES           unset  admin down  down
Ethernet1/9                unassigned      YES           unset  admin down  down
Ethernet1/10               unassigned      YES           unset  admin down  down
Ethernet1/11               unassigned      YES           unset  admin down  down
Ethernet1/12               unassigned      YES           unset  admin down  down
Ethernet1/13               unassigned      YES           unset  admin down  down
Ethernet1/14               unassigned      YES           unset  admin down  down
Ethernet1/15               unassigned      YES           unset  admin down  down
Ethernet1/16               unassigned      YES           unset  admin down  down
Internal-Data1/1           169.254.1.1     YES           unset  up          up  
Management1/1              unassigned      YES           DHCP   up          up  
 

ciscoasa# show fxos mode
Mode is currently set to appliance
 

ciscoasa# show run
: Saved

:
: Serial Number: JAD26295678
: Hardware:   FPR-2120, 6588 MB RAM, CPU MIPS 1200 MHz, 1 CPU (8 cores)
:
ASA Version 9.16(2)3
!
hostname ciscoasa
enable password ***** pbkdf2
service-module 0 keepalive-timeout 4
service-module 0 keepalive-counter 6
names
no mac-address auto

!
interface Ethernet1/1
 nameif outside
 security-level 0
 ip address dhcp setroute
!
interface Ethernet1/2
 nameif inside
 security-level 100
 ip address 192.168.1.1 255.255.255.0
!             
interface Ethernet1/3
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet1/4
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet1/5
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet1/6
 shutdown
 no nameif
 no security-level
 no ip address
!             
interface Ethernet1/7
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet1/8
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet1/9
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet1/10
 shutdown
 no nameif
 no security-level
 no ip address
!             
interface Ethernet1/11
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet1/12
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet1/13
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet1/14
 shutdown
 no nameif
 no security-level
 no ip address
!             
interface Ethernet1/15
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet1/16
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Management1/1
 management-only
 nameif management
 security-level 100
 ip address dhcp setroute
!
ftp mode passive
dns domain-lookup outside
dns server-group DefaultDNS
 name-server 208.67.220.220
 name-server 208.67.222.222
object network obj_any
 subnet 0.0.0.0 0.0.0.0

pager lines 24
mtu outside 1500
mtu inside 1500
mtu management 1500
no failover
no failover wait-disable
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
arp rate-limit 32768
!
object network obj_any
 nat (any,outside) dynamic interface

timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
timeout conn-holddown 0:00:15
timeout igp stale-route 0:01:10
user-identity default-domain LOCAL
aaa authentication login-history
http server enable
http 0.0.0.0 0.0.0.0 management
http 192.168.1.0 255.255.255.0 inside

no snmp-server location
no snmp-server contact
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpoint _SmartCallHome_ServerCA
 no validation-usage
 crl configure
crypto ca trustpoint _SmartCallHome_ServerCA2
 no validation-usage
 crl configure
crypto ca trustpool policy
 auto-import
crypto ca certificate chain _SmartCallHome_ServerCA
 certificate ca 0a0142800000014523c844b500000002
    30820560 30820348 a0030201 0202100a 01428000 00014523 c844b500 00000230
    0d06092a 864886f7 0d01010b 0500304a 310b3009 06035504 06130255 53311230
   

 <OUTPUT TRUNCATED>


    effab15c 3806a51b 4ae1dc38 2d3cdcab 1f901ad5 4a9ceed1 706cccee f457f818
    ba846e87
  quit
crypto ca certificate chain _SmartCallHome_ServerCA2
 certificate ca 0509
    308205b7 3082039f a0030201 02020205 09300d06 092a8648 86f70d01 01050500
    3045310b 30090603 55040613 02424d31 19301706 0355040a 13105175 6f566164
     

<OUTPUT TRUNCATED>
    

b478a53a 874c8d8a a5d54697 f22c10b9 bc5422c0 01506943 9ef4b2ef 6df8ecda
    f1e3b1ef df918f54 2a0b25c1 2619c452 100565d5 8210eac2 31cd2e
  quit
telnet timeout 5
ssh stricthostkeycheck
ssh timeout 5
ssh version 2
ssh key-exchange group dh-group14-sha256
console timeout 0
dhcpd auto_config outside
!
dhcpd address 192.168.1.20-192.168.1.254 inside
dhcpd enable inside

!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
dynamic-access-policy-record DfltAccessPolicy
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum client auto
  message-length maximum 512
  no tcp-inspection
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect ip-options
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip  
!
service-policy global_policy global
prompt hostname context
call-home
 profile License
  destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
  destination transport-method http
 profile CiscoTAC-1
  no active
  destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
  destination address email callhome@cisco.com
  destination transport-method http
  subscribe-to-alert-group diagnostic
  subscribe-to-alert-group environment
  subscribe-to-alert-group inventory periodic monthly
  subscribe-to-alert-group configuration periodic monthly
  subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:a1c904c4f03d7e67a2c3541f723cf62b
: end

 

No comments:

Post a Comment