FTD support diagnostic CLI
system support diagnostic-cli
Cisco ACS backup/restore procedure
show repository <repository name> | i <repository name>
acs restore <backup name> repository <repository name>
show application status acs
VMware can’t find headers
user@host:~$ sudo aptitude install linux-headers-$(uname -r)
grub-install: error: failed to register the EFI boot entry: Operation not permitted.
- umount /boot/efi
- apt install -f
- mount -a
- apt update && sudo apt upgrade
Firepower FTD 11X0,21X0 management address change
configure network ipv4 manual <ip address> <subnet mask> <df gateway> management0
show network
Fortigate – get interface MAC address
Use CLI and enter: get hardware nic port <name> or diag hardware deviceinfo nic <name>
Change windows password via RDP session
Start -> RUN -> osk
You’ll get on screen keyboard and now you can press CTRL + ALT + DEL to change your password.
Connect to Cisco device with USB cabel on linux
user@computer:~$ dmesg | grep tty
[ 0.088345] printk: console [tty0] enabled
[ 0.418156] serial8250: ttyS0 at I/O 0x3f8 (irq = 4, base_baud = 115200) is a 16550A
[ 5.030307] usb 1-3.1.3: pl2303 converter now attached to ttyUSB0
[86188.149229] pl2303 ttyUSB0: pl2303 converter now disconnected from ttyUSB0
[86271.641530] usb 1-2: pl2303 converter now attached to ttyUSB0
[86796.881771] pl2303 ttyUSB0: pl2303 converter now disconnected from ttyUSB0
[86855.323347] usb 1-4: pl2303 converter now attached to ttyUSB0
[86877.932139] pl2303 ttyUSB0: pl2303 converter now disconnected from ttyUSB0
[86884.784432] usb 1-4: pl2303 converter now attached to ttyUSB0
[87068.706927] pl2303 ttyUSB0: pl2303_set_control_lines – failed: -19
[87068.706937] pl2303 ttyUSB0: error sending break = -19
[87068.707250] pl2303 ttyUSB0: pl2303 converter now disconnected from ttyUSB0
[259915.126314] cdc_acm 1-3.1.3:1.0: ttyACM0: USB ACM device
SSH not working after upgrade
I upgraded ubuntu to focal 20.04 and SSH was unable to negotiate with network devices I tried to ssh on.
Solution was found here, or simpy editing /etc/ssh/ssh_conf by adding following lines to the end of the file:
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
MACs hmac-md5,hmac-sha1,umac-64@openssh.com
KexAlgorithms diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
HostKeyAlgorithms ssh-rsa,ssh-dss
Reimage/downgrade Firepower FTD 1100/2100
I had some problems while downgrading so here are my steps.
Documentation is not really clear about this, so here are the steps.
- from fxos, reformat system
firepower-2110# connect local-mgmt
firepower-2110(local-mgmt)# format everything
All configuration and bootable images will be lost.
Do you still want to format? (yes/no):yes - enter rommon and boot via tftp
rommon 1 > address 10.86.118.4
rommon 2 > netmask 255.255.250.0
rommon 3 > server 10.86.118.21
rommon 4 > gateway 10.86.118.1
rommon 5 > file cisco-asa-fp2k.9.8.2.SPA
rommon 6 > set
rommon 7 > sync
rommon 8 > tftp -b - everything is erased so you have to reconfigure your mgmt interface
firepower-2110# scope fabric-interconnect a
firepower /fabric-interconnect* # set out-of-band static ip 10.86.118.4 netmask 255.255.250.0 gw 10.86.118.21
firepower /fabric-interconnect* # commit-buffer - download image (could not get USB to mount so I used ftp)
firepower # scope firmware
firepower /firmware # download image ftp://user@10.86.118.21/cisco-asa-fp2k.9.8.2.SPA
check status:
firepower /firmware # show download-task - install image
look at version you want to install:
firepower /firmware # show package
firepower /firmware # scope auto-install
firepower /firmware/auto-install # install security-pack version
check status (wait for Update Software Pack Completed):
firepower /firmware # show - configure ftd/initial configuration
firepower /firmware # connect ftd