top of page

FTD factory reset

Technology Overview:

Cisco FTD is a threat-focused, next-gen firewall (NGFW) with unified management. It provides advanced threat protection before, during and after attacks.

NGFWs use a variety of capabilities including stateful firewall, static and dynamic routing, next-generation intrusion prevention systems (NGIPS), application visibility and control (AVC), URL filtering, access control to increase security and Zero day file analysis.

When integrated with other Cisco solutions (ISE, AMP, Talos, web and email appliances), it provides a cohesive environment of protection tools that share intelligence and learn.


The command to reset a Cisco Firepower Threat Defense appliance to factory defaults without completely re-imaging the device is configure manager delete. This will erase the entire configuration.

The only settings NOT erased is the management configuration IP address and routing, therefore the appliance can be re-configured remotely using SSH.


#1) Connect to the FTD management IP using SSH;

#2) Enter the command "show managers" to confirm the manager configuration;

#3) Enter the command "show interface ip brief" to confirm the current configuration of the data interfaces;

#4) Enter the command "show running-config" to confirm the presence of configuration;

#5) Enter the command "configure manager delete" and cross your fingers;

#6) Type "Yes" to confirmation;

The FTD has now been reset to factory defaults and can be re-configured.

You can safely reset the configuration whilst connected to the management interface via SSH without losing connection!

...wait a minute! ⏳👨‍💻

#7) Enter the command "show managers" to confirm no manager configured;

#8) Enter the command "show interface ip brief" and "show running-config" and confirm the configuration has been reset;

After the configuration has been reset, the device will need to be setup to use a manager, either locally using FDM or centrally using the FMC.

#9.a) To manage the FTD locally use the command "configure manager local";

#9.b) To manage the FTD via the FMC use the command "configure manager add <FMC IP Address> <Registration Key>".

2,884 views0 comments

Recent Posts

See All

Securing IOS-XE Routing Protocols

Securing the routing information prevents an attacker from introducing false routing information into the network, which could be used as part of a Denial of Service (DoS) or Man-in-the-Middle (MiTM)

Cisco Duo Log Sync (DLS)

Duologsync (DLS) is a utility written by Duo Security that supports fetching logs from Duo endpoints and ingesting them to different SIEMs. Logging: A logging filepath can be specified in config.yml.

Umbrella VA logging to Remote Syslog Server

Syslog is a protocol that computer systems use to send event data logs to a central location for storage. Logs can then be accessed by analysis and reporting software to perform audits, monitoring, tr


bottom of page