top of page

FTD factory reset

Technology Overview:

Cisco FTD is a threat-focused, next-gen firewall (NGFW) with unified management. It provides advanced threat protection before, during and after attacks.

NGFWs use a variety of capabilities including stateful firewall, static and dynamic routing, next-generation intrusion prevention systems (NGIPS), application visibility and control (AVC), URL filtering, access control to increase security and Zero day file analysis.

When integrated with other Cisco solutions (ISE, AMP, Talos, web and email appliances), it provides a cohesive environment of protection tools that share intelligence and learn.


The command to reset a Cisco Firepower Threat Defense appliance to factory defaults without completely re-imaging the device is configure manager delete. This will erase the entire configuration.

The only settings NOT erased is the management configuration IP address and routing, therefore the appliance can be re-configured remotely using SSH.


#1) Connect to the FTD management IP using SSH;

#2) Enter the command "show managers" to confirm the manager configuration;

#3) Enter the command "show interface ip brief" to confirm the current configuration of the data interfaces;

#4) Enter the command "show running-config" to confirm the presence of configuration;

#5) Enter the command "configure manager delete" and cross your fingers;

#6) Type "Yes" to confirmation;

The FTD has now been reset to factory defaults and can be re-configured.

You can safely reset the configuration whilst connected to the management interface via SSH without losing connection!

...wait a minute! ⏳👨‍💻

#7) Enter the command "show managers" to confirm no manager configured;

#8) Enter the command "show interface ip brief" and "show running-config" and confirm the configuration has been reset;

After the configuration has been reset, the device will need to be setup to use a manager, either locally using FDM or centrally using the FMC.

#9.a) To manage the FTD locally use the command "configure manager local";

#9.b) To manage the FTD via the FMC use the command "configure manager add <FMC IP Address> <Registration Key>".

1,894 views0 comments

Recent Posts

See All

Duologsync (DLS) is a utility written by Duo Security that supports fetching logs from Duo endpoints and ingesting them to different SIEMs. Logging: A logging filepath can be specified in config.yml.

Syslog is a protocol that computer systems use to send event data logs to a central location for storage. Logs can then be accessed by analysis and reporting software to perform audits, monitoring, tr

ISE Repositories can be configured from both the GUI and the CLI of the ISE and can be used for these purposes: ➛ Backup and Restore of ISE Configuration and Operational data; ➛ Upgrade of ISE nodes;

bottom of page