FTD factory reset

Technology Overview:


Cisco FTD is a threat-focused, next-gen firewall (NGFW) with unified management. It provides advanced threat protection before, during and after attacks.


NGFWs use a variety of capabilities including stateful firewall, static and dynamic routing, next-generation intrusion prevention systems (NGIPS), application visibility and control (AVC), URL filtering, access control to increase security and Zero day file analysis.


When integrated with other Cisco solutions (ISE, AMP, Talos, web and email appliances), it provides a cohesive environment of protection tools that share intelligence and learn.

The command to reset a Cisco Firepower Threat Defense appliance to factory defaults without completely re-imaging the device is configure manager delete. This will erase the entire configuration.


The only settings NOT erased is the management configuration IP address and routing, therefore the appliance can be re-configured remotely using SSH.

#1) Connect to the FTD management IP using SSH;

#2) Enter the command "show managers" to confirm the manager configuration;

#3) Enter the command "show interface ip brief" to confirm the current configuration of the data interfaces;

#4) Enter the command "show running-config" to confirm the presence of configuration;

#5) Enter the command "configure manager delete" and cross your fingers;

#6) Type "Yes" to confirmation;


The FTD has now been reset to factory defaults and can be re-configured.

You can safely reset the configuration whilst connected to the management interface via SSH without losing connection!


...wait a minute! ⏳👨‍💻


#7) Enter the command "show managers" to confirm no manager configured;

#8) Enter the command "show interface ip brief" and "show running-config" and confirm the configuration has been reset;


After the configuration has been reset, the device will need to be setup to use a manager, either locally using FDM or centrally using the FMC.


#9.a) To manage the FTD locally use the command "configure manager local";

#9.b) To manage the FTD via the FMC use the command "configure manager add <FMC IP Address> <Registration Key>".


gif


21 views0 comments

Recent Posts

See All

Umbrella VA

What is Umbrella VA and how it works? 🤔 Umbrella virtual appliances (VAs) are lightweight virtual machines that are compatible with VMWare ESX/ESXi, Windows Hyper-V, and KVM hypervisors and the Micro

The configuration register

The configuration register is a special 16 bits value and can be used to change router behavior in several ways, such as: ▸How the router boots (into ROMmon, NetBoot); ▸Options while booting (ignore c

Analyzing Firepower logs with pigtail

Did you ever run into a problem with Cisco Firepower that left you clueless as to why your policy deployment is failing? Have you ever asked yourself why your FMC High-Availability is not working corr