FTD factory reset

Technology Overview:

Cisco FTD is a threat-focused, next-gen firewall (NGFW) with unified management. It provides advanced threat protection before, during and after attacks.

NGFWs use a variety of capabilities including stateful firewall, static and dynamic routing, next-generation intrusion prevention systems (NGIPS), application visibility and control (AVC), URL filtering, access control to increase security and Zero day file analysis.

When integrated with other Cisco solutions (ISE, AMP, Talos, web and email appliances), it provides a cohesive environment of protection tools that share intelligence and learn.


The command to reset a Cisco Firepower Threat Defense appliance to factory defaults without completely re-imaging the device is configure manager delete. This will erase the entire configuration.

The only settings NOT erased is the management configuration IP address and routing, therefore the appliance can be re-configured remotely using SSH.


#1) Connect to the FTD management IP using SSH;

#2) Enter the command "show managers" to confirm the manager configuration;

#3) Enter the command "show interface ip brief" to confirm the current configuration of the data interfaces;

#4) Enter the command "show running-config" to confirm the presence of configuration;

#5) Enter the command "configure manager delete" and cross your fingers;

#6) Type "Yes" to confirmation;

The FTD has now been reset to factory defaults and can be re-configured.

You can safely reset the configuration whilst connected to the management interface via SSH without losing connection!

...wait a minute! ⏳👨‍💻

#7) Enter the command "show managers" to confirm no manager configured;

#8) Enter the command "show interface ip brief" and "show running-config" and confirm the configuration has been reset;

After the configuration has been reset, the device will need to be setup to use a manager, either locally using FDM or centrally using the FMC.

#9.a) To manage the FTD locally use the command "configure manager local";

#9.b) To manage the FTD via the FMC use the command "configure manager add <FMC IP Address> <Registration Key>".


289 views0 comments

Recent Posts

See All

The Duo Authentication Proxy is an on-premises software service that receives authentication requests from your local devices and applications via RADIUS or LDAP, optionally performs primary authentic

This post provides a step-by-step procedure for installing the hot patch released by Cisco for ISE servers, in light of the recent Log4j vulnerability (Apache Log4j Java Logging Library). More details

We have already seen how Umbrella works in previous posts and now let's do the basic configuration. https://www.stenge.info/post/umbrella-va Configuration Mode on a VA Deployed: When you open the VA i