Reimage Procedures. Firepower 2100 Series Software Reimage and Disaster Recovery

Similar documents
Image Management. About Image Management

Backing Up and Restoring the Configuration

System Administration

Troubleshoot Firmware

Working with Configuration Files

Configuring Administrative Operations

Getting Started. About the ASA for Firepower How the ASA Works with the Firepower 2100

Router Recovery with ROM Monitor

Router Recovery with ROM Monitor

Server Utilities. Enabling Or Disabling Smart Access USB. This chapter includes the following sections:

Configuring Administrative Operations

Configuring Host Router and Cisco Analog Video Gateway Module Interfaces

Configuring the Fabric Interconnects

Working with Cisco UCS Manager

Security Module/Engine Management

Using the Offline Diagnostic Monitor Menu

Upgrading Your CSS Software

Deploying Cisco UCS Central

Getting Started. Task Flow. Initial Configuration. Task Flow, on page 1 Initial Configuration, on page 1 Accessing the FXOS CLI, on page 4

Managing Controller Software and Configurations

SSL VPN Reinstallation

Cisco Branch Routers Series Network Analysis Module (NME-NAM-120S) Installation and Configuration Note, 4.2

Upgrading, Downgrading, and Installing System Images

ExtraHop Command-line Reference

Cisco Prime Network Services Controller 3.0 CLI Configuration Guide

Upgrading the Server Software

Upgrading, Downgrading, and Installing System Images

Configuration Import/Export

VSB Backup and Recovery

Question: 1 You have a Cisco UCS cluster and you must recover a lost admin password. In which order must you power cycle the fabric interconnects?

Managing Services Modules

Maintaining Cisco Unity Connection Server

Nexus 9500 Spine Supervisor Failure Recovery

Maintaining the System Software

The instruction in this document is applicable on Cisco FireSIGHT Management Center FS2000 and FS4000 models.

No Service Password-Recovery

Lenovo RackSwitch G8272. Release Notes. For Networking OS 8.2

Upgrading the Software

Performing Maintenance Operations

D-Link (Europe) Ltd. 4 th Floor Merit House Edgware Road London HA7 1DP U.K. Tel: Fax:

Recovery Procedure for Cisco Digital Media Manager 5.2

Overview of the Command-Line Interface

Application Guide. Stacking XGS / XGS HP / XGS / XGS HP

Overview. Overview. This chapter includes the following sections:

Configure the Cisco DNA Center Appliance

Deploying Cisco ASA Firewall Features (FIREWALL) v1.0. Global Knowledge European Remote Labs Instructor Guide

Troubleshooting Initial Startup Problems

Upgrading, Downgrading, and Installing System Images

Security Certifications Compliance

Switch Memory and Configuration

Upgrading Software and Firmware

In the following table, asterisks (*) indicate the factory default setting. First level Second level Third level Fourth level Values

Command-Line Interfaces

Troubleshooting. General System Checks. Troubleshooting Components. Send documentation comments to

Command-Line Interfaces

Configure Dynamic Host Configuration Protocol (DHCP) Image Upgrade Settings on a Switch through the Command Line Interface (CLI)

Software Images. About Software Images. Dependent Factors. Send documentation comments to CHAPTER

Chapter 5 Review Questions

Installing or Upgrading ANM Virtual Appliance

3 Connection, Shell Serial Connection over Console Port SSH Connection Internet Connection... 5

Maintaining the System Software

The following topics explain how to install system software images and upgrade packages.

Configuration Import/Export

Product Family: Networking Hardware Number: AN-NH-012

Overview. Overview. Cisco UCS 6324 Fabric Interconnect with Cisco UCS B-Series Servers and C-Series Servers, which is. Overview 1

Upgrading, Downgrading, and Installing System Images

Configuring Virtual Service Blades

CCNA 1 Chapter 2 v5.0 Exam Answers %

Overview of the Cisco NCS Command-Line Interface

Reinstalling a Cisco Unity Express Image Using the Boothelper

ESX Server 3i Embedded Setup Guide ESX Server 3i version 3.5 Embedded and VirtualCenter 2.5

Maintenance Tasks CHAPTER

Maintenance Tasks CHAPTER

Software Upgrade. Selecting a Cisco IOS Image. Upgrading the Cisco IOS image

TCPWave DDI Virtual Machine Installation Guide

Recovering a Lost Password

Reinstalling a Cisco Unity Express Image Using the Boothelper

Router Startup and Configuration

Getting Started. Access the Console for the Command-Line Interface. Access the Appliance Console

Deploy a Customer Site

Installing the Cisco Virtual Network Management Center

Configuration Export and Import

Cisco ACI Cluster Management

Lenovo Flex System SI Gb System Interconnect Module. Release Notes. for Networking OS 8.2

Cisco ASA for Firepower 2100 Series Getting Started Guide

Contents. Table of Contents

Maintenance Tasks. About A/B Partition CHAPTER

GRP Redundant Processor Support

Upgrading Using the Boot Helper

Troubleshooting. Testing Your Configuration CHAPTER

Lab Firmware Upgrade of a Catalyst 2900 Series Switch

DGS-3630-Series Switches

Installing Cisco StadiumVision Director Software from a DVD

MOP for upgrading StoneOS

Lenovo RackSwitch G8272. Release Notes. For Cloud Network Operating System 10.3

Upgrade an ASA HA Pair on Firepower Appliances

Maintaining the MGX RPM-PR

Chapter 2: System and Network Architecture. Chapter 4: Configuration of the Server and Client Machines. Chapter 5: Starting a Functional Test

Bring-up the Router. Boot the Router

Firmware Management. Overview of Firmware. This chapter includes the following sections:

Transcription:

Firepower 2100 Series Software Reimage and Disaster Recovery Procedures, page 1 Firepower 2100 Series Software Reimage and Disaster Recovery Procedures In some cases, you may want to reset your system to its manufacturing settings. There are three reimaging options available: Erase configuration and restart the system with the same Firepower Threat Defense image All configurations are removed and Firepower Threat Defense is reinstalled using the current running software package. that after performing this procedure, you will have to reconfigure the system, including admin password and connectivity information. For the full procedure, see: Reimage the Firepower 2100 System with the Base Install Software Package Version, on page 2 Re-image the system with a new application software version The current Firepower Threat Defense instance is deleted and a new Firepower Threat Defense instance is installed. that after performing this procedure, you will have to reconfigure the system, including admin password and connectivity information. For the full procedure, see: Reimage the Firepower 2100 Series System with a New Software Package Version, on page 3 Reimage the system to its factory default settings This option restores your system to its factory default settings. The procedure requires you to boot the system over tftp, download the application software, apply the software, and reconfigure the entire system. For the full procedure, see: Perform a Complete Reimage of the Firepower 2100 System, on page 5 1

Reimage the Firepower 2100 System with the Base Install Software Package Version Reimage the Firepower 2100 System with the Base Install Software Package Version This procedure erases all configuration except the software package, and the base install Firepower Threat Defense software version setting. When the system comes back up after the erase configuration operation, it will run with the base install version of Firepower Threat Defense. If your current running version is an upgrade only image, you will have to re-upgrade your Firepower Threat Defense after performing this procedure. For example, Firepower 6.2.2.x is an upgrade only image. If you elect to perform the erase configuration operation on your 6.2.2.x system, the base install package (Firepower 6.2.1.x) will be reinstalled and you will need to re-upgrade to Firepower 6.2.2.x using Firepower Management Center or Firepower Device Manager. After performing this procedure, the admin password is reset to Admin123. You must reconfigure the system from scratch after Firepower Threat Defense comes online. After performing this procedure, you may need to upgrade again via the Firepower Management Center or Firepower Device Manager to get back to the correct Firepower Threat Defense version. See the Before You Begin section of this topic for more information. Before You Begin Take note of your applicance management IP configuration and copy the information shown from the following command: firepower # scope fabric a firepower /fabric-interconnect # show detail Take note of your Firepower Threat Defense base install version using the following commands. The Startup Version column shows your base install version. firepower# scope ssa firepower /ssa # show app-instance Application Name Slot ID Admin State Operational State Running Version Startup Version Cluster Oper State -------------------- ---------- --------------- -------------------- --------------- --------------- ------------------ ftd 1 Enabled Online 6.2.2.49 6.2.1.341 Not Applicable Disassociate your devices from Smart Licensing. Procedure Step 1 Step 2 In the FXOS CLI, connect to local-mgmt: firepower # connect local-mgmt Erase all configuration: firepower(local-mgmt) # erase configuration 2

Reimage the Firepower 2100 Series System with a New Software Package Version Step 3 firepower(local-mgmt)# erase configuration All configurations will be erased and system will reboot. Are you sure? (yes/no):yes Removing all the configuration. Please wait... Configurations are cleaned up. Rebooting... Once the system comes back up, you can check the state of the application with the show app-instance command. that the password login is now set to the default admin/admin123. firepower# scope ssa firepower /ssa # show app-instance Application Name Slot ID Admin State Operational State Running Version Startup Version Cluster Oper State -------------------- ---------- --------------- -------------------- --------------- --------------- ------------------ ftd 1 Disabled Installing 6.2.1-1314 Not Applicable It may take more than 10 minutes for the application installation to complete. Once Firepower Threat Defense is back online, the Operational State of the show app-instance command displays as Online: firepower /ssa # show app-instance Application Name Slot ID Admin State Operational State Running Version Startup Version Cluster Oper State -------------------- ---------- --------------- -------------------- --------------- --------------- ------------------ ftd 1 Enabled Online 6.2.1.10140 What to Do Next Reconfigure the Firepower Threat Defense application and upgrade to latest version if necessary. For more information on how to set your management IP and other configuration parameters, see the Cisco Firepower Threat Defense for the Firepower 2100 Series Quick Start Guide. Reimage the Firepower 2100 Series System with a New Software Package Version This procedure allows you to reimage the Firepower Threat Defense on the Firepower 2100 Series system with a new software version without formatting the disks. The Firepower Threat Defense application is uninstalled and then reinstalled with the latest software version. The management IP address, gateway and network mask are unchanged. After performing this procedure, the admin password is reset to Admin123. 3

Reimage the Firepower 2100 Series System with a New Software Package Version Before You Begin Take note of your applicance management IP configuration and copy the information shown from the following command: firepower # scope fabric a firepower /fabric-interconnect # show detail Disassociate your devices from Smart Licensing. Procedure Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Download the Firepower Threat Defense for Firepower 2100 software bundle to your local computer, or to a USB flash drive. If using a USB drive, insert the USB drive into the USB port on the Firepower 2100 appliance. In Service Manager, enter the system scope and verify the current version running on your system: firepower # scope system firepower /system # show version detail Enter the firmware scope: firepower # scope firmware Download the new Firepower Threat Defense application software package. If you are using a USB drive to download the software package, use the following syntax: firepower /firmware # download image usba:image_name that the image_name is the output from the show version detail command in step 3, above. For example: firepower /firmware # download image usba:cisco-ftd-fp2k.6.2.1-36.spa You can also use FTP, SCP, SFTP, or TFTP to copy the Firepower Threat Defense software package to the device. For example: firepower /firmware # download image ftp://cisco-ftd-fp2k.6.2.1-36.spa When performing a file transfer via FTP or SCP, you must provide an absolute path to the image, as the system prepends a forward slash to the filename provided in the download image request. Display the download task to monitor the download progress: firepower /firmware #show download-task Once Downloaded displays in the output of the Status column, the download is complete. Once the download is complete, display the software packages installed on your system and copy the displayed bundle image version from the output: firepower /firmware # show package firepower /firmware # show package Name Package-Vers --------------------------------------------- ------------ cisco-ftd-fp2k.6.2.1-1314.spa 6.2.1-1314 In the above example, 6.2.1-36 is the security pack version. Step 8 Enter the auto-install scope: 4

Perform a Complete Reimage of the Firepower 2100 System firepower /firmware # scope auto-install Step 9 Step 10 Install the new application software package (where the version is the output from show package, above): firepower /firmware/auto-install # install security-pack version version Enter yes when prompted. The system reboots, then installs the latest Firepower Threat Defense for Firepower 2100 software bundle. What to Do Next Reconfigure the Firepower Threat Defense application. For more information on how to set your management IP and other configuration parameters, see the Cisco Firepower Threat Defense for the Firepower 2100 Series Quick Start Guide. Perform a Complete Reimage of the Firepower 2100 System This procedure reformats the entire Firepower Threat Defense on the Firepower 2100 Series system and returns it to its factory default settings. After performing this procedure, you must download the new software images and reconfigure your system from scratch. After performing this procedure, the admin password is reset to Admin123. Procedure Step 1 Step 2 In the FXOS CLI, connect to local-mgmt: firepower # connect local-mgmt Format the system: firepower(local-mgmt) # format everything firepower(local-mgmt)# format emmc emmc Flash Device everything Format All storage devices ssd1 Primary SSD Disk ssd2 Secondary SSD Disk Step 3 firepower(local-mgmt)# format everything All configuration and bootable images will be lost. Do you still want to format? (yes/no):yes When you see the following prompt, hit ESC to stop the boot. Step 4 Use BREAK or ESC to interrupt boot. Use SPACE to begin boot immediately. The system reboots and stops at the ROMMON prompt. The device will first try to ARP for the gateway IP. If you connect the device directly to your TFTP/FTP/SCP server, you must set the gateway IP and the server IP to the same IP. 5

Perform a Complete Reimage of the Firepower 2100 System Enter the parameters as follows: rommon 2 > ADDRESS= address rommon 3 > NETMASK= netmask rommon 4 > GATEWAY= gateway rommon 5 > SERVER= server rommon 6 > IMAGE= image Step 5 Step 6 Step 7 Step 8 Step 9 Step 10 Set the configuration: rommon 7 > set Sync the new configuration: rommon 8 > sync Test ICMP connectivity from the ROMMON to the TFTP/FTP/SCP server IP. rommon 9 > ping server IP Boot the image: tftp -b Pings from the TFTP/FTP/SCP server IP to the management IP will fail. This is expected behavior. Once the system comes up, log in as admin/admin123 and reconfigure the management IP address: a) Enter the fabric-interconnect scope: firepower#/ scope fabric-interconnect a b) Set the new management IP information: firepower /fabric-interconnect # set out-of-band static ip ip netmask netmask gw gateway c) Commit the configuration: commit-buffer If you encounter the following error, you must disable DHCP before committing the change. Follow the steps below to disable DHCP. firepower /fabric-interconnect* # commit-buffer Error: Update failed: [Management ipv4 address (IP <ip> / net mask <netmask> ) is not in the same network of current DHCP server IP range <ip - ip>. Either disable DHCP server first or config with a different ipv4 address.] a) firepower /fabric-interconnect # exit b) firepower # scope system c) firepower #/system scope services d) firepower #/system/services disable dhcp-server e) firepower #/system/services commit-buffer f) Once the DHCP server is disabled, you can go back and set the new management IP. Download the new Firepower Threat Defense application software package. If you are using a USB drive to download the software package, use the following syntax: firepower # scope firmware firepower /firmware # download image usba:image_name that the image_name is the output from the show version detail command in step 3, above. For example: 6

Perform a Complete Reimage of the Firepower 2100 System Step 11 Step 12 firepower /firmware # download image usba:cisco-ftd-fp2k.6.2.1-36.spa You can also use FTP, SCP, SFTP, or TFTP to copy the Firepower Threat Defense software package to the device. For example: firepower /firmware # download image ftp://cisco-ftd-fp2k.6.2.1-36.spa When performing a file transfer via FTP or SCP, you must provide an absolute path to the image, as the system prepends a forward slash to the filename provided in the download image request. Once the download task is complete, the download-task command output displays the State as Downloaded: firepower /firmware # show download-task image_path Display the downloaded package version: firepower /firmware # show package Step 13 Step 14 firepower /firmware # show package Name Package-Vers --------------------------------------------- ------------ cisco-ftd-fp2k.6.2.1-1314.spa 6.2.1-1314 Enter the auto-install scope: firepower /firmware # scope auto-install Install the new software application package (where version is the version output in step 11, above: firepower /firmware/auto-install # install security-pack version version force After the software package installation is complete, the system reboots while installing Firepower Threat Defense. What to Do Next Reconfigure the Firepower Threat Defense application. For more information on how to set your management IP and other configuration parameters, see the Cisco Firepower Threat Defense for the Firepower 2100 Series Quick Start Guide. 7

Perform a Complete Reimage of the Firepower 2100 System 8

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback