22 Comments

  1. Mark Timons
    January 27, 2018 @ 12:55 pm

    Ok, that’s great but how do you go about configuring the interfaces again? I know Cisco love to make everything complicated but this new FTD CLI is ridiculous.

    Reply

    • lammle
      January 29, 2018 @ 1:46 pm

      yea, that takes some effort. We spend quite a while on the interfaces in class. Maybe you can come to class!
      Go to Devices>Devices, click on each FTD box and configure the interfaces tab

      Reply

  2. CW
    January 29, 2018 @ 1:42 pm

    Life Saver helped me on a TAC call.

    Reply

    • lammle
      January 29, 2018 @ 1:47 pm

      Wow, nice! šŸ™‚
      Thanks!

      Reply

  3. Matias
    February 15, 2018 @ 11:14 am

    Great, thanks for share this!

    Reply

  4. James
    March 13, 2018 @ 6:47 pm

    If you configure an FTD locally and then add it to an FMC later, does it wipe out all of your interface configurations? Policies? VPN?

    Thanks.

    Reply

    • lammle
      March 14, 2018 @ 5:14 am

      hi James, yes, for sure. All would have to be reconfigured and pushed out through the FMC, replacing the local configuration.

      Reply

      • James
        March 15, 2018 @ 2:23 pm

        IP addresses too?

        Reply

        • lammle
          March 15, 2018 @ 2:27 pm

          Yes, it’s not that bad, but 100% reconfigured needed if you do local (why?) and then go to FMC
          come to my class and I’ll show you! šŸ™‚

          Reply

  5. Cesar Ortiz
    March 17, 2018 @ 10:39 pm

    Will changing the FTD from Routed to transparent only erase interfaces configuration, or will also delete NAT, Platform Settings and FlexConfig ?

    Reply

    • lammle
      March 18, 2018 @ 6:22 am

      Yes, everything except the management IP info is deleted on the box…although it says it deletes only the interface configs, that’s not true. Try it out….it’s the first thing we do in my FTD class.

      Reply

  6. Jason
    April 13, 2018 @ 3:08 pm

    Is there an easier way to deal with L2L VPNs in the event of having to replace an FTD firewall due to hardware failure or to simply change the management interface IP. All I can find is you must disjoin the FTD from the FMC (requiring you to first delete all of your L2L tunnels that reference that FTD), change the mgmt IP, and rejoin the FMC. Then you must manually reconfigure all L2L tunnels. Not a big deal if you only have 2-3, but on an FTD with upwards of 40 tunnels that’s a huge amount of time to reconfigure.

    Reply

  7. evg
    April 19, 2018 @ 6:15 am

    What will be with the access lists and with the address of the management interface?

    Reply

  8. Vagner Silva
    May 16, 2018 @ 1:47 pm

    I’m trying to reset but it’s still keeping saying I have a manage locally.

    > configure firewall transparent

    The firewall mode cannot be changed when a manager is configured.

    > show managers
    Managed locally.

    > configure manager delete

    If you enabled any feature licenses, you must disable them in Firepower Device Manager before deleting the local manager.
    Otherwise, those licenses remain assigned to the device in Cisco Smart Software Manager.
    Do you want to continue[yes/no]yes
    DCHP Server Disabled

    Reply

    • lammle
      May 16, 2018 @ 2:33 pm

      yes, that is a hard problem. You may need to reboot the FTD box, or just keep trying to “configure manager add ip_add password” over and over again…I’ve seen this and it’s annoying.

      Reply

      • Vagner
        May 16, 2018 @ 5:20 pm

        Thanks lammle.

        When configuring with manager add and then on FMC adding the ftd device it keeps loading on FMC forever saying its doing discover.
        On FTD it keeps saying “manager configured” but no configuration its bring applied.
        Rebooted many times, tries to add many times.

        This is the reason I decided to clean up configuration like:
        ERASE STARTUP CONFIG

        Only config and not the operational system as well

        Reply

  9. Vagner Silva
    May 17, 2018 @ 5:20 am

    WHen trying to add to FMC it says on FTD that its configured corrently but its not receiving new policies.

    On the other side on FMC it keep saying that its running “discovering device” forever.

    This is the reason why I decided to clean up all device config and don’t erase the operational system.

    Reply

    • lammle
      May 17, 2018 @ 8:55 am

      Reboot the FTD box and go into ROMMOM and install 6.2.3 code on it and upgrade your FMC as well.

      Reply

  10. Luke Phelps
    June 27, 2018 @ 2:41 pm

    Hi Todd, does this process ‘change from transparent to routed’ reset any sensitive passwords that are in FirePower Threat Defense?

    I’ve got a bunch of various FTDs I need to RMA with Cisco and would like to completely clear them before I ship them back.

    Reply

    • lammle
      June 30, 2018 @ 5:45 pm

      yes, that makes sense. Usually it does. Perform a show running-config and other verification commands, find the commands, and then reset and then verify again. Should do the trick, but just verify
      Thanks!

      Reply

  11. Behrouz
    September 16, 2018 @ 2:22 am

    Hi Todd
    when reset admin password for FTD in the rommon this message show up “””””rommon 1 > password_reset
    WARNING: User configurations will be lost with this operation
    Are you sure ? yes/no [no]: yes”””

    what is mean ? all of the configuration is lost ?

    Reply

    • lammle
      September 16, 2018 @ 7:45 am

      yes, probably, and that is how you can fix your lost password

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *