https://community.cisco.com/t5/network-security/unable-to-access-fp-console-after-removing-access-list/m-p/3302740#M1041451 Hi,<BR /><BR />Contact Cisco TAC to see if they can help you resolve it.<BR />They probably have some expert commands to fix that.<BR /><BR />br, Micke Wed, 27 Dec 2017 11:00:26 GMT mikael.lahtela 2017-12-27T11:00:26Z https://community.cisco.com/t5/network-security/unable-to-access-fp-console-after-removing-access-list/m-p/3300773#M1041450 <P>Hi All,</P> <P>&nbsp;</P> <P>Need help on resolving this.</P> <P>&nbsp;</P> <P>We setup new virtual FMC and under system&gt;configuration in &gt; Access List we had Any under host and 443, 22 under ports for some reason one of our admin removed Any Any entries and added a specific machine to Access list and then removed that as well and post which we are not able to access the console nor take SSH of FMC.</P> <P>&nbsp;</P> <P>I have access to VM console of this box and need help in setting up FMC access back to any host on port 443 and 22.</P> Fri, 21 Feb 2020 15:01:14 GMT https://community.cisco.com/t5/network-security/unable-to-access-fp-console-after-removing-access-list/m-p/3300773#M1041450 hrithiktej 2020-02-21T15:01:14Z https://community.cisco.com/t5/network-security/unable-to-access-fp-console-after-removing-access-list/m-p/3302740#M1041451 Hi,<BR /><BR />Contact Cisco TAC to see if they can help you resolve it.<BR />They probably have some expert commands to fix that.<BR /><BR />br, Micke Wed, 27 Dec 2017 11:00:26 GMT https://community.cisco.com/t5/network-security/unable-to-access-fp-console-after-removing-access-list/m-p/3302740#M1041451 mikael.lahtela 2017-12-27T11:00:26Z https://community.cisco.com/t5/network-security/unable-to-access-fp-console-after-removing-access-list/m-p/3302774#M1041452 <P>Yes i will do that, any idea why show commands and other command dont work for FIRPOWER&nbsp;is there a shell for firepower i need to switch to to run these commands</P> Wed, 27 Dec 2017 12:13:50 GMT https://community.cisco.com/t5/network-security/unable-to-access-fp-console-after-removing-access-list/m-p/3302774#M1041452 hrithiktej 2017-12-27T12:13:50Z https://community.cisco.com/t5/network-security/unable-to-access-fp-console-after-removing-access-list/m-p/3304415#M1041453 <P>Hi Support helped me out.</P> <P>&nbsp;</P> <P>following was done to resolve this issue</P> <P>&nbsp;</P> <P>Once you login to FMC Console, elevate to root mode by typing “sudu su - “ it will prompt for the password.</P> <P>&nbsp;</P> <P>Then do cd /etc/sysconfig/ and then cat iptables.</P> <P>Check if you have an exact same lines shown below:</P> <P>&nbsp;</P> <P>#start SSL SSH SNMP PORTS INPUT BLOCK</P> <P>-A INPUT -i eth0 -p tcp -m tcp --dport 443 -m state --state NEW -m recent --update --seconds 10 --hitcount 15 --name slowloris --rsource -j DROP</P> <P>-A INPUT -i eth0 -p tcp -m tcp --dport 443 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 25 --connlimit-mask 32&nbsp; -j DROP</P> <P>-A INPUT&nbsp; -i eth0 -m state --state NEW -p tcp -m tcp --dport 443 -j ACCEPT</P> <P>-A INPUT&nbsp; -i eth0 -m state --state NEW -p tcp -m tcp --dport 22 -j ACCEPT</P> <P>#stop&nbsp; SSL SSH SNMP PORTS INPUT BLOCK</P> <P>&nbsp;</P> <P>If these lines are not there then do “vim iptables” and add the exact same lines. This should fix the issue.</P> Mon, 01 Jan 2018 09:26:25 GMT https://community.cisco.com/t5/network-security/unable-to-access-fp-console-after-removing-access-list/m-p/3304415#M1041453 hrithiktej 2018-01-01T09:26:25Z https://community.cisco.com/t5/network-security/unable-to-access-fp-console-after-removing-access-list/m-p/3304466#M1041454 <P>Thanks for sharing the solution. That's a helpful one for sure.</P> Mon, 01 Jan 2018 14:41:27 GMT https://community.cisco.com/t5/network-security/unable-to-access-fp-console-after-removing-access-list/m-p/3304466#M1041454 Marvin Rhoads 2018-01-01T14:41:27Z