https://community.cisco.com/t5/network-security/what-if-ftd-loses-connection-to-fmc/m-p/4177751#M1075403 <P>Hi <a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/326046">@Marvin Rhoads</a>&nbsp;,</P><P>If for any reason we lose connection to FMC and has to change the default action to&nbsp; " Allow all traffic " , is there any command as such on the FTD cli ?</P><P>&nbsp;</P><P>Thanks</P> Tue, 03 Nov 2020 06:46:05 GMT ashleybabajee 2020-11-03T06:46:05Z https://community.cisco.com/t5/network-security/what-if-ftd-loses-connection-to-fmc/m-p/4038435#M1067184 <P>Since there is no way to manage FTD other than through FMC, what if for some reason; say if incorrect configuration is pushed that broke connectivity between FTD and FMC, how do I access FTD? How do I revert configuration?</P> Mon, 02 Mar 2020 11:24:56 GMT https://community.cisco.com/t5/network-security/what-if-ftd-loses-connection-to-fmc/m-p/4038435#M1067184 InTheJuniverse 2020-03-02T11:24:56Z https://community.cisco.com/t5/network-security/what-if-ftd-loses-connection-to-fmc/m-p/4038478#M1067187 Actually FTD has other management options - FDM, CDO and via third party using the APIs. That said, they cannot coexist with FMC management. If you were to push an odd configuration that somehow blocked the communications between FTD and the managing FMC it could be difficult to recover. You could always "configure manager delete" and "configure manager add" to re-register with FMC and then reapply a policy that did not include the incorrect configuration. If you are running a 6.3 or later version and backing up your FTD device using FMC you could also restore to a known good backup. <A href="https://www.cisco.com/c/en/us/td/docs/security/firepower/630/configuration/guide/fpmc-config-guide-v63/backup_and_restore.html#ID-2200-0000016e" target="_blank">https://www.cisco.com/c/en/us/td/docs/security/firepower/630/configuration/guide/fpmc-config-guide-v63/backup_and_restore.html#ID-2200-0000016e</A> Mon, 02 Mar 2020 11:45:02 GMT https://community.cisco.com/t5/network-security/what-if-ftd-loses-connection-to-fmc/m-p/4038478#M1067187 Marvin Rhoads 2020-03-02T11:45:02Z https://community.cisco.com/t5/network-security/what-if-ftd-loses-connection-to-fmc/m-p/4038488#M1067190 <P>Thank you as always, Marvin.</P><P>&nbsp;</P><P>There is no way to revert the configuration, right?</P> Mon, 02 Mar 2020 11:59:28 GMT https://community.cisco.com/t5/network-security/what-if-ftd-loses-connection-to-fmc/m-p/4038488#M1067190 InTheJuniverse 2020-03-02T11:59:28Z https://community.cisco.com/t5/network-security/what-if-ftd-loses-connection-to-fmc/m-p/4038495#M1067191 You're welcome. There's currently (as of Firepower 6.5) no way to revert or roll back the configuration from the FTD device. Mon, 02 Mar 2020 12:22:15 GMT https://community.cisco.com/t5/network-security/what-if-ftd-loses-connection-to-fmc/m-p/4038495#M1067191 Marvin Rhoads 2020-03-02T12:22:15Z https://community.cisco.com/t5/network-security/what-if-ftd-loses-connection-to-fmc/m-p/4038522#M1067192 <P>One quick question, after losing connection with FMC, what about the existing policies on the FTD? Will FTD still be able to function with policies already downloaded to the box?</P> Mon, 02 Mar 2020 12:52:09 GMT https://community.cisco.com/t5/network-security/what-if-ftd-loses-connection-to-fmc/m-p/4038522#M1067192 InTheJuniverse 2020-03-02T12:52:09Z https://community.cisco.com/t5/network-security/what-if-ftd-loses-connection-to-fmc/m-p/4038552#M1067196 Yes - for the most part. There are a few things like URL lookup for non-cached entries that may be affected. Your prefilter and general Access Control Policy rules based on 5-tuples, AppID, SGT, identity etc. as well as associated IPS, SSL File policies etc. will all work just fine. Mon, 02 Mar 2020 13:44:29 GMT https://community.cisco.com/t5/network-security/what-if-ftd-loses-connection-to-fmc/m-p/4038552#M1067196 Marvin Rhoads 2020-03-02T13:44:29Z https://community.cisco.com/t5/network-security/what-if-ftd-loses-connection-to-fmc/m-p/4038558#M1067197 <P>Thank you.</P> Mon, 02 Mar 2020 13:51:29 GMT https://community.cisco.com/t5/network-security/what-if-ftd-loses-connection-to-fmc/m-p/4038558#M1067197 InTheJuniverse 2020-03-02T13:51:29Z https://community.cisco.com/t5/network-security/what-if-ftd-loses-connection-to-fmc/m-p/4177751#M1075403 <P>Hi <a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/326046">@Marvin Rhoads</a>&nbsp;,</P><P>If for any reason we lose connection to FMC and has to change the default action to&nbsp; " Allow all traffic " , is there any command as such on the FTD cli ?</P><P>&nbsp;</P><P>Thanks</P> Tue, 03 Nov 2020 06:46:05 GMT https://community.cisco.com/t5/network-security/what-if-ftd-loses-connection-to-fmc/m-p/4177751#M1075403 ashleybabajee 2020-11-03T06:46:05Z https://community.cisco.com/t5/network-security/what-if-ftd-loses-connection-to-fmc/m-p/4178109#M1075430 <P>No.</P> <P>You cannot change access control policy or default action for handling traffic from the FTD cli (with or without FMC management).</P> Tue, 03 Nov 2020 17:23:30 GMT https://community.cisco.com/t5/network-security/what-if-ftd-loses-connection-to-fmc/m-p/4178109#M1075430 Marvin Rhoads 2020-11-03T17:23:30Z