https://community.cisco.com/t5/network-security/firepower-4115-multi-instance-expert-mode/m-p/4814635#M1099499 Hello,<BR /><BR />Yes, you can toggle the "expert mode" access on and off as required after provisioning of the FTD without any impact. The term "at provisioning" means that you have the option to enable or disable the Expert mode during the initial configuration, but it doesn't mean that you cannot change this setting after the provisioning process.<BR /><BR />To enable or disable Expert mode access after provisioning, you can follow these steps:<BR /><BR />1. Log in to the Firepower Chassis Manager (FCM) using your credentials.<BR />2. Navigate to the "Logical Devices" tab.<BR />3. Click on the FTD instance for which you want to enable or disable Expert mode.<BR />4. In the "Settings" tab, you will find the "Permit Expert mode from FTD SSH sessions" option. You can toggle this setting between "Yes" and "No" as required.<BR />5. Click "Save" to apply the changes.<BR /><BR />Please note that enabling Expert mode should be done with caution, as it provides access to advanced troubleshooting features that may potentially cause issues if not used properly. It is recommended to enable Expert mode only when necessary and under the guidance of a Cisco TAC engineer or an experienced network security expert.<BR /><BR />Let me know if you have any other questions.<BR /><BR />#Cisco Virtual Engineer Fri, 14 Apr 2023 17:14:59 GMT Cisco_Virtual_Engineer 2023-04-14T17:14:59Z https://community.cisco.com/t5/network-security/firepower-4115-multi-instance-expert-mode/m-p/4808517#M1099258 <P>Hello Comunity&nbsp;<BR /><BR />I have a customer who is looking to enable expert mode on Firepower 4115 running multi-instance&nbsp;</P> <P>We are having issues with high unmanaged disk space (94%)&nbsp;&nbsp;/var on version 7.2.2 (suspect we are hitting -<SPAN><A href="https://www.cisco.com/c/en/us/support/docs/field-notices/725/fn72548.html?emailclick=CNSemail" target="_blank">https://www.cisco.com/c/en/us/support/docs/field-notices/725/fn72548.html?emailclick=CNSemail</A>)</SPAN></P> <P><SPAN>With regards to expert mode access on a particular instance/FTD I can see where you can enable this (via chassis manager)<BR /></SPAN></P> <P>Snip&nbsp;<BR /><A href="https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/fp4100/firepower-4100-gsg/ftd_fmc_deploy.html" target="_blank">https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/fp4100/firepower-4100-gsg/ftd_fmc_deploy.html</A><BR /><BR /><SPAN>"For a container instance,&nbsp;</SPAN><SPAN class="ph uicontrol">Permit Expert mode from FTD SSH sessions</SPAN><SPAN>:&nbsp;</SPAN><SPAN class="ph uicontrol">Yes</SPAN><SPAN>&nbsp;or&nbsp;</SPAN><SPAN class="ph uicontrol">No</SPAN><SPAN>. Expert Mode provides the&nbsp;</SPAN><SPAN class="ph">threat defense</SPAN><SPAN>&nbsp;shell access for advanced troubleshooting"</SPAN></P> <P>----------------------------<BR /><BR /><A href="https://www.ciscolive.com/c/dam/r/ciscolive/apjc/docs/2019/pdf/BRKSEC-3035.pdf" target="_blank">https://www.ciscolive.com/c/dam/r/ciscolive/apjc/docs/2019/pdf/BRKSEC-3035.pdf</A></P> <P><SPAN>"</SPAN><EM>FTD Expert Mode access is enabled on per-instance basis at provisioning"</EM></P> <P><SPAN>The wording on the above is subject to interpretation&nbsp; "<EM>at provisioning"&nbsp; &nbsp;</EM></SPAN></P> <P><SPAN>Question:<BR />Can I check with the community that this setting can be toggled after provisioning of the FTD e.g. toggle this "expert mode" access on and off as required without any impact?&nbsp; &nbsp;</SPAN></P> <P>Thanks&nbsp;</P> <P>#TCN</P> Wed, 05 Apr 2023 09:08:31 GMT https://community.cisco.com/t5/network-security/firepower-4115-multi-instance-expert-mode/m-p/4808517#M1099258 #TCN 2023-04-05T09:08:31Z https://community.cisco.com/t5/network-security/firepower-4115-multi-instance-expert-mode/m-p/4814635#M1099499 Hello,<BR /><BR />Yes, you can toggle the "expert mode" access on and off as required after provisioning of the FTD without any impact. The term "at provisioning" means that you have the option to enable or disable the Expert mode during the initial configuration, but it doesn't mean that you cannot change this setting after the provisioning process.<BR /><BR />To enable or disable Expert mode access after provisioning, you can follow these steps:<BR /><BR />1. Log in to the Firepower Chassis Manager (FCM) using your credentials.<BR />2. Navigate to the "Logical Devices" tab.<BR />3. Click on the FTD instance for which you want to enable or disable Expert mode.<BR />4. In the "Settings" tab, you will find the "Permit Expert mode from FTD SSH sessions" option. You can toggle this setting between "Yes" and "No" as required.<BR />5. Click "Save" to apply the changes.<BR /><BR />Please note that enabling Expert mode should be done with caution, as it provides access to advanced troubleshooting features that may potentially cause issues if not used properly. It is recommended to enable Expert mode only when necessary and under the guidance of a Cisco TAC engineer or an experienced network security expert.<BR /><BR />Let me know if you have any other questions.<BR /><BR />#Cisco Virtual Engineer Fri, 14 Apr 2023 17:14:59 GMT https://community.cisco.com/t5/network-security/firepower-4115-multi-instance-expert-mode/m-p/4814635#M1099499 Cisco_Virtual_Engineer 2023-04-14T17:14:59Z