https://community.cisco.com/t5/network-security/exiting-expert-mode/m-p/2970538#M43452 <P>Somehow my MC got stuck in Expert mode, and I need to perform an ACL rollback. Some schmo deleted the any any and killed ALL HTTP/SSH access to it,(not me).&nbsp; I logged in via the VM console and got presented with ~$, which is the expert shell, but can't find anywhere how to return to the system command prompt.</P> Sun, 10 Mar 2019 13:42:43 GMT tahscolony 2019-03-10T13:42:43Z https://community.cisco.com/t5/network-security/exiting-expert-mode/m-p/2970538#M43452 <P>Somehow my MC got stuck in Expert mode, and I need to perform an ACL rollback. Some schmo deleted the any any and killed ALL HTTP/SSH access to it,(not me).&nbsp; I logged in via the VM console and got presented with ~$, which is the expert shell, but can't find anywhere how to return to the system command prompt.</P> Sun, 10 Mar 2019 13:42:43 GMT https://community.cisco.com/t5/network-security/exiting-expert-mode/m-p/2970538#M43452 tahscolony 2019-03-10T13:42:43Z https://community.cisco.com/t5/network-security/exiting-expert-mode/m-p/2970539#M43454 <P>The system command prompt (sfcli) is only available on sensors as far as I know. You may add a temporary rule to iptables to permit https access, reconfigure your acl via the web ui and everything should work just fine again (your temp rule will be overwritten too, so no need to delete it afterwards).</P> <P></P> <P>Just do the following...</P> <P>sudo su -&nbsp;</P> <P>iptables -I INPUT -p tcp --dport 443 -j ACCEPT</P> <P></P> <P>Then goto FMC UI and configure your acl again.</P> <P></P> <P>Mark as helpful if this solved your issue or let me know if you have any additional questions</P> Wed, 09 Nov 2016 20:08:54 GMT https://community.cisco.com/t5/network-security/exiting-expert-mode/m-p/2970539#M43454 Oliver Kaiser 2016-11-09T20:08:54Z https://community.cisco.com/t5/network-security/exiting-expert-mode/m-p/2970540#M43456 <P>I did some digging around and found it to be regular linux underneath and was able to find that he didn't completely delete all rules, I still had access from our monitoring server and was able to gain GUI there and restore the broken rules.</P> Wed, 09 Nov 2016 20:41:22 GMT https://community.cisco.com/t5/network-security/exiting-expert-mode/m-p/2970540#M43456 tahscolony 2016-11-09T20:41:22Z https://community.cisco.com/t5/network-security/exiting-expert-mode/m-p/2970541#M43457 <H5 class="prettyprint">Try the 'clish' command</H5> Wed, 09 Nov 2016 21:34:49 GMT https://community.cisco.com/t5/network-security/exiting-expert-mode/m-p/2970541#M43457 Cory Brown 2016-11-09T21:34:49Z