Re: Access Firepower 3110 CLI and GUI with FMC - NO FDM

MaErre21325 · ‎08-12-2025

Hi guys,

i need your help because, despite various posts and documentation, i still can't figure out how to access the CLI of two Firepower 3110 devices (FTD).

Over the past few months, I installed 2x Firepower 3110, correctly configured the management interface, and then added them to the FMC, creating the HA cluster.
From the FMC, I then performed all the necessary configurations for policies, routing, and interfaces.

What I really can't understand is how to directly access the CLI of the Firepower devices (i don't want to use the cli cli tab section or access the CLI of the FMC).
Additionally, I’d like to know if it’s possible to access the GUI separately for each individual device.

Besides the admin password used during installation, I also use four other local admin accounts to access the FMC. Should these accounts also be able to access the CLI?

Can you help me?
The environment version is 7.4.

Thanks

Marvin Rhoads · ‎08-12-2025

You can access the Firepower devices cli via ssh to their management addresses. You can also of course use the console port if you are locally connected or have a console server connected.

Users other than the default local admin can access the Firepower device cli using their credentials only if they are external RADIUS users - not other local FMC users.

MaErre21325 · ‎08-12-2025

Hi,

thank you for the info.
I saw that local users (other than admin) when trying to access via ssh are prompted for user and password, then can't access.
Regarding the web access? Is there any way to login in this way or i have to use always the fmc?

Jonatan Jonasson · ‎08-12-2025

when management of the devices are via the fmc, you don't have a web-service locally on the appliances.
(exceptions is the fxos management for some appliance series)

SSH can be used for troubleshooting and certain tasks, but generally all day-to-day operations will be done through the FMC.

---
Please mark helpful answers & solutions
---

MHM Cisco World · ‎08-12-2025

1- if you mange ftd by fmc you can not use any other mgmt, the config will delete when you change mgmt

2-for ssh are you sure you config it correctly? Check link below

https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/200701-Configuration-of-Management-access-to-FT.html

MHM

MaErre21325 · ‎08-13-2025

Hi,

i read this doc but i'm a little bit confused, i have not configured any step advised in the doc yet but, as written above, why if i ssh the mgmt ip of the ftd i'm able to see the service runnig and able to insert the credential? It shouldn't be closed or not active until the configuration task described in the link you provided?
This is my configuration actually:

Furthermore, why is it explaining who to access via https if it is not possibile when using fmc?

Thank you

MHM Cisco World · ‎08-13-2025

For https' there are other service done by https one of them RAVPN ipsec download profile or image to user.

So by defualt https to ftd for fmc is work without any config but control how other service using https is need config.

For SSH

This complicate

Ssh to mgmt interface is allow by defualt no need fmc config

Ssh to other interface need fmc config

There are also restrictions for user/password use in both case

Ssh to mgmt interface use only local user/password

Ssh to other interface use local and external <<- I need to check this point

MHM

Marvin Rhoads · ‎08-13-2025

SSH to the management interface with external users (authentication to RADIUS or LDAP) works fine if configured in FMC

"Choose Shell Authentication > Enabled if you want to allow CLI access for external users."

https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/admin/770/management-center-admin-77/system-users.html#id_63678).

SSH to the management interface using FMC local users is not supported.

MHM Cisco World · ‎08-13-2025

Thanks

As I mention in my comment' I need to check.

Thansk again

MHM