Solved: Cisco Firepower FPR-1120 >> Initial Setup

amh4y0001 · ‎03-11-2022

Hi,

Have FPR-1120 (out of the box) and trying to connect but seems like User: admin and Password:Admin123 is not going to work for me.

Here is the device information:

I am connecting to Port2 and have the IP Address via DHCP as:

Have console connectivity as well:

Using https://192.168.1.1 I get the following: (even the Java is installed, but still this screen continue to mention either install local ASDM or Java etc).

When clicked on "Install SDM Launcher", authentication appears which I never succeeded to login with user name admin and password Admin123.

What might I am doing wrong?

Rob Ingram · ‎03-11-2022

@amh4y0001 you are using ASA software, as you have access to the CLI create a new username and password.

username <username> password <yourpassword> privilege 15

To access ASDM and SSH you enter the commands

aaa authentication http console LOCAL

aaa authentication ssh console LOCAL

View solution in original post

amh4y0001 · ‎03-18-2022

@Rob Ingram thanks for reply, highly appreciated your posts here, otherwise I was stuck on Cisco guides for the wrong image /software.

View solution in original post

Rob Ingram · ‎03-11-2022

@amh4y0001 you are using ASA software, as you have access to the CLI create a new username and password.

username <username> password <yourpassword> privilege 15

To access ASDM and SSH you enter the commands

aaa authentication http console LOCAL

aaa authentication ssh console LOCAL

amh4y0001 · ‎03-11-2022

Thanks for reply @Rob Ingram

I will check this out.

Just curios why it's not available in getting started guide
1. https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/fp1100/firepower-1100-gsg/ftd-fmc.html#task_ud2_kv4_ypb

2. https://www.cisco.com/c/en/us/td/docs/security/firepower/610/fdm/fptd-fdm-config-guide-610/fptd-fdm-get-started.html#id_13129

According to documentation, if connected to management port, I should get 192.168.45.x via DHCP, but in my case I get APIPA (169.x.x.x). While on the inside I have 192.168.x.x via DHCP that I am currently using.

Rob Ingram · ‎03-11-2022

@amh4y0001 those docs you provided are specific to the FTD software image.

The FPR1010 hardware comes with either ASA or FTD software, your appliance is running the traditional ASA software.

https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/fp1100/firepower-1100-gsg/asa.html

amh4y0001 · ‎03-11-2022

I have FP1120, hope the same applies for 1010 as well.

Checking the guide you just mentioned.

Rob Ingram · ‎03-11-2022

@amh4y0001 sorry, typo. It applies to all FPR hardware series, 1000, 2100, 4100 etc, they can all run ASA or FTD software.

amh4y0001 · ‎03-12-2022

@Rob Ingram Thanks, will update this post after checking the guide you have mentioned.

amh4y0001 · ‎03-14-2022

Thanks again @Rob Ingram now I have access to ASDM.

According to my understanding, for Smart Licensing I must have organizational account (as the personal account didn't really worked).?

Do you recommend a guide to the SSH configuration?

And VPN configuration as well?

Rob Ingram · ‎03-14-2022

@amh4y0001 you need a smart account, this could be your own.

Here is SSH configuration, replace the networks below with the networks you wish to permit access to SSH to the ASA.

username admin password <password> privilege 15

crypto key generate rsa modulus 2048
aaa authentication ssh console LOCAL
ssh version 2
ssh 192.168.10.0 0.0.0.255 INSIDE
ssh 192.168.11.0 0.0.0.255 INSIDE
ssh timeout 30

Here is an exampe of a Remote Access VPN

amh4y0001 · ‎03-14-2022

Will check the SSH example and update this post, however, regarding Smart Licensing, when I try with individual account, I get the following (see screenshot).

Rob Ingram · ‎03-14-2022

@amh4y0001 just click the register a new smart account, this will be unique and attached to your personal account.

amh4y0001 · ‎03-17-2022

@Rob Ingram Have registered the smart account now but lost to find the license and activate it.

Following this guide, but I don't have any initial license or have not received an email from Cisco yet.

Do you have a reference to a more easy to go through guide assuming no initial license is available? Or should contact Cisco?

Cisco Firepower 1100 Getting Started Guide - ASA Deployment with ASDM [Cisco Firepower 1000 Series] - Cisco

Step 1

Make sure your Smart Licensing account contains the available licenses you need, including at a minimum the Standard license.

When you bought your device from Cisco or a reseller, your licenses should have been linked to your Smart Software Manager account.

Rob Ingram · ‎03-17-2022

@amh4y0001 what licenses have you purchased? If you didn't purchase any additional licenses you don't need to register the device. If you purchased a support contract or the threat/ravpn licenses then you would need to registered into the smart account and should have been done by the reseller.

amh4y0001 · ‎03-17-2022

I have NOT purchased any additional license.

Can I use SSH and VPN even if I do not register the device?

Rob Ingram · ‎03-17-2022

@amh4y0001 as you are using the ASA image you get 2 free Remote Access VPN licenses. Yes you can SSH.