10-19-2023 05:52 PM
Hello all,
I have setup my FTD to be managed by the FMC. When I tried to access the CLI through COM port, the password isnt accepted.
Do the CLI access gets disabled if the FTD is managed by the FMC?
Solved! Go to Solution.
10-20-2023 06:53 AM
Is the FTD already managed by FMC but you have forgotten the password? If yes, then you could look into deploying remote authentication via platform settings and then reset the admin password once logged in (not entirely sure if resetting the admin password from a different account is possible but might be worth looking into.)
If the FTD is not managed by FMC yet, then the only way to reset the CLI password is to re-image the device.
10-20-2023 08:59 AM - edited 10-20-2023 09:00 AM
CLI doesn't get disabled.
You can do physical recover as mentioned in this topic, however I've previously created a blog post which describes how to perform remote password reset on your admin account, the only requirement is the possibility for pushing platform settings from FMC to FTD and having either LDAP or RADIUS server present. You'll be enabling external authentication, and elevate your rights inside expert mode to do password reset on the admin account.
https://blog.viftrup.eu/Remote-password-recovery-for-admin-user-ftd/
10-20-2023 12:05 AM
No the CLI still works.
10-20-2023 01:19 AM
CLI access is not disabled and unless you have enabled SSH on a data interface via platform settings then you need to access the FTD via the management interface IP. The password you should be using is the one you created when setting up the FTD initially.
10-20-2023 06:09 AM
Thanks @Marius Gunnerud and @balaji.bandi
I had setup SSH access in Platform settings.
Is re-imaging the only way to reset the admin password? The password that I think I added does not seem to work no more
10-20-2023 06:53 AM
Is the FTD already managed by FMC but you have forgotten the password? If yes, then you could look into deploying remote authentication via platform settings and then reset the admin password once logged in (not entirely sure if resetting the admin password from a different account is possible but might be worth looking into.)
If the FTD is not managed by FMC yet, then the only way to reset the CLI password is to re-image the device.
10-20-2023 06:59 AM
FTD is managed by the FMC. I will try remote authentication
10-20-2023 06:54 AM
depends on the model
look below thread :
https://community.cisco.com/t5/network-security/ftd-2120-password-recovery/td-p/3370615
10-20-2023 06:59 AM
Its 3105
10-20-2023 08:59 AM - edited 10-20-2023 09:00 AM
CLI doesn't get disabled.
You can do physical recover as mentioned in this topic, however I've previously created a blog post which describes how to perform remote password reset on your admin account, the only requirement is the possibility for pushing platform settings from FMC to FTD and having either LDAP or RADIUS server present. You'll be enabling external authentication, and elevate your rights inside expert mode to do password reset on the admin account.
https://blog.viftrup.eu/Remote-password-recovery-for-admin-user-ftd/
10-20-2023 09:11 AM
Thanks @AViftrup @Marius Gunnerud @balaji.bandi
I was able to reset the admin password by setting up external authentication and then following the link https://blog.viftrup.eu/Remote-password-recovery-for-admin-user-ftd/ to reset the admin password
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide