Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
585
Views
4
Helpful
9
Replies

FDT CLI access question

Go to solution
Cisco3105
Level 1
Level 1

‎10-19-2023 05:52 PM

Hello all,

I have setup my FTD to be managed by the FMC. When I tried to access the CLI through COM port, the password isnt accepted.

Do the CLI access gets disabled if the FTD is managed by the FMC?

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Marius Gunnerud
VIP
VIP
In response to Cisco3105

‎10-20-2023 06:53 AM

Is the FTD already managed by FMC but you have forgotten the password?  If yes, then you could look into deploying remote authentication via platform settings and then reset the admin password once logged in (not entirely sure if resetting the admin password from a different account is possible but might be worth looking into.)

If the FTD is not managed by FMC yet, then the only way to reset the CLI password is to re-image the device.

https://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118631-technote-firesight-00.html#toc-hId-926723679

 

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

Go to solution
AViftrup
Level 1
Level 1

‎10-20-2023 08:59 AM - edited ‎10-20-2023 09:00 AM

CLI doesn't get disabled.

You can do physical recover as mentioned in this topic, however I've previously created a blog post which describes how to perform remote password reset on your admin account, the only requirement is the possibility for pushing platform settings from FMC to FTD and having either LDAP or RADIUS server present. You'll be enabling external authentication, and elevate your rights inside expert mode to do password reset on the admin account.

https://blog.viftrup.eu/Remote-password-recovery-for-admin-user-ftd/

View solution in original post

9 Replies 9

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎10-20-2023 12:05 AM

No the CLI still works.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Marius Gunnerud
VIP
VIP

‎10-20-2023 01:19 AM

CLI access is not disabled and unless you have enabled SSH on a data interface via platform settings then you need to access the FTD via the management interface IP. The password you should be using is the one you created when setting up the FTD initially.

--
Please remember to select a correct answer and rate helpful posts

Go to solution
Cisco3105
Level 1
Level 1
In response to Marius Gunnerud

‎10-20-2023 06:09 AM

Thanks @Marius Gunnerud and @balaji.bandi 

I had setup SSH access in Platform settings.

Is re-imaging the only way to reset the admin password? The password that I think I added does not seem to work no more

0 Helpful

Go to solution
Marius Gunnerud
VIP
VIP
In response to Cisco3105

‎10-20-2023 06:53 AM

Is the FTD already managed by FMC but you have forgotten the password?  If yes, then you could look into deploying remote authentication via platform settings and then reset the admin password once logged in (not entirely sure if resetting the admin password from a different account is possible but might be worth looking into.)

If the FTD is not managed by FMC yet, then the only way to reset the CLI password is to re-image the device.

https://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118631-technote-firesight-00.html#toc-hId-926723679

 

--
Please remember to select a correct answer and rate helpful posts

Go to solution
Cisco3105
Level 1
Level 1
In response to Marius Gunnerud

‎10-20-2023 06:59 AM

FTD is managed by the FMC. I will try remote authentication

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to Cisco3105

‎10-20-2023 06:54 AM

depends on the model

look below thread :

https://community.cisco.com/t5/network-security/ftd-2120-password-recovery/td-p/3370615

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Cisco3105
Level 1
Level 1
In response to balaji.bandi

‎10-20-2023 06:59 AM

Its 3105

0 Helpful

Go to solution
AViftrup
Level 1
Level 1

‎10-20-2023 08:59 AM - edited ‎10-20-2023 09:00 AM

CLI doesn't get disabled.

You can do physical recover as mentioned in this topic, however I've previously created a blog post which describes how to perform remote password reset on your admin account, the only requirement is the possibility for pushing platform settings from FMC to FTD and having either LDAP or RADIUS server present. You'll be enabling external authentication, and elevate your rights inside expert mode to do password reset on the admin account.

https://blog.viftrup.eu/Remote-password-recovery-for-admin-user-ftd/

Go to solution
Cisco3105
Level 1
Level 1

‎10-20-2023 09:11 AM

Thanks @AViftrup @Marius Gunnerud @balaji.bandi 

I was able to reset the admin password by setting up external authentication and then following the link https://blog.viftrup.eu/Remote-password-recovery-for-admin-user-ftd/ to reset the admin password

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card