Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
931
Views
0
Helpful
8
Replies

Firepower 2110 ftd not installed? https:// forbidden?

chris-doro
Level 1
Level 1

‎01-12-2024 02:51 AM - edited ‎01-12-2024 04:43 AM

I've a Cisco Firepower 2110 which is not used at the moment.
I just try to bring it up for learning purposes.
I did factory-reset via console-cable and added new management-ip-address (mgmt-port).
Changed the admin password.
I can connect with SSH, but https shows "Forbidden. You don't have permission to access / on this server."
When connected with SSH and type "connect ?" I can see ftd and local-mgmt. "connect local-mgmt" works,
but "connect ftd" shows "Error: Application is not installed."

But validation of the package is OK!

The Package Name is : cisco-ftd-fp2k.6.2.2-81.SPA
The Validation status: Ok
Enter 'show validation package 6.2.2-81' to see detailed result.
firepower-2110 /firmware # show validation package 6.2.2-81
Firmware Package 6.2.2-81:
Validation Time Stamp: 2024-01-12T10:34:32.413
Pack Name: cisco-ftd-fp2k.6.2.2-81.SPA
Validation State: Completed
Overall Status Code: Ok
firepower-2110 /firmware #

What step am I missing?

0 Helpful
8 Replies 8

MHM Cisco World
VIP
VIP

‎01-12-2024 02:53 AM

Can you share

show network 

When you access via ssh

MHM

0 Helpful

Gopinath_Pigili
Spotlight
Spotlight

‎01-12-2024 03:21 AM - edited ‎01-12-2024 03:28 AM

Hello chris-doro,

Please follow the link...that provides detailed setps for Getting started with Firepower; Hope it might be helpful...

https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/fp2100/firepower-2100-gsg/ftd-fmc.html

Best regards
******* If This Helps, Please Rate *******

 

 

0 Helpful

chris-doro
Level 1
Level 1
In response to Gopinath_Pigili

‎01-12-2024 04:46 AM

Thanks, but this does not help. 
Because I've followed these steps, but they do not explain, why I get forbidden for https://.
And they do not explain why I get "application not installed, when I see that it exists".
And this happens on both firepowers 2110 I have.

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to chris-doro

‎01-12-2024 05:19 AM

You have the image present in the fxos file system but is is not installed as an application instance. The commands provided by @Marius Gunnerud would confirm this.

You should be able to follow the  steps described here to complete application (re)installation: https://www.cisco.com/c/en/us/td/docs/security/firepower/2100/troubleshoot_fxos/b_2100_CLI_Troubleshoot/b_2100_CLI_Troubleshoot_chapter_011.html#task_n5q_3v1_hbb

0 Helpful

chris-doro
Level 1
Level 1
In response to Marvin Rhoads

‎01-12-2024 05:29 AM - edited ‎01-12-2024 05:31 AM

 "install security-pack version 6.2.2-81 force" fails...

FTD1 /firmware/auto-install # show detail

Firmware Auto-Install:
Package-Vers: 6.2.2-81
Oper State: Scheduled
Installation Time: 2024-01-12T14:26:55.576
Upgrade State: Failed To Install Application
Upgrade Status: failed to install app
Validation Software Pack Status: ok
Firmware Upgrade Status: up-to-date
Current Task:
FTD1 /firmware/auto-install # exit
FTD1 /firmware # exit
FTD1# connect ftd
Error: Application is not installed.
FTD1#

0 Helpful

Marius Gunnerud
VIP
VIP
In response to chris-doro

‎01-12-2024 05:39 AM - edited ‎01-12-2024 05:40 AM

Then I would suggest to try either performing a factory reset or reimaging the FTD.  Both of these are described in the link @Marvin Rhoads provided, And linking to that document would have been my next post once the issue was confirmed.

https://www.cisco.com/c/en/us/td/docs/security/firepower/2100/troubleshoot_fxos/b_2100_CLI_Troubleshoot/b_2100_CLI_Troubleshoot_chapter_011.html

 

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Marius Gunnerud
VIP
VIP

‎01-12-2024 04:44 AM

Could you issue the following commands and post the output here please.

scope fabric a
show detail

scope ssa
show app-instance

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

chris-doro
Level 1
Level 1
In response to Marius Gunnerud

‎01-12-2024 05:16 AM

FTD1 /fabric-interconnect # show detail

Fire Power:
ID: A
Product Name: Cisco FPR 2110
PID: FPR-2110
VID: V01
Vendor: Cisco Systems, Inc.
Serial (SN): JMX21xxxx
OOB IP Addr: 192.168.101.241
OOB Netmask: 255.255.255.0
OOB Gateway: 192.168.101.254
OOB Gateway Use DataPort: No
OOB Boot Proto: Static
OOB IPv6 Address: ::
Prefix: 64
OOB IPv6 Gateway: ::
OOB IPv6 Gateway Use DataPort: No
IPv6 Boot Proto: Static
DHCPD Admin State: DHCP Server Disabled
Operability: Operable
Thermal Status: N/A
Current Task 1:
Current Task 2:
Current Task 3:
Current Task 4:
FTD1 /fabric-interconnect #
FTD1 /ssa # show app-instance
Application Name Slot ID Admin State Operational State Running Ver
sion Startup Version Cluster Oper State
-------------------- ---------- --------------- -------------------- -----------
---- --------------- ------------------
ftd 1 Disabled Install Failed
6.2.2.81 Not Applicable
FTD1 /ssa #

FTD1 /ssa/slot/app-instance* # show

Application Instance:
Application Name Admin State Operational State Running Version Startup Versi
on
---------------- ----------- ----------------- --------------- -------------
--
ftd Disabled Install Failed 6.2.2.81
FTD1 /ssa/slot/app-instance* # enable
FTD1 /ssa/slot/app-instance* #

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card