Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1442
Views
1
Helpful
1
Replies

Firepower 4115 Multi instance - Expert mode

#TCN
Level 1
Level 1

‎04-05-2023 02:08 AM

Hello Comunity 

I have a customer who is looking to enable expert mode on Firepower 4115 running multi-instance 

We are having issues with high unmanaged disk space (94%)  /var on version 7.2.2 (suspect we are hitting -https://www.cisco.com/c/en/us/support/docs/field-notices/725/fn72548.html?emailclick=CNSemail)

With regards to expert mode access on a particular instance/FTD I can see where you can enable this (via chassis manager)

Snip 
https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/fp4100/firepower-4100-gsg/ftd_fmc_deploy.html

"For a container instance, Permit Expert mode from FTD SSH sessionsYes or No. Expert Mode provides the threat defense shell access for advanced troubleshooting"

----------------------------

https://www.ciscolive.com/c/dam/r/ciscolive/apjc/docs/2019/pdf/BRKSEC-3035.pdf

"FTD Expert Mode access is enabled on per-instance basis at provisioning"

The wording on the above is subject to interpretation  "at provisioning"   

Question:
Can I check with the community that this setting can be toggled after provisioning of the FTD e.g. toggle this "expert mode" access on and off as required without any impact?   

Thanks 

#TCN

Preview file
22 KB
1 Reply 1

Cisco_Virtual_Engineer
Level 3
Level 3

‎04-14-2023 10:14 AM

Hello,

Yes, you can toggle the "expert mode" access on and off as required after provisioning of the FTD without any impact. The term "at provisioning" means that you have the option to enable or disable the Expert mode during the initial configuration, but it doesn't mean that you cannot change this setting after the provisioning process.

To enable or disable Expert mode access after provisioning, you can follow these steps:

1. Log in to the Firepower Chassis Manager (FCM) using your credentials.
2. Navigate to the "Logical Devices" tab.
3. Click on the FTD instance for which you want to enable or disable Expert mode.
4. In the "Settings" tab, you will find the "Permit Expert mode from FTD SSH sessions" option. You can toggle this setting between "Yes" and "No" as required.
5. Click "Save" to apply the changes.

Please note that enabling Expert mode should be done with caution, as it provides access to advanced troubleshooting features that may potentially cause issues if not used properly. It is recommended to enable Expert mode only when necessary and under the guidance of a Cisco TAC engineer or an experienced network security expert.

Let me know if you have any other questions.

#Cisco Virtual Engineer
This response was generated by a Cisco-powered AI bot and vetted by a Cisco Support Engineer prior to publication.
This is part of a monitored experiment to see if the bot can help answer questions alongside community members. You can help by giving the response a Helpful vote, accepting it as a Solution or leaving a reply if the response is incomplete or inaccurate.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card