Solved: FTD 750 install - cant login now

ohareka70 · ‎08-06-2019

Hi,

I have built an FTD 750 but not added it to the FMC Manager yet. I only did the interfaces and the routing table. I still have the default mgt interface of 192.168.45.45 But now i cant log back into it on the webpage. I am getting these errors

https://192.168.45.45/login.cgi

Forbidden- You don't have permission to access /login.cgi on this server.

Service Unavailable- The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.

I can login via ssh but it goes straight to # prompt

Why is their no > shell prompt

Any ideas are welcome

firepower#

Marvin Rhoads · ‎08-07-2019

Are you plugging into the Management 1/1 interface directly?

We would generally recommend a new setup to follow the Quick Start Guide here:

https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/fp2100/ftd-fdm-2100-qsg.html

View solution in original post

Marvin Rhoads · ‎08-16-2019

Try this:

In order to enable the FDM On-Box management on the firepower 2100 series proceed as follows.

1. Console access into the FPR2100 chassis and connect to the FTD application.

firepower# connect ftd
>

2. Configure the FTD management IP address (if you want to change it).

>configure network ipv4 manual <address> <netmask> <gateway>

3. Configure the management type as local.

>configure manager local

4. Configure from which IP addresses/subnets the On-Box management access to the FTD will be allowed.

>configure https-access-list 0.0.0.0/0

5. Open a browser and https into the IP address you configured to manage the FTD, this will open the FDM (On-Box) manager.

Source: https://www.cisco.com/c/en/us/support/docs/security/firepower-2100-series/213519-configure-fdm-firepower-device-manageme.html

View solution in original post

Marvin Rhoads · ‎08-06-2019

I'm not familiar with the model "FTD 750". Can you confirm what hardware you're working with?

When you say you've "built (it)", what steps did you take?

ohareka70 · ‎08-07-2019

Hi

Its Cisco Fire Linux OS v6.2.2 (build 11)
Cisco Firepower 2110 Threat Defense v6.2.2 (build 81) - so not sure where i was getting the 750 from

To build it i login to the default mgt address 192.168.45.45, put in the 3 interfaces i need and also the routing table. When i logout of the webpage i can no longer get back into .. 45 even though i never changed it

Marvin Rhoads · ‎08-07-2019

Are you plugging into the Management 1/1 interface directly?

We would generally recommend a new setup to follow the Quick Start Guide here:

https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/fp2100/ftd-fdm-2100-qsg.html

ohareka70 · ‎08-07-2019

Hi,

I went through the document and setup my interfaces & routing but again i cant login

I havent plugged the into my network yet - i am just trying to login locally from my pc- is that the issue

Current IP Addresses:
Interface                Name                   IP address      Subnet mask     Method
Ethernet1/1              outside 192.168.3.100 255.255.255.0   manual
Ethernet1/2              inside                 172.19.200.100 255.255.255.0 manual
Ethernet1/4    management    192.168.4.100 255.255.255.0   manual

i have tried all interfaces including the 192.168.45.45 diagnostic interface

I need to get in and then add it to the FMC manager

Marvin Rhoads · ‎08-09-2019

How are you connecting your local PC - is it plugged directly into the appliance's Gigabit Ethernet management interface?

Are you able to connect to the serial console?

For reference those are as shown below:

ohareka70 · ‎08-15-2019

Martin,

I have tried plugging back into the Mgt interfaces (2) using 192.168.45.45 but it wont let me back in
Its saying error 503 - service unavailable. The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.

serial console is fine but it goes direct to this prompt # and not >
commands are limited but i can ssh into the 192.168.45.45 interfaces

show running config - all my interfaces are gone

It looks like all my routing and interfaces are not saving and hence when i power rack it remotely and power back on its why nothing is working

Marvin Rhoads · ‎08-15-2019

When you ssh to your management address, please check and share the results of "show managers" command.

ohareka70 · ‎08-16-2019

> show managers
No managers configured.

Maybe i have a faulty device or something

Marvin Rhoads · ‎08-16-2019

Try this:

In order to enable the FDM On-Box management on the firepower 2100 series proceed as follows.

1. Console access into the FPR2100 chassis and connect to the FTD application.

firepower# connect ftd
>

2. Configure the FTD management IP address (if you want to change it).

>configure network ipv4 manual <address> <netmask> <gateway>

3. Configure the management type as local.

>configure manager local

4. Configure from which IP addresses/subnets the On-Box management access to the FTD will be allowed.

>configure https-access-list 0.0.0.0/0

5. Open a browser and https into the IP address you configured to manage the FTD, this will open the FDM (On-Box) manager.

Source: https://www.cisco.com/c/en/us/support/docs/security/firepower-2100-series/213519-configure-fdm-firepower-device-manageme.html

ohareka70 · ‎08-21-2019

Marvin,

This worked well for me. I reset the FTD again but this time i went straight into these commands but i only setup the Mgt (Diagnostic) port on my management network.

Then i added this command to manage the device remotely

configure manager add 192.0.2.2 123456

Now i can connect to it from my FMC which is on the same network and now i have been able to setup the interfaces, routing tables, and policy.

thanks again

Kevin