Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5702
Views
0
Helpful
10
Replies

How to capture Login Banner details in FTD CLI

hkchoudhary
Level 1
Level 1

‎12-04-2019 07:34 AM - edited ‎02-21-2020 09:44 AM

I have a requirement of capturing the login banner details which is one of the requirements of the baseline compliance i am working on. I configured a custom pre-login banner from FMC GUI successfully and I am able to see the custom banner but if I try to look for the banner configuration in FTD CLI by running commands like "show running-config banner login", "show banner login", "show running-config | grep banner" but I cannot find the banner details in FTD CLI, any idea around it how to capture this information via command line?
2 people had this problem
Labels:
0 Helpful
10 Replies 10

nspasov
Cisco Employee
Cisco Employee

‎12-04-2019 11:30 PM

What hardware model are you using? In the new Firepower appliances, the banners are stored and managed in FXOS. For instance, if you are running Firepower 1K/2K, you can obtain the banner by:

Connecting to the console port (Or ssh to the device and then issue "connect fxos") > Scope security > Scope banner > show pre-login-banner

I hope this helps!

Thank you for rating helpful posts!

0 Helpful

hkchoudhary
Level 1
Level 1
In response to nspasov

‎12-05-2019 12:34 AM

Hi @nspasov,

Thank you for the quick response. I have an ASA Series device so  I am unable to run connect command from FTD CLI. Below are the details for my VM :
Model: Cisco Firepower Threat Defense for VMWare (75) Version 6.2.3 (Build 20)

Cisco Adaptive Security Appliance Software Version 9.9(1)52
Firepower Extensible Operating System Version 2.3(1.54)

Hardware: ASAv, 8192 MB RAM, CPU Xeon E5 series 2197 MHz, 1 CPU (4 cores)
Model Id: ASAv30
Any advice on how to capture the banner details from the FTD CLI in this case?

0 Helpful

nspasov
Cisco Employee
Cisco Employee
In response to hkchoudhary

‎12-05-2019 09:33 AM

Hmm, sorry but I don't have an ASA appliance to test this with...perhaps someone else can chime in here...

Thank you for rating helpful posts!

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to hkchoudhary

‎03-26-2020 01:05 AM

What are you running exactly? If it's a VM, it must be either an ASAv or an FTDv.

0 Helpful

vishnu kanakaraj
Level 1
Level 1
In response to nspasov

‎03-25-2020 12:05 PM

Thank you!

 

Can you also share the steps to configure Login Banner message in FTD CLI.

0 Helpful

garrycorker
Level 1
Level 1
In response to nspasov

‎07-22-2020 11:47 AM

I am using the Cisco FTD  for VMWare (75) Version 6.3.0.6 (Build 34)

I need to put in a pre-login banner and cannot seem to figure out the configuration steps. 

I have the option of "show banner" but not the option to configure banner. Can you help with this? This is a requirement for a customer using the product. 

 

Thank you

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to garrycorker

‎07-22-2020 10:17 PM

The option for a login banner on FTD is set in the managing FMC as a platform setting. See the following example:

FTD Banner.PNG

 

If you're using Firepower Device Manager I don't believe there's an option to set a banner (as of Firepower 6.6).

0 Helpful

jwc4521
Level 1
Level 1
In response to nspasov

‎11-23-2020 01:08 PM

hi. i had the same issue described above. I am using a FPR-2100 series (2120)...

"after i ssh into the device, i connect to fxos (ver 2.8) via cli
I enter the following commands: scope security > secuirty# scope banner > banner# scope post-login-banner > create post-login-banner*# > set message
i receive prompt to enter post-login-banner and once finished enter ENDOFBUF
i exit back out to promot fxos# and enter commit-buffer and receive the following error
error: Changes not allowed. use: 'connect ftd' to make changes.
i enter connect ftd to change to this OS; however, there is no option to commit-buffer.

am i missing something? thanks for the assist!"

 

0 Helpful

garrycorker
Level 1
Level 1
In response to jwc4521

‎11-24-2020 06:20 AM

My device did not support the banner option. Even though it would allow me to enter the information, it would not display. This is a known issue with my virtual device. I contacted CISTAC and there was nothing I could to.
0 Helpful

jwc4521
Level 1
Level 1

‎11-23-2020 01:04 PM

after i ssh into the device, i connect to fxos (ver 2.8) via cli
I enter the following commands: scope security > security# scope banner > banner# scope post-login-banner > create post-login-banner*# > set message
i receive prompt to enter post-login-banner and once finished enter ENDOFBUF
i exit back out to prompt fxos# and enter commit-buffer and receive the following error
error: Changes not allowed. use: 'connect ftd' to make changes.
i enter connect ftd to change to this OS; however, there is no option to commit-buffer.

am i missing something? thanks for the assist!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card