cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5701
Views
0
Helpful
10
Replies

How to capture Login Banner details in FTD CLI

hkchoudhary
Level 1
Level 1
I have a requirement of capturing the login banner details which is one of the requirements of the baseline compliance i am working on. I configured a custom pre-login banner from FMC GUI successfully and I am able to see the custom banner but if I try to look for the banner configuration in FTD CLI by running commands like "show running-config banner login", "show banner login", "show running-config | grep banner" but I cannot find the banner details in FTD CLI, any idea around it how to capture this information via command line?
10 Replies 10

nspasov
Cisco Employee
Cisco Employee

What hardware model are you using? In the new Firepower appliances, the banners are stored and managed in FXOS. For instance, if you are running Firepower 1K/2K, you can obtain the banner by:

Connecting to the console port (Or ssh to the device and then issue "connect fxos") > Scope security > Scope banner > show pre-login-banner

I hope this helps!

Thank you for rating helpful posts!

Hi @nspasov,

Thank you for the quick response. I have an ASA Series device so  I am unable to run connect command from FTD CLI. Below are the details for my VM :
Model: Cisco Firepower Threat Defense for VMWare (75) Version 6.2.3 (Build 20)

Cisco Adaptive Security Appliance Software Version 9.9(1)52
Firepower Extensible Operating System Version 2.3(1.54)

Hardware: ASAv, 8192 MB RAM, CPU Xeon E5 series 2197 MHz, 1 CPU (4 cores)
Model Id: ASAv30
Any advice on how to capture the banner details from the FTD CLI in this case?

Hmm, sorry but I don't have an ASA appliance to test this with...perhaps someone else can chime in here...

Thank you for rating helpful posts!

What are you running exactly? If it's a VM, it must be either an ASAv or an FTDv.

Thank you!

 

Can you also share the steps to configure Login Banner message in FTD CLI.

I am using the Cisco FTD  for VMWare (75) Version 6.3.0.6 (Build 34)

I need to put in a pre-login banner and cannot seem to figure out the configuration steps. 

I have the option of "show banner" but not the option to configure banner. Can you help with this? This is a requirement for a customer using the product. 

 

Thank you

The option for a login banner on FTD is set in the managing FMC as a platform setting. See the following example:

FTD Banner.PNG

 

If you're using Firepower Device Manager I don't believe there's an option to set a banner (as of Firepower 6.6).

hi. i had the same issue described above. I am using a FPR-2100 series (2120)...

"after i ssh into the device, i connect to fxos (ver 2.8) via cli
I enter the following commands: scope security > secuirty# scope banner > banner# scope post-login-banner > create post-login-banner*# > set message
i receive prompt to enter post-login-banner and once finished enter ENDOFBUF
i exit back out to promot fxos# and enter commit-buffer and receive the following error
error: Changes not allowed. use: 'connect ftd' to make changes.
i enter connect ftd to change to this OS; however, there is no option to commit-buffer.

am i missing something? thanks for the assist!"

 

My device did not support the banner option. Even though it would allow me to enter the information, it would not display. This is a known issue with my virtual device. I contacted CISTAC and there was nothing I could to.

jwc4521
Level 1
Level 1

after i ssh into the device, i connect to fxos (ver 2.8) via cli
I enter the following commands: scope security > security# scope banner > banner# scope post-login-banner > create post-login-banner*# > set message
i receive prompt to enter post-login-banner and once finished enter ENDOFBUF
i exit back out to prompt fxos# and enter commit-buffer and receive the following error
error: Changes not allowed. use: 'connect ftd' to make changes.
i enter connect ftd to change to this OS; however, there is no option to commit-buffer.

am i missing something? thanks for the assist!

Review Cisco Networking for a $25 gift card