Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
11700
Views
55
Helpful
9
Replies

not able to exit out of firepower-module> on Cisco FTD 4100

Go to solution
vaibhav.parlekar1
Level 1
Level 1

‎05-23-2018 04:06 PM - edited ‎02-21-2020 07:48 AM

Hi All,

 

I am not able to exit out of the firepower module back into FXOS from Cli. I tried exit command also tried ~ as well. but it does not accept the command.

We have changed the management ip of the chassis and we are able to access it via SSH but the webgui of the chassis manager is not opening. Hence we want to get back into FXOS to see if there are any configurations out here to get the chassis manager GUI back.

 

can someone please help me get back to the FXOS or the chassis manager GUI back. 

Regards

Vaibhav

 

2 people had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to vaibhav.parlekar1

‎05-24-2018 12:27 AM

Since you're starting anew a reset might be in order.

 

Are you aware that the physical chassis management port is the one used by Firepower Chassis Manager and the FX-OS cli? That one requires a unique IP address distinct from the address assigned to the FTD logical device.

 

While you can access the FTD cli via ssh to the chassis management interface and then doing the "connect module 1 console" and "connect ftd" commands, that is not normally how you would get in as it's a bit convoluted.

 

The address assigned to the FTD logical device is associated with a separate physical interface on the chassis which you must assign from FCM or the FX-OS cli.

 

f you haven't read it yet, I highly recommend the "Cisco Firepower Threat Defense" book by Nazmul Rajib. Chapter 6 explains the above in much more detail. It's available from Cisco Press, Amazon.com or via Safari Books online.

View solution in original post

9 Replies 9

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-23-2018 08:12 PM

It sounds like you are logged into the logical device management interface directly vs. via the chassis management port.

 

Only when you log into the latter can you move between the chassis management interface, the module and the logical device (FTD).

0 Helpful

Go to solution
vaibhav.parlekar1
Level 1
Level 1
In response to Marvin Rhoads

‎05-23-2018 09:42 PM

Hi Marvin,

 

Thanks a lot for your prompt response. I had initially logged into the device using the same IP address by which I was able to access the Chassis manager GUI.

 

I SSHed into the firewall on the same IP address. then using the configure network command I changed the ip address of the management interface of the firewall. Before changing the ip address it's the same interface which was configured as management from the chassis manager.

 

Now I am able to SSH to the changed IP address and ping it as well. but the chassis manager gui does not load at all.

 

One more thing I noted was initally before the change of IP address when I would SSH into the appliance I would login to the default prompt from where I could navigate into the FXOS. But after the change of IP address I directly log into firepower-module> prompt and it only lets me connect to FTD module and does not let me exit into the FXOS Cli.

 

from the documentation I guess this is the way to setup the management interface of the chassis right. I have not configured the FMC yet.

 

Kindly please let me know.

 

Regards

 

Vaibhav

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to vaibhav.parlekar1

‎05-23-2018 11:55 PM

Hmm, it appears you've setup something incorrectly. Normally you would:

 

a. bootstrap the chassis from console or physical management port.

b. assign physical interfaces to the logical device (FTD), connect to it (from the FX-OS cli interface or Firepower Chassis Manager GUI) and run configure-network to assign a unique IP address to the allocated physical management interface that will be used by FTD.

c. login to the FTD module directly via its assigned and configured management interface and add manager (the FMC).

 

When you "connect-ftd" from the "firepower-module" prompt does that work? If so, what does the IP address show as when you "show network".

 

Have you tried connecting to the front panel serial console port? What do you see there? ("connect local-mgmt" and "show mgmt-port")

0 Helpful

Go to solution
vaibhav.parlekar1
Level 1
Level 1
In response to Marvin Rhoads

‎05-24-2018 12:06 AM

Hi marvin

 

Thanks again. Like I had mentioned earlier since we are moving the firewall to a new network we wanted to change the firewall network settings. Hence before we changed the IP address the FTD physical interface which is mapped to the logical device was used as dedicated port for management.

 

We changed that ip address. Yes we can connect to FTD using the connect ftd command. And we had used the configure network command to change the ip address. So after connecting to FTD from Cli we used the show network command.

 

We are able to see the ip address that we had assigned via Cli to which we are able to SSH to the firewall.

Management 0 state enabled

IPv4 configuration we are able to see the ip address, subnet mask etc.

 

Is there something we have missed or we are left with only option to factory reset the firewall?

 

Vaibhav

 

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to vaibhav.parlekar1

‎05-24-2018 12:27 AM

Since you're starting anew a reset might be in order.

 

Are you aware that the physical chassis management port is the one used by Firepower Chassis Manager and the FX-OS cli? That one requires a unique IP address distinct from the address assigned to the FTD logical device.

 

While you can access the FTD cli via ssh to the chassis management interface and then doing the "connect module 1 console" and "connect ftd" commands, that is not normally how you would get in as it's a bit convoluted.

 

The address assigned to the FTD logical device is associated with a separate physical interface on the chassis which you must assign from FCM or the FX-OS cli.

 

f you haven't read it yet, I highly recommend the "Cisco Firepower Threat Defense" book by Nazmul Rajib. Chapter 6 explains the above in much more detail. It's available from Cisco Press, Amazon.com or via Safari Books online.

Go to solution
vaibhav.parlekar1
Level 1
Level 1
In response to Marvin Rhoads

‎05-31-2018 10:53 AM

Thanks Marvin,

Vaibhav
0 Helpful

Go to solution
ravi.et
Level 1
Level 1

‎10-29-2019 05:17 AM

- Press shift+~ key

- u will go in telnet> mode

- type q and hit enter key , you will get back to chassis (fxos)

 

Example :-

Firepower-module1>
Firepower-module1>  -----> here i pressed shift+~ key
telnet> q
Connection closed.
Firepower-2-A#

Note:- if you login directly with FTD IP then you can exit from  Firepower-module1> by just typing exit, above scenario comes only when you login to chassis (fxos) IP and then use to go to FTD 

Go to solution
michelet.jean-gilles@mlp.com
Level 1
Level 1
In response to ravi.et

‎12-07-2021 03:01 PM

Thanks ravi.et that was very helpful!

0 Helpful

Go to solution
egilkey
Cisco Employee
Cisco Employee
In response to ravi.et

‎03-08-2024 01:33 PM

This should have been marked as the solution. Thanks!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card