Hi @Milos_Jovanovic?,

I have description on VMware vCenter "Cisco FTDv Cisco Systems, Inc. 170 West Tasman Dr San Jose, CA 95134 USA", but I have service contract (expired) "Cisco NGIPSv for VMWare Appliance" (product number FP-VMW-IPS-K9). Is there a difference between the command prompt FTDv and NGIPSv? The sensor is currently work in inline mode on production.

I would say that VMware output is more accurate, as that is what is actually installed. At some point, Cisco renamed its security devices, so once it was called Sourcefire, after that firePOWER, after that Firepower, etc. Same way, software releases followed it's naming and versions. I would expect same (or very similar) prompt, so you would not be able to differentiate based on CLI prompt.

Also, as far as I'm aware, 'FP-VMW-IPS-K9' is End-of-Sale, so you probably need to update part number.

If this device is in production, it will be very challenging task to reimage it, as you'll loose all configuration from it. From where it is managed today?

BR,

Milos

@Milos_Jovanovic 

This device was connected to FMCv (trial version). After the expiration FMCv of the temporary license, I could not access either the FMC or the device.

Thank you for assistance. 

Hey @AlexanderD,

There are multiple things that don't add up here for me.

I don't remember last time I saw expired trial license on FMCv, but, as I remember, it won't block your access completelly. Idea is always to place some restrictions on management side, but it should allow you to add licenses. It also doesn't block login itself for FTDv, while it should not enforce your security rules (like URL filtering and similar).

Also, you mentioned that you placed this setup in prodution, with trial licenses, which is also very risky from my standpoint.

If you manage to restore access to your FMCv (and you should be able to do so by following this guide), an idea that crosses my mind would be to implement some AAA method (RADIUS or LDAP), and to login that way.

BR,

Milos

@Milos_Jovanovic 

I have access to CLI FMCv, but after resetting the GUI password (sudo usertool.pl -p 'admin password') I cannot log in Web GUI. I did a server reboot after resetting the admin GUI password. 

Error GUI: 

"Unable to authorize access. If you continue to have difficulty accessing this device, please contact the system administrator".

For information: version FMCv 6.5.0.

Can you try access to Web GUI using same password you are using for CLI? Are you accessing CLI with 'admin' user?

BR,

Milos

@Milos_Jovanovic ,

Yes. I tried access with 'admin' user to Web GUI using same password from CLI and password  from  usertool.pl.

@AlexanderD 

That is weird. You did reboot FMC afterwards (as instructed in step 6)?

Do you have External authentication configured by any chance on it (although admin account would always work, even when External authentication is configured)?

BR,

Milos

@Milos_Jovanovic ,

Yes, I did. I rebooted FMCv afterwards. Unfortunately I didn't have external authentication configured.

BR,

Alexander

@AlexanderD,

Well, you did everything you should and by the book. If it is still not working, this is for a TAC engineer then.

BR,

Milos

@Milos_Jovanovic,

Thank you for assistance.

BR,

Alexander