This Article explain way to back and restore configuration of ASA running on Firepower 2100 series platform.
When you run ASA on Firepower 2100 platform, you have two software, FXOS and ASA on the platform. You need to backup config on both software. As on ASA 9.8.2, you can backup ASA config using Copying "show running-config". FXOS needs manual configuring.
Backup ASA Configuration:
ASA Configuration can be backup with any one of below items.
1) Copy running-config ftp:/scp:/smb:/tftp: (Copying ASA running configuration to ftp, scp, SMB, tftp, through Management or any of data interfaces)
2) Copy startup-config ftp:/scp:/smb:/tftp: (Copying ASA running configuration to ftp, scp, SMB, tftp, through Management or any of data interfaces)
3) Simply copy (show running-config) and paste to text file
Restoring ASA Configuration:
Restoring ASA config to ASA can be either of below steps.
1) Simply copy past ASA config file on ASA console/Terminal.
2) Copy ftp:/scp:/smb:/tftp: running-config
FXOS Configuration Backup & Restore:
Since FXOS on FP2100 doesn't have backup option, all configurations need to be noted down manually. "show tech-support fprm" can be also used, which have some of below configuration.
You may use FCM Firepower Chassis Manager or FXOS CLI to configure below parameters.
Firepower Chassis Manager: https://<FXOS-IP>
Management IP address for FXOS:
firepower-2110#Scop fabric-interconnect a
firepower-2110 /fabric-interconnect #set out-of-band static/DHCP
DNS Config:
firepower-2110#Scope system
firepower-2110 /System#Scope Services
firepower-2110 /system/services # create dns
NTP / Time Config:
firepower-2110#Scope system
firepower-2110 /System#Scope Services
firepower-2110 /system/services #set clock
firepower-2110 /system/services #set timezone
firepower-2110 /system/services #create ntp-server
DHCP Server:
firepower-2110#Scope system
firepower-2110 /System#Scope Services
firepower-2110 /system/services #enable dhcp-server
Interface Port-Channel and interface allocation:
firepower-2110# scope eth-uplink
firepower-2110 /eth-uplink # scope fabric a
firepower-2110 /eth-uplink/fabric # create port-channel
Https/SSH Service Enable/Disable:
firepower-2110#Scope system
firepower-2110 /System#Scope Services
firepower-2110 /system/services #enable/disable https/ssh-server
FXOS HTTP/SNMP/SSH Access/Restriction:
firepower-2110#Scope system
firepower-2110 /System#Scope Services
firepower-2110 /system/services # create ip-block
firepower-2110 /system/services # create ipv6-block
FXOS domain Configuration:
firepower-2110#Scope system
firepower-2110 /System#Scope Services
firepower-2110 /system/services # set domain-name
SYSLOG:
firepower-2110#Scope system
firepower-2110 /system # scope monitoring
firepower-2110 /monitoring # enable/disable syslog
FIPS & Common Criteria:
firepower-2110#Scope system
firepower-2110 /system # Scope security
firepower-2110 /security #enable/disable cc-mode {Common Criteria}
firepower-2110 /security #enable/disable fips-mode {FIPS}
Local User:
firepower-2110#Scope system
firepower-2110 /system # Scope security
firepower-2110 /security # create local-user / set password
Hostname:
firepower-2110#Scope system
firepower-2110 /System# set name
Session timeout:
firepower-2110#Scope system
firepower-2110 /system # Scope security
firepower-2110 /security # scope default-auth (set session-timeout)