Before you begin the reimage process, ensure the following items:
If you plan to reimage a Defense Center (DC) or stand-alone sensor, you should backup your appliance before you proceed.
Identify the model number of your sensor and verify that this document is appropriate.
Obtain a Sourcefire branded USB keyfob that comes with Sourcefire appliance packaging.
If you can not find the keyfob, please contact Cisco Technical Support Team.
A generic USB keyfob is not compatible.
Download the appropriate installation guide and .iso disk image for your desired software version from cisco support site. An .iso file should be copied to a host running an SSH server. The SSH server has to be reachable from the management network of the Sourcefire appliance that will be reimaged. If an SSH server is unavailable, you may use a DC for this process.
Do not plug a KVM switch when you upgrade or reimage a Defense Center or a Sensor.
Do not rename an .iso image file. An .iso image is not copied to the Sourcefire USB keyfob. Verify the md5sum of the .iso after you download.
The 3D Sensor and DC Installation Guides has been attached with this document. It provides detail instructions for reimage on chapter 5 "Restoring a 3D Sensor/Defense Center to Factory Defaults". In addition, a detail step-by-step screenshots have been provided below.
The following example uses Version 4.10 when the screenshots were captured. The reimage process is identical for Version 4.10.x and 5.x except for the version numbers displayed on a screen.
Note: For 3D500/1000/2000 sensors press Ctrl + U slowly and repeatedly when the Sourcefire splash screen appears; continue until the splash screen disappears to boot from the USB.
Figure 4: Choose option 0 if you are using a keyboard and monitor.
Figure 8: To select the network device, press spacebar.
Figure 16: SCP protocol is recommended.
Figure 17: It is possible to use a Defense Center as the SCP server for this step.
Note: If you get a connectivity error at this point instead of the expected message, verify your connection to the SSH server.
Figure 21: To select an iso image, press spacebar.
Note: It is required to use the default filename for an iso file, or the file may not be detected at this step.
Figure 23: Support recommends skipping option 3 (Select Patches/SEUs) during this process. Patches and SEUs can be installed after the reimage is complete.
Before a sensor comes back up (while the screen is still blank), power down the sensor. Then, remove the USB drive and power up the appliance.
For 3D500, 3D1000 and 3D2000 sensors, disconnect the power cord from the 3D Sensor, making sure to slide the plastic housing back from the socket.
For 3D2100, 3D3500, 3D4500 and 3D6500 sensors, press the power button.
If you do not power down the 3D Sensor in time, you must wait until it finishes booting. Then, for 3D500, 3D1000 and 3D2000 sensors, log in and enter the following command at the CLI, and finally power down the appliance by disconnecting the power cord.
sudo shutdown -h now
For 3D2100/3500/4500 and 3D6500 sensors, wait until the appliance boots from the USB drive, then press the power button.
Hello, This topic is partially related to 'VPN Certificate Using ISE' - https://community.cisco.com/t5/identity-services-engine-ise/vpn-certificate-auth-using-ise/td-p/3513185 I understand ISE is in charge of policies once an Anyconnect use...
Hi,I'm trying to nail some topics on ISE configuration, and understand the logic of the flows so to say.There are indeed some good documents out there, but I'm missing some details.Some flows use NetworkAccess (dictionary?) UseCase (attribute?) to "stitch...
I have a branch office with an IPSec tunnel to the core data center. For the interesting traffic, it's the branch subnet (10.2.0.0/24) to 10.0.0.0/8. This branch now has a need to reach another branch office, so rather than hairpin the traffic off th...
Hi Everyone,suddenly when I has restored my config from VE edition to X210 edition and I restart the appliance, the smc login page is not came out.The config from VE edition still coming when I restore image and restore default config using sysadmin login...