USBメモリを使用して FPR2100 シリーズを rommon> から ASA に Re-imageする方法を紹介します。

本ドキュメントは、FPR2120 バージョン 9.20.2.2 にて確認、作成をしています。

必要なもの

• コンソールアクセス
• USBメモリ（FAT32フォーマットが必須）
• ASA イメージ

※システムが稼働中にUSBドライブを挿入した場合、システムがUSBドライブを認識するために再起動する必要があります。

作業の大まかな流れ

1. 電源 OFF/ON で rommon> モードへ移行
2. rommon> で 'factory-reset' を実行
3. rommon> で 'boot' を実行
4. FXOS 上で 'format-everything' を実行
5. rommon> でイメージのダウンロードを実行（USBメモリからのダウンロード）
6. FXOS 上で 'download image' を実行（USBメモリからのダウンロード）
7. FXOS 上で 'install security-pack' を実行

以下はCLI上で行う作業の詳細となります。

###### Power OFF/ON 後
*******************************************************************************
Cisco System ROMMON, Version 1.0.12, RELEASE SOFTWARE
Copyright (c) 1994-2019 by Cisco Systems, Inc.
Compiled Mon 06/17/2019 16:23:23.36 by builder
*******************************************************************************

Current image running: Boot ROM0
Last reset cause: PowerCycleRequest (0x00002000)
DIMM_1/1 : Present
DIMM_2/1 : Absent

Platform FPR-2120 with 16384 MBytes of main memory
BIOS has been successfully locked !!
MAC Address: 70:0f:6a:5d:99:00

Use BREAK or ESC to interrupt boot.
Use SPACE to begin boot immediately.

###### Escapeキーを押して Boot を中断させる

Boot interrupted.

rommon 1 > factory-reset　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　###### 'factory-reset' を実行
Warning: All configuration will be permanently lost with this operation 
and application will be initialized to default configuration.
This operation cannot be undone after booting the application image.

Are you sure you would like to continue ? yes/no [no]: yes　　　　　　　　　　　　　###### 'yes' を入力
Please type 'ERASE' to confirm the operation or any other value to cancel: ERASE　　###### 'ERASE' を入力

Performing factory reset...
Located '.boot_string' @ cluster 1003576.


Rommon will continue to boot the application: disk0:installables/switch/fxos-k8-fp2k-lfbff.2.12.1.73.SPA 
Are you sure you would like to continue ? yes/no [no]: no　　　　　　　　　　　　　 ###### 'no' を入力


Execute 'boot' command afterwards for factory-reset to be initiated.
Use of reset/reboot/reload command will cancel the factory-reset request!

rommon 2 >
rommon 2 > boot　　　　　　　　　　　　　　　　　　　　　　　　　　　　　 　　　　　###### 'boot' を実行 
Located 'installables/switch/fxos-k8-fp2k-lfbff.2.12.1.73.SPA' @ cluster 750734.

#############################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################

+-------------------------------------------------------------------+
+------------------------- SUCCESS ---------------------------------+
+-------------------------------------------------------------------+
| |
| LFBFF signature authentication passed !!! |
| |
+-------------------------------------------------------------------+
LFBFF signature verified.
+-------------------------------------------------------------------+
+------------------------- SUCCESS ---------------------------------+
+-------------------------------------------------------------------+
| |
| LFBFF controller type check passed !!! |
| |
+-------------------------------------------------------------------+

Linux version: 4.18.45-yocto-standard (oe-user@oe-host) #1 SMP Tue Feb 27 20:46:34 UTC 2024
kernel_image = 0x8da23fa8, kernel_size=0x7192a0
Image validated
INIT: version 2.88 booting
Starting udev
Hardware tweak APPLIED: Disable SATA Throttle.1
Hardware tweak APPLIED: Disable SATA Throttle.2
Configuring network interfaces... done.
Starting random number generator daemon.
Starting TAm services ...
Device configuration status = TAM_SUCCESS
TAm Services started successfully
Starting Power Off Shutdown Handler (poshd)
poshd: using FPGA version 2.0.00 and PSEQ version 2.13
Primary SSD discovered
Rommon requested SSD reformat
Formating SSD...
Creating config partition: START: 1MB END: 1001MB
mke2fs 1.44.3 (10-July-2018)
/dev/sda1 contains a ext3 file system
last mounted on /opt/cisco/config on Tue Mar 7 13:34:43 2023
Discarding device blocks: done 
Creating filesystem with 244224 4k blocks and 61056 inodes
Filesystem UUID: 96657021-c781-4ab5-9df2-01b2198ec28c
Superblock backups stored on blocks: 
32768, 98304, 163840, 229376

Allocating group tables: done 
Writing inode tables: done 
Creating journal (4096 blocks): done
Writing superblocks and filesystem accounting information: done

Creating log partition: START: 1001MB END: 2001MB
mke2fs 1.44.3 (10-July-2018)
/dev/sda2 contains a ext3 file system
last mounted on /opt/cisco/platform/logs on Tue Mar 7 13:34:43 2023
Discarding device blocks: done 
Creating filesystem with 243968 4k blocks and 61056 inodes
Filesystem UUID: a77daf19-6188-47f4-ab8a-a7fadf73e6c4
Superblock backups stored on blocks: 
32768, 98304, 163840, 229376

Allocating group tables: done 
Writing inode tables: done 
Creating journal (4096 blocks): done
Writing superblocks and filesystem accounting information: done

Creating coredump partition: START: 2001MB END: 14001MB
mke2fs 1.44.3 (10-July-2018)
/dev/sda3 contains a ext3 file system
last mounted on Tue Mar 7 13:34:43 2023
Discarding device blocks: done 
Creating filesystem with 2929664 4k blocks and 732960 inodes
Filesystem UUID: 1d061c0f-8d10-4374-b84a-049736e7de0f
Superblock backups stored on blocks: 
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208

Allocating group tables: done 
Writing inode tables: done 
Creating journal (16384 blocks): done
Writing superblocks and filesystem accounting information: done

Creating csp partition: START: 14001MB END: 100%
meta-data=/dev/sda4 isize=256 agcount=4, agsize=5249344 blks
= sectsz=4096 attr=2, projid32bit=1
= crc=0 finobt=0, sparse=0, rmapbt=0
= reflink=0
data = bsize=4096 blocks=20997376, imaxpct=25
= sunit=0 swidth=0 blks
naming =version 2 bsize=4096 ascii-ci=0, ftype=1
log =internal log bsize=4096 blocks=10252, version=2
= sectsz=4096 sunit=1 blks, lazy-count=1
realtime =none extsz=4096 blocks=0, rtextents=0
Done with primary disk partition
fsck from util-linux 2.32.1
[/sbin/fsck.ext3 (1) -- /dev/sda1] fsck.ext3 -a /dev/sda1 
/dev/sda1: clean, 11/61056 files, 8244/244224 blocks
fsck(/dev/sda1) returned 0
fsck from util-linux 2.32.1
[/sbin/fsck.ext3 (1) -- /dev/sda2] fsck.ext3 -a /dev/sda2 
/dev/sda2: clean, 11/61056 files, 8244/243968 blocks
fsck(/dev/sda2) returned 0
fsck from util-linux 2.32.1
[/sbin/fsck.ext3 (1) -- /dev/sda3] fsck.ext3 -a /dev/sda3 
/dev/sda3: clean, 11/732960 files, 69567/2929664 blocks
fsck(/dev/sda3) returned 0
mount_disk_xfs. device: /dev/sda4, dir: /opt/cisco/csp, mount returned: 0.
fsck from util-linux 2.32.1
[/sbin/fsck.vfat (1) -- /dev/sdb1] fsck.vfat -a /dev/sdb1 
fsck.fat 4.1 (2017-01-24)
0x41: Dirty bit is set. Fs was not properly unmounted and some data may be corrupt.
Automatically removing dirty bit.
Performing changes.
/dev/sdb1: 6 files, 192832/1917824 clusters
fsck(/dev/sdb1) returned 1
fsck from util-linux 2.32.1
[/sbin/fsck.vfat (1) -- /dev/sdc1] fsck.vfat -a /dev/sdc1 
fsck.fat 4.1 (2017-01-24)
0x41: Dirty bit is set. Fs was not properly unmounted and some data may be corrupt.
Automatically removing dirty bit.
Performing changes.
/dev/sdc1: 59 files, 410228/1798466 clusters
fsck(/dev/sdc1) returned 1
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
FIPS POST Test Script
NOTICE: The FIPS POST is not run because the FIPS feature is not enabled
INIT: Entering runlevel: 3rst bo
Starting system message bus: dbus.
Starting OpenBSD Secure Shell server: sshd
generating ssh ed25519 key...
done.
Starting rpcbind daemon...done.
starting statd: done
Starting Advanced Configuration and Power Interface daemon: acpid.
acpid: starting up with netlink and the input layer
acpid: 1 rule loaded
acpid: waiting for events: event logging is off
Starting DHCP server: .
starting 8 nfsd kernel threads: done
starting mountd: done
Starting ntpd: done
Starting internet superserver: xinetd.
Starting Octeon NPU ... 
Rename eth2 interface to tap0
Configure tap0 for internal control traffic between x86-octeon
Starting Octeon NPU ... success
Starting fan control daemon: fancontrol... done.
INFO: check KcFPGA version...
INFO: check ctrlFPGA version...
INFO: beginning of manager_install
INFO: manager_install: fxmgr=/mnt/boot/installables/switch/fxos-k9-fp2k-manager.2.12.1.73.SPA chmgr= update=false
INFO: manager_install: fxmgr is dummy, skip_fxmgr_install=true
INFO: in validating image ...
INFO: manager_validate_image: fxmgr_absfilename /mnt/boot/installables/switch/fxos-k9-fp2k-manager.2.12.1.73.SPA
INFO: Validating image /mnt/boot/installables/switch/fxos-k9-fp2k-manager.2.12.1.73.SPA signature ...
: File /mnt/boot/installables/switch/fxos-k9-fp2k-manager.2.12.1.73.SPA size 1296
Done!
Computed Hash SHA2: c85305c3ca44ca2f4a11670050fd7af7
a7740e4aa26d61b7ba73b3a62d4927b2
cc85e3611d7293cee274724ef36aa416
2bd82143d02751ffdd60b61db68b9e3b

Embedded Hash SHA2: c85305c3ca44ca2f4a11670050fd7af7
a7740e4aa26d61b7ba73b3a62d4927b2
cc85e3611d7293cee274724ef36aa416
2bd82143d02751ffdd60b61db68b9e3b

The digital signature of the file: fxos-k9-fp2k-manager.2.12.1.73.SPA verified successfully
INFO: manager_install: skip_fxmgr_install=true - delete unnecessary files and skip
INFO: deleting unnecessary xml file..!!
INFO: deleted unnecessary xml file..!!
INFO: manager_post_install ...
INFO: manager_post_install: fxmgr=/mnt/boot/installables/switch/fxos-k9-fp2k-manager.2.12.1.73.SPA chmgr= update=false
INFO: manager_post_install: fxmgr is dummy
INFO: manager_post_install: Linking libraries ...
INFO: manager_post_install: Linking binaries ...
Completed system initial setup.
INFO: Trying to add iptables and ip6tables rules ...
INFO: Set up Application Diagnostic Interface ...
INFO: Configure management0 interface ...
INFO:bringup eth1...
INFO:Configure lldp interfaces ...
FPR-21xx: Create and bringup lldp sub-interface on lldp-Ethenet1/1 to lldp-Ethernet1/16

INFO: Configure system files ...
INFO: System Name is: firepower-2120
Starting sensors logging daemon: sensord... done.
INFO: /mnt/boot/installables/switch/fxos-k8-fp2k-npu.2.12.1.73.SPA
INFO: Need to validate the image
: File /mnt/boot/installables/switch/fxos-k8-fp2k-npu.2.12.1.73.SPA size 74365072
Done!
Computed Hash SHA2: 1139e7240671d911d9be632bcf765501
4d89f5e1cd13cbeea73e761c76c56aed
e65c41eba08361666734bd475b82ec91
02b64fb1e54a8fa9fe2040dd621c3adf

Embedded Hash SHA2: 1139e7240671d911d9be632bcf765501
4d89f5e1cd13cbeea73e761c76c56aed
e65c41eba08361666734bd475b82ec91
02b64fb1e54a8fa9fe2040dd621c3adf

The digital signature of the file: fxos-k8-fp2k-npu.2.12.1.73.SPA verified successfully
INFO: Creating directory /tmp/npu
INFO: all files are there ...
INFO: console : ttyS0, speed : 9600
INFO: manager_startup: setting up fxmgr apache ...
INFO: manager_startup: Start manager httpd setup...
INFO: manager_startup: /opt/cisco/config/certstore/default.key not found on platform, re-generating files
INFO: kp_startup.sh created apache default symlinks.
INFO: manager_startup: reset httpd app config to default
httpdRegister INFO: [httpd.2708 -4 192.168.45.45 -n localhost]
httpdRegister INFO: Starting httpd setup/registration...
httpdRegister INFO: Completed httpd setup/registration!
INFO: httpdRegister [httpd.2708 script exit]
INFO: manager_startup: Completed manager httpd setup!
Starting crond: OK
FTD
Starting Octeon Serial Logd... 
Starting OcteoINFO: System Disks /dev/sda is present. Status: Operable. /dev/sdb is present. Status: Inoperable.


firepower-2120 login: admin　　　　　　　　　　　　　　　　　　###### admin/Admin123 でログイン (このパスワードはDefault)
Waiting for Application infrastructure to be ready...

Password: Verifying the signature of the Application image...

Successful login attempts for user 'admin' : 1
FTD loading please wait...0...
FTD loading please wait...1...
Mar 19 10:34:06 firepower-2120 rst_manager: Reset Manager not required on this platform: 1
Mar 19 10:34:14 firepower-2120 FPRM: <<%FPRM-2-DEFAULT_INFRA_VERSION_MISSING>> [F1309][critical][default-infra-version-missing][org-root/fw-infra-pack-default] Bundle version in firmware package is empty, need to re-install
FTD loading please wait...2...
Mar 19 10:34:19 firepower-2120 port-manager: Alert: Ethernet1/16: inserted SFP NOT supported: model(SFP-H10GB-CU1M ), version(V03), serial number(TED2228A2TJ ), module_id(SFP_10G_PAS_CX1_1)
Mar 19 10:34:19 firepower-2120 port-manager: Alert: Ethernet1/15: inserted SFP NOT supported: model(SFP-H10GB-CU1M ), version(V03), serial number(TED2228A499 ), module_id(SFP_10G_PAS_CX1_1)
Mar 19 10:34:19 firepower-2120 port-manager: Alert: Ethernet1/14: inserted SFP NOT supported: model(SFP-H10GB-CU1M ), version(V03), serial number(JPC2232028X ), module_id(SFP_10G_PAS_CX1_1)
Mar 19 10:34:19 firepower-2120 port-manager: Alert: Ethernet1/13: inserted SFP NOT supported: model(SFP-H10GB-CU1M ), version(V03), serial number(JPC223203EP ), module_id(SFP_10G_PAS_CX1_1)
FTD loading please wait...3...
FTD loading please wait...4...
FTD loading please wait...5...
FTD loading please wait...6...
FTD loading please wait...7...
FTD loading please wait...8...
FTD loading please wait...9...
FTD loading please wait...10...
Mar 19 10:36:23 firepower-2120 FPRM: <<%FPRM-2-DEFAULT_INFRA_VERSION_MISSING>> [F1309][cleared][default-infra-version-missing][org-root/fw-infra-pack-default] Bundle version in firmware package is empty, need to re-install
FTD loading please wait...11...
FTD loading please wait...12...
FTD loading please wait...13...
FTD loading please wait...14...
FTD loading please wait...15...

Threat Defense System: CMD=-install, CSP-ID=cisco-ftd.7.2.8.25__ftd_001_JMX2221Y0J6NBX1TC1, FLAG=''
System begins installation ...
FTD loading please wait...16...
FTD loading please wait...17...
FTD loading please wait...18...
FTD loading please wait...19...
FTD loading please wait...20...
FTD loading please wait...21...
cisco ftd installation finished successfully.
FTD loading please wait...22...
FTD loading please wait...23...
Verifying signature for cisco-ftd.7.2.8.25 ...
FTD loading please wait...24...
FTD loading please wait...25...
Verifying signature for cisco-ftd.7.2.8.25 ... success
FTD loading please wait...26...
FTD loading please wait...27...

Threat Defense System: CMD=-start, CSP-ID=cisco-ftd.7.2.8.25__ftd_001_JMX2221Y0J6NBX1TC1, FLAG=''
System starting ...
Registering to process manager ...
FTD loading please wait...28...
FTD loading please wait...29...
FTD loading please wait...30...
Hello admin. You must change your password.
Cisco FTD started successfully.
Enter new password: *********　　　　　　　　　　　　　　　　###### 任意のパスワードを設定 (アスタリスクは出力されません)
Confirm new password: *********　　　　　　　　　　　　　　　###### 任意のパスワードを設定 (アスタリスクは出力されません)
Your password was updated successfully.

Cisco Firepower Extensible Operating System (FX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (c) 2009-2019, Cisco Systems, Inc. All rights reserved.

The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under
license.

Certain components of this software are licensed under the "GNU General Public
License, version 3" provided with ABSOLUTELY NO WARRANTY under the terms of
"GNU General Public License, Version 3", available here:
http://www.gnu.org/licenses/gpl.html. See User Manual (''Licensing'') for
details.

Certain components of this software are licensed under the "GNU General Public
License, version 2" provided with ABSOLUTELY NO WARRANTY under the terms of
"GNU General Public License, version 2", available here:
http://www.gnu.org/licenses/old-licenses/gpl-2.0.html. See User Manual
(''Licensing'') for details.

Certain components of this software are licensed under the "GNU LESSER GENERAL
PUBLIC LICENSE, version 3" provided with ABSOLUTELY NO WARRANTY under the terms
of "GNU LESSER GENERAL PUBLIC LICENSE" Version 3", available here:
http://www.gnu.org/licenses/lgpl.html. See User Manual (''Licensing'') for
details.

Certain components of this software are licensed under the "GNU Lesser General
Public License, version 2.1" provided with ABSOLUTELY NO WARRANTY under the
terms of "GNU Lesser General Public License, version 2", available here:
http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html. See User Manual
(''Licensing'') for details.

Certain components of this software are licensed under the "GNU Library General
Public License, version 2" provided with ABSOLUTELY NO WARRANTY under the terms
of "GNU Library General Public License, version 2", available here:
http://www.gnu.org/licenses/old-licenses/lgpl-2.0.html. See User Manual
(''Licensing'') for details.

firepower-2120# Cisco FTD initializing ...
Verify FSIC, File System Integrity Check
Configuring model to 77B...

firepower-2120# 
firepower-2120# verify_fsic(start)
Do not run FSIC twice for SSP systems...
Initializing Threat Defense ...
Obtained uid 501 and gid 501 for external user
vault.conf touch over for model 77 B
vault.conf touch over for model 77 B [ OK ]
Starting system log daemon...
Starting system log daemon... [ OK ]
fixing /ngfw/etc/logrotate-size.d/httpsd
Disk free check passed, creating swap...
Building swapfile /ngfw/Volume/.swaptwo of size 5891072kb


firepower-2120# 
firepower-2120# 
firepower-2120# connect local-mgmt 　　　　　　　　　　　　　　　　 　###### 'connect local-mgmt' を実行して 'local-mgmt' に移行
5891072+0 records in
5891072+0 records out
6032457728 bytes (6.0 GB, 5.6 GiB) copied, 15.4553 s, 390 MB/s
mkswap: /ngfw/Volume/.swaptwo: insecure permissions 0644, 0600 suggested.
firepower-2120(local-mgmt)# 
firepower-2120(local-mgmt)# format everything 　　　　　　　　　　　　###### 'format everything' を実行
Setting up swapspace version 1, size = 5.6 GiB (6032453632 bytes)
no label, UUID=b13ca0fb-aa86-43dd-b336-47910b62b53f
Adding swapfile /ngfw/Volume/.swaptwo
Flushing all current IPv4 rules and user defined chains: ...success
Clearing all current IPv4 rules and user defined chains: ...success
Applying iptables firewall rules: 
Flushing chain `PREROUTING'
Flushing chain `INPUT'
Flushing chain `OUTPUT'
Flushing chain `POSTROUTING'
Flushing chain `PREROUTING'
Flushing chain `OUTPUT'
Flushing chain `PREROUTING'
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Flushing chain `POSTROUTING'
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Applying rules successed
Flushing all current IPv6 rules and user defined chains: ...success
Clearing all current IPv6 rules and user defined chains: ...success
Applying ip6tables firewall rules: 
Flushing chain `PREROUTING'
Flushing chain `INPUT'
Flushing chain `OUTPUT'
Flushing chain `POSTROUTING'
Flushing chain `PREROUTING'
Flushing chain `OUTPUT'
Flushing chain `PREROUTING'
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Flushing chain `POSTROUTING'
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Applying rules successed
Starting nscd...
Starting nscd... [ OK ]
Starting , please wait......complete.
cleaning up *.TMM and *.TMD files
Firstboot detected, executing scripts
Executing S01virtual-machine-reconfigure ...
Executing S01virtual-machine-reconfigure took 0.01 sec
Executing S01virtual-machine-reconfigure took 0.01 sec [ OK ]
Executing S01vngfw-mgmt-configure ...
Executing S01vngfw-mgmt-configure took 0.01 sec
Executing S01vngfw-mgmt-configure took 0.01 sec [ OK ]
Executing S01z_copy_startup-config ...
Executing S01z_copy_startup-config took 0.01 sec
Executing S01z_copy_startup-config took 0.01 sec [ OK ]
Executing S02aws-pull-cfg ...
Executing S02aws-pull-cfg took 0 sec
Executing S02aws-pull-cfg took 0 sec [ OK ]
Executing S02b-alibaba-pull-cfg ...
Executing S02b-alibaba-pull-cfg took 0 sec
Executing S02b-alibaba-pull-cfg took 0 sec [ OK ]
Executing S02b-gcp-pull-cfg ...
Executing S02b-gcp-pull-cfg took 0 sec
Executing S02b-gcp-pull-cfg took 0 sec [ OK ]
Executing S02b-oci-pull-cfg ...
Executing S02b-oci-pull-cfg took 0 sec
Executing S02b-oci-pull-cfg took 0 sec [ OK ]
Executing S02configure_onbox ...

Executing S02configure_onbox took 0.36 sec
Executing S02configure_onbox took 0.36 sec [ OK ]
Executing S03generate_db_access.sh ...
All configuration and bootable images will be lost.
Do you still want to format? (yes/no):Executing S03generate_db_access.sh took 2.59 sec
Do you still want to format? (yes/no):yes　　　　　　　　　　　　　　　　　　　　　　　　###### 'yes' を入力
Executing S03generate_db_access.[ OK ]2.59 sec
Executing S05set-default-ipv4.pl ...
100+0 records in
100+0 records out
51200 bytes (51 kB, 50 KiB) copied, 0.016019 s, 3.2 MB/s
4+0 records in
4+0 records out
2048 bytes (2.0 kB, 2.0 KiB) copied, 0.000574051 s, 3.6 MB/s
100+0 records in
100+0 records out
51200 bytes (51 kB, 50 KiB) copied, 0.00605209 s, 8.5 MB/s

Broadcast message from root@firepower-2120 (Sun Mar 19 10:42:45 2023):

All shells being terminated due to system /sbin/reboot

Broadcast message from root@firepower-2120 (Sun Mar 19 10:42:46 2023):

System restarted due to disks being reformatted.
INIT: Switching2023 Mar 19 10:42:48.977 PMLOG:PM IPC UTILITY: Shutting down all ports
Stopping Octeon Serial Logd... 
Stopping Octeon Serial Logd... success
Stopping OpenBSD Secure Shell server: sshd
no /usr/sbin/sshd found; none killed
Stopping Octeon NPU ... 
Stopping Octeon NPU ... unreachable
Stopping Advanced Configuration and Power Interface daemon: stopped /usr/sbin/acpid (pid 1488)
acpid.
Stopping web server: apache2failed
Stopping system message bus: dbus.
Stopping DHCP server: dhcpd3no /usr/sbin/dhcpd found; none killed
.
stopping DNS forwarder and DHCP server: dnsmasq... no /usr/bin/dnsmasq found; none killed
stopping mountd: done
stopping nfsd: .done
Stopping ntpd: stopped process in pidfile '/var/run/ntp.pid' (pid 12002)
done
Stopping internet superserver: xinetd.
stopping statd: done
Stopping random number generator daemon.
Stopping domain name service: named.
Stopping crond: OK
Stopping rpcbind daemon...
done.
Stopping fan control daemon: fancontrol... no process in pidfile '/var/run/fancontrol.pid' found; none killed
done.
Stopping sensors logging daemon: sensord... stopped /usr/sbin/sensord (pid 2640)
done.
* Stopping virtualization library daemon: libvirtd
* Stopping virtualization library daemon: libvirtd [fail]
Deconfiguring network interfaces... done.
Stopping FreeRADIUS daemon radiusd Failed
Sun Mar 19 10:42:52 UTC 2023
Mar 19 10:42:53 firepower-2120 NVRAM: Confreg value: confreg = 0x1
SSP-Security-Module is shutting down ...
Sun Mar 19 10:42:54 UTC 2023 SHUTDOWN WARNING: Beginning System Shutdown request for CSP Apps
Sun Mar 19 10:42:54 UTC 2023 SHUTDOWN WARNING: Upgrade process ready for reboot
Sun Mar 19 10:42:54 UTC 2023 SHUTDOWN WARNING: Continue System Shutdown request for CSP Apps
omit_pids_opt: -o 550,521,525
Sun Mar 19 10:42:55 UTC 2023
Sending ALL processes the TERM signal ...
Note: SIGKILL_ALL will be triggered after after 1 + 2 secs ...
2023-03-19 10:42:57 logmonitor[55040]: syslog-ng not running. starting it.
Sun Mar 19 10:42:57 UTC 2023
Sending ALL processes the KILL signal ...
Sun Mar 19 10:42:58 UTC 2023
Deactivating swap...
Unmounting local filesystems...
Rebooting... [ 642.570638] reboot: Restarting system

*******************************************************************************
Cisco System ROMMON, Version 1.0.12, RELEASE SOFTWARE
Copyright (c) 1994-2019 by Cisco Systems, Inc.
Compiled Mon 06/17/2019 16:23:23.36 by builder
*******************************************************************************

Current image running: Boot ROM0
Last reset cause: ResetRequest (0x00001000)
DIMM_1/1 : Present
DIMM_2/1 : Absent

Platform FPR-2120 with 16384 MBytes of main memory
BIOS has been successfully locked !!
MAC Address: 70:0f:6a:5d:99:00

Use BREAK or ESC to interrupt boot.
Use SPACE to begin boot immediately.

###### Escapeキーを押して Boot を中断させる

Boot interrupted.

rommon 1 > 
rommon 1 > dir disk1:　　       　　　　　                      ###### USBメモリに保存するイメージファイルの確認
File System: FAT32
drw- 3 0 System Volume Information
-rw- 6 458120048 cisco-asa-fp2k.9.20.2.2.SPA　　　　　　　　　   ###### リイメージ用のイメージファイル
-rw- 55929 1121518400 cisco-ftd-fp2k.7.4.1-172.SPA

rommon 2 >
rommon 2 > boot disk1:/cisco-asa-fp2k.9.20.2.2.SPA　　　　　    ###### 'boot disk1:' を実行し、USBメモリに保存するイメージファイルをブートする
Located 'cisco-asa-fp2k.9.20.2.2.SPA' @ cluster 6.
will try boot bundle !! file size = 458120048

#############################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################

+-------------------------------------------------------------------+
+------------------------- SUCCESS ---------------------------------+
+-------------------------------------------------------------------+
| |
| LFBFF signature authentication passed !!! |
| |
+-------------------------------------------------------------------+
LFBFF signature verified.
+-------------------------------------------------------------------+
+------------------------- SUCCESS ---------------------------------+
+-------------------------------------------------------------------+
| |
| LFBFF controller type check passed !!! |
| |
+-------------------------------------------------------------------+

Linux version: 5.10.110-yocto-standard (oe-user@oe-host) #1 SMP Mon Dec 11 04:52:16 UTC 2023
kernel_image = 0x870caf38, kernel_size=0x8a0c60
Image validated
INIT: version 2.99 booting
Starting udev
Hardware tweak APPLIED: Disable SATA Throttle.1
Hardware tweak APPLIED: Disable SATA Throttle.2
Configuring network interfaces... done.
Starting random number generator daemon.
Starting TAm services ...
Device configuration status = TAM_SUCCESS
TAm Services started successfully
Starting Power Off Shutdown Handler (poshd)
poshd: using FPGA version 2.0.00 and PSEQ version 2.13
Primary SSD discovered
eMMC has incorrect partitions
Skipping prompt because disk is blank
Reformatting eMMC to clear error
Creating eMMC partition: START: 1 MB END: 100%
mkfs.fat 4.2 (2021-01-31)
Primary SSD has incorrect partitions
Skipping prompt because disk is blank
Formating Primary SSD...
Creating config partition: START: 1MB END: 1001MB
mke2fs 1.46.1 (9-Feb-2021)
/dev/sda1 contains a ext3 file system
last mounted on /opt/cisco/config on Sun Mar 19 10:33:08 2023
Discarding device blocks: done 
Creating filesystem with 244224 4k blocks and 61056 inodes
Filesystem UUID: f84982e2-1217-4080-91d5-6b1d7b8f9a2a
Superblock backups stored on blocks: 
32768, 98304, 163840, 229376

Allocating group tables: done 
Writing inode tables: done 
Creating journal (4096 blocks): done
Writing superblocks and filesystem accounting information: done

Creating log partition: START: 1001MB END: 2001MB
mke2fs 1.46.1 (9-Feb-2021)
/dev/sda2 contains a ext3 file system
last mounted on /opt/cisco/platform/logs on Sun Mar 19 10:33:08 2023
Discarding device blocks: done 
Creating filesystem with 243968 4k blocks and 61056 inodes
Filesystem UUID: b2147a90-e6b5-48f3-a1b7-975441238c09
Superblock backups stored on blocks: 
32768, 98304, 163840, 229376

Allocating group tables: done 
Writing inode tables: done 
Creating journal (4096 blocks): done
Writing superblocks and filesystem accounting information: done

Creating coredump partition: START: 2001MB END: 14001MB
mke2fs 1.46.1 (9-Feb-2021)
/dev/sda3 contains a ext3 file system
last mounted on Sun Mar 19 10:33:08 2023
Discarding device blocks: done 
Creating filesystem with 2929664 4k blocks and 732960 inodes
Filesystem UUID: bdebeaa6-89b6-4abf-b7de-1ef022453a12
Superblock backups stored on blocks: 
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208

Allocating group tables: done 
Writing inode tables: done 
Creating journal (16384 blocks): done
Writing superblocks and filesystem accounting information: done

Creating csp partition: START: 14001MB END: 100%
meta-data=/dev/sda4 isize=256 agcount=4, agsize=5249344 blks
= sectsz=4096 attr=2, projid32bit=1
= crc=0 finobt=0, sparse=0, rmapbt=0
= reflink=0 bigtime=0
data = bsize=4096 blocks=20997376, imaxpct=25
= sunit=0 swidth=0 blks
naming =version 2 bsize=4096 ascii-ci=0, ftype=1
log =internal log bsize=4096 blocks=10252, version=2
= sectsz=4096 sunit=1 blks, lazy-count=1
realtime =none extsz=4096 blocks=0, rtextents=0
Discarding blocks...Done.
Done with primary disk partition
fsck from util-linux 2.36.2
[/sbin/fsck.ext3 (1) -- /dev/sda1] fsck.ext3 -a /dev/sda1 
/dev/sda1: clean, 11/61056 files, 8244/244224 blocks
fsck(/dev/sda1) returned 0
fsck from util-linux 2.36.2
[/sbin/fsck.ext3 (1) -- /dev/sda2] fsck.ext3 -a /dev/sda2 
/dev/sda2: clean, 11/61056 files, 8244/243968 blocks
fsck(/dev/sda2) returned 0
fsck from util-linux 2.36.2
[/sbin/fsck.ext3 (1) -- /dev/sda3] fsck.ext3 -a /dev/sda3 
/dev/sda3: clean, 11/732960 files, 69567/2929664 blocks
fsck(/dev/sda3) returned 0
mount_disk_xfs. device: /dev/sda4, dir: /opt/cisco/csp, mount returned: 0.
fsck from util-linux 2.36.2
[/sbin/fsck.vfat (1) -- /dev/sdb1] fsck.vfat -a /dev/sdb1 
fsck.fat 4.2 (2021-01-31)
There is no label in boot sector, but there is volume label 'USBTEST' stored in root directory
Auto-copying volume label from root directory to boot sector.

*** Filesystem was changed ***
Writing changes.
/dev/sdb1: 6 files, 192832/1917824 clusters
fsck(/dev/sdb1) returned 1
fsck from util-linux 2.36.2
[/sbin/fsck.vfat (1) -- /dev/sdc1] fsck.vfat -a /dev/sdc1 
fsck.fat 4.2 (2021-01-31)
/dev/sdc1: 0 files, 1/1798465 clusters
fsck(/dev/sdc1) returned 0
useradd: warning: the home directory / already exists.
useradd: Not copying any file from skel directory into it.
useradd: warning: the home directory / already exists.
useradd: Not copying any file from skel directory into it.
useradd: warning: the home directory / already exists.
useradd: Not copying any file from skel directory into it.
useradd: warning: the home directory / already exists.
useradd: Not copying any file from skel directory into it.
useradd: warning: the home directory / already exists.
useradd: Not copying any file from skel directory into it.
useradd: warning: the home directory / already exists.
useradd: Not copying any file from skel directory into it.
FIPS POST Test Script
NOTICE: The FIPS POST is not run because the FIPS feature is not enabled
INIT: Entering runlevel: 3rst bo
Starting system message bus: dbus.
Starting haveged: haveged: command socket is listening at fd 3
haveged: haveged starting up
[ OK ]
Starting OpenBSD Secure Shell server: sshd
generating ssh ed25519 key...
done.
Starting rpcbind daemon...done.
starting statd: done
Starting Advanced Configuration and Power Interface daemon: acpid.
acpid: starting up with netlink and the input layer
acpid: 1 rule loaded
acpid: waiting for events: event logging is off
Starting DHCP server: .
starting 8 nfsd kernel threads: haveged: haveged: ver: 1.9.14; arch: x86; vend: GenuineIntel; build: (gcc 10.3.0 ITV); collect: 128K

haveged: haveged: cpu: (L4 VC); data: 32K (L4 V); inst: 32K (L4 V); idx: 23/40; sz: 31416/55235

haveged: haveged: tot tests(BA8): A:1/1 B:1/1 continuous tests(B): last entropy estimate 8.00066

haveged: haveged: fills: 0, generated: 0

done
starting mountd: done
Starting ntpd: done
Starting internet superserver: xinetd.
Starting Octeon NPU ... 
Rename eth2 interface to tap0
Configure tap0 for internal control traffic between x86-octeon
Starting Octeon NPU ... success
Starting fan control daemon: fancontrol... done.
INFO: System memory config check...
KeyError('fpr21xx',)
ERROR: RAM config check, error accessing data in sku_conf.json
INFO: check Rommon mode...
INFO: check KcFPGA version...
Non TPK/WA Platform.
INFO: beginning of manager_install
INFO: deleting unnecessary xml file..!!
INFO: deleted unnecessary xml file..!!
INFO: disaster recovery - use default service mgr
INFO: manager_post_install ...
INFO: manager_post_install: boot file does not exist
INFO: manager_post_install: fxmgr= chmgr= update=false
INFO: manager_post_install: Linking libraries ...
INFO: manager_post_install: Linking binaries ...
Completed system initial setup.
INFO: Trying to add iptables and ip6tables rules ...
INFO: Set up Application Diagnostic Interface ...
INFO: Configure management0 interface ...
INFO:bringup eth1...
INFO:Configure lldp interfaces ...
FPR-21xx: Create and bringup lldp sub-interface on lldp-Ethenet1/1 to lldp-Ethernet1/16
INFO: Configure system files ...
INFO: System Name is: firepower-2120
/etc/init.d/kp/init_kp.sh: line 43: /sbin/augenrules: No such file or directory
Starting sensors logging daemon: sensord... done.
INFO: file /mnt/boot/.boot_npu does not exist
INFO: console : ttyS0, speed : 9600
INFO: manager_startup: setting up fxmgr apache ...
INFO: manager_startup: Start manager httpd setup...
INFO: manager_startup: /opt/cisco/config/certstore/default.key not found on platform, re-generating files
INFO: manager_startup: reset httpd app config to default
httpdRegister INFO: [httpd.2719 -4 192.168.45.45 -n localhost]
httpdRegister INFO: Starting httpd setup/registration...
httpdRegister INFO: Completed httpd setup/registration!
INFO: httpdRegister [httpd.2719 script exit]
INFO: manager_startup: Completed manager httpd setup!
nscd: 2791 monitoring file `/etc/hosts` (1)
nscd: 2791 monitoring directory `/etc` (2)
nscd: 2791 monitoring file `/etc/resolv.conf` (3)
nscd: 2791 monitoring directory `/etc` (2)
nscd: 2791 monitoring file `/etc/nsswitch.conf` (4)
nscd: 2791 monitoring directory `/etc` (2)
Starting crond: OK
FTD
Starting Octeon Serial Logd... 
Starting OcteoINFO: System Disks /dev/sda is present. Status: Operable. /dev/sdb is present. Status: Inoperable.


firepower-2120 login: admin　　　　　　　　　　　　　　　　　　　　　　　　　　###### 'admin/Admin123' でログイン
Password:
Waiting for Application infrastructure to be ready...
Verifying the signature of the Application image...
Successful login attempts for user 'admin' : 1
System is coming up... Please wait...
System is coming up... Please wait...
System is coming up... Please wait...
Mar 19 10:48:01 firepower-2120 rst_manager: Reset Manager not required on this platform: 1
System is coming up... Please wait...
System is coming up... Please wait...
Mar 19 10:48:09 firepower-2120 FPRM: <<%FPRM-2-DEFAULT_INFRA_VERSION_MISSING>> [F1309][critical][default-infra-version-missing][org-root/fw-infra-pack-default] Bundle version in firmware package is empty, need to re-install
Hello admin. You must change your password.
Mar 19 10:48:15 firepower-2120 port-manager: Alert: Ethernet1/16: inserted SFP NOT supported: model(SFP-H10GB-CU1M ), version(V03), serial number(TED2228A2TJ ), module_id(SFP_10G_PAS_CX1_1)
Mar 19 10:48:15 firepower-2120 port-manager: Alert: Ethernet1/15: inserted SFP NOT supported: model(SFP-H10GB-CU1M ), version(V03), serial number(TED2228A499 ), module_id(SFP_10G_PAS_CX1_1)
Mar 19 10:48:15 firepower-2120 port-manager: Alert: Ethernet1/14: inserted SFP NOT supported: model(SFP-H10GB-CU1M ), version(V03), serial number(JPC2232028X ), module_id(SFP_10G_PAS_CX1_1)
Mar 19 10:48:15 firepower-2120 port-manager: Alert: Ethernet1/13: inserted SFP NOT supported: model(SFP-H10GB-CU1M ), version(V03), serial number(JPC223203EP ), module_id(SFP_10G_PAS_CX1_1)
Enter new password: 
Confirm new password: 
Your password was updated successfully.

Cisco Firepower Extensible Operating System (FX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (c) 2009-2019, Cisco Systems, Inc. All rights reserved.

The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under
license.

Certain components of this software are licensed under the "GNU General Public
License, version 3" provided with ABSOLUTELY NO WARRANTY under the terms of
"GNU General Public License, Version 3", available here:
http://www.gnu.org/licenses/gpl.html. See User Manual (''Licensing'') for
details.

Certain components of this software are licensed under the "GNU General Public
License, version 2" provided with ABSOLUTELY NO WARRANTY under the terms of
"GNU General Public License, version 2", available here:
http://www.gnu.org/licenses/old-licenses/gpl-2.0.html. See User Manual
(''Licensing'') for details.

Certain components of this software are licensed under the "GNU LESSER GENERAL
PUBLIC LICENSE, version 3" provided with ABSOLUTELY NO WARRANTY under the terms
of "GNU LESSER GENERAL PUBLIC LICENSE" Version 3", available here:
http://www.gnu.org/licenses/lgpl.html. See User Manual (''Licensing'') for
details.

Certain components of this software are licensed under the "GNU Lesser General
Public License, version 2.1" provided with ABSOLUTELY NO WARRANTY under the
terms of "GNU Lesser General Public License, version 2", available here:
http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html. See User Manual
(''Licensing'') for details.

Certain components of this software are licensed under the "GNU Library General
Public License, version 2" provided with ABSOLUTELY NO WARRANTY under the terms
of "GNU Library General Public License, version 2", available here:
http://www.gnu.org/licenses/old-licenses/lgpl-2.0.html. See User Manual
(''Licensing'') for details.

firepower-2120# scope firmware 　　　　　　　　　　　　　　　　　　　###### 'scope firmware' を実行
firepower-2120 /firmware #

firepower-2120 /firmware # download image 
ftp: Location of the image file 
http: Location of the image file 
https: Location of the image file 
scp: Location of the image file 
sftp: Location of the image file 
tftp: Location of the image file 
usbA: Location of the image file 
　　　　　　　　　　　　　　　　　　###### 'download image' コマンドを実行し、USBメモリに保存するイメージをダウンロードする
firepower-2120 /firmware # download image usbA:/cisco-asa-fp2k.9.20.2.2.SPA
Please use the command 'show download-task' or 'show download-task detail' to check download progress.
firepower-2120 /firmware # 
firepower-2120 /firmware # 

###### ダウンロード完了の確認
% Download-task cisco-asa-fp2k.9.20.2.2.SPA : completed successfully.

firepower-2120 /firmware # 
firepower-2120 /firmware # show package 　　　###### 'show package' を実行してダウンロードしたファイルの 'Package-Vers' を確認しておく
Name Package-Vers
--------------------------------------------- ------------
cisco-asa-fp2k.9.20.2.2.SPA 9.20.2.2
firepower-2120 /firmware # 
firepower-2120 /firmware # scope auto-install 　　###### 'scope auto-install' を実行
firepower-2120 /firmware/auto-install # 

###### 'install security-pack' を実行
###### 'version' は上記の 'show package' で確認した 'Package-Vers' を指定

firepower-2120 /firmware/auto-install # install security-pack version 9.20.2.2

The system is currently installed with security software package not set, which has:
- The platform version: not set
If you proceed with the upgrade 9.20.2.2, it will do the following:
- upgrade to the new platform version 2.14.1.131
- install with CSP asa version 9.20.2.2
During the upgrade, the system will be reboot

Do you want to proceed ? (yes/no):yes　　　　　　　　　　###### 'yes' を入力

This operation upgrades firmware and software on Security Platform Components
Here is the checklist of things that are recommended before starting Auto-Install
(1) Review current critical/major faults
(2) Initiate a configuration backup

Do you want to proceed? (yes/no):yes　　　　　　　　　　 ###### 'yes' を入力

Triggered the install of software package version 9.20.2.2
Install started. This will take several minutes.
For monitoring the upgrade progress, please enter 'show' or 'show detail' command.
firepower-2120 /firmware/auto-install # Mar 19 10:51:37 firepower-2120 FPRM: <<%FPRM-2-DEFAULT_INFRA_VERSION_MISSING>> [F1309][cleared][default-infra-version-missing][org-root/fw-infra-pack-default] Bundle version in firmware package is empty, need to re-install

firepower-2120 /firmware/auto-install # 
firepower-2120 /firmware/auto-install # show detail

Firmware Auto-Install:
Package-Vers: 9.20.2.2
Oper State: Scheduled
Installation Time: 2023-03-19T10:51:37.540
Upgrade State: Ready
Upgrade Status:
Validation Software Pack Status:
Firmware Upgrade Status: Ok
Firmware Upgrade Message:
Current Task:
firepower-2120 /firmware/auto-install # 
firepower-2120 /firmware/auto-install # 
firepower-2120 /firmware/auto-install # show detail

Firmware Auto-Install:
Package-Vers: 9.20.2.2
Oper State: Scheduled
Installation Time: 2023-03-19T10:51:37.540
Upgrade State: Ready
Upgrade Status:
Validation Software Pack Status:
Firmware Upgrade Status: Ok
Firmware Upgrade Message:
Current Task:
firepower-2120 /firmware/auto-install # show detail

Firmware Auto-Install:
Package-Vers: 9.20.2.2
Oper State: Scheduled
Installation Time: 2023-03-19T10:51:37.540
Upgrade State: Ready
Upgrade Status:
Validation Software Pack Status:
Firmware Upgrade Status: Ok
Firmware Upgrade Message:
Current Task: Waiting for Deploy to begin(FSM-STAGE:sam:dme:FirmwareSystemDeploy:WaitForDeploy)
firepower-2120 /firmware/auto-install # 
firepower-2120 /firmware/auto-install # show detail

Firmware Auto-Install:
Package-Vers: 9.20.2.2
Oper State: Scheduled
Installation Time: 2023-03-19T10:51:37.540
Upgrade State: Validating Images
Upgrade Status: validating the software package
Validation Software Pack Status:
Firmware Upgrade Status: Ok
Firmware Upgrade Message:
Current Task: Validating the application pack(FSM-STAGE:sam:dme:FirmwareSystemDeploy:ValidateApplicationPack)
firepower-2120 /firmware/auto-install # 
firepower-2120 /firmware/auto-install # show detail

Firmware Auto-Install:
Package-Vers: 9.20.2.2
Oper State: Scheduled
Installation Time: 2023-03-19T10:51:37.540
Upgrade State: Validating Images
Upgrade Status: validating the software package
Validation Software Pack Status:
Firmware Upgrade Status: Ok
Firmware Upgrade Message:
Current Task: Validating the application pack(FSM-STAGE:sam:dme:FirmwareSystemDeploy:ValidateApplicationPack)
firepower-2120 /firmware/auto-install # 
firepower-2120 /firmware/auto-install # 
firepower-2120 /firmware/auto-install # show detail

Firmware Auto-Install:
Package-Vers: 9.20.2.2
Oper State: Scheduled
Installation Time: 2023-03-19T10:51:37.540
Upgrade State: Upgrading Npu
Upgrade Status: upgrading the npu image
Validation Software Pack Status: ok
Firmware Upgrade Status: Ok
Firmware Upgrade Message:
Current Task: Activating NPU Image(FSM-STAGE:sam:dme:FirmwareSystemDeploy:ActivateNpuImage)
firepower-2120 /firmware/auto-install # 
firepower-2120 /firmware/auto-install # show detail

Firmware Auto-Install:
Package-Vers: 9.20.2.2
Oper State: Scheduled
Installation Time: 2023-03-19T10:51:37.540
Upgrade State: Upgrading Service Manager
Upgrade Status: upgrading chassis manager image
Validation Software Pack Status: ok
Firmware Upgrade Status: Ok
Firmware Upgrade Message: up-to-data
Current Task: Activating Service Manager(FSM-STAGE:sam:dme:FirmwareSystemDeploy:ActivateManagerImage)
firepower-2120 /firmware/auto-install # show detail

Firmware Auto-Install:
Package-Vers: 9.20.2.2
Oper State: Scheduled
Installation Time: 2023-03-19T10:51:37.540
Upgrade State: Installing Application
Upgrade Status: installing application image
Validation Software Pack Status: ok
Firmware Upgrade Status: Ok
Firmware Upgrade Message: up-to-data
Current Task: Waiting for Application Activation to complete(FSM-STAGE:sam:dme:FirmwareSystemDeploy:PollApplicationActivationStatus)
firepower-2120 /firmware/auto-install # 
Cisco ASA: CMD=-install, CSP-ID=cisco-asa.9.20.2.2__asa_001_JMX2221Y0J6PO57PJ1, FLAG=''
Verifying signature for cisco-asa.9.20.2.2 ...

firepower-2120 /firmware/auto-install # show detail

Firmware Auto-Install:
Package-Vers: 9.20.2.2
Oper State: Scheduled
Installation Time: 2023-03-19T10:51:37.540
Upgrade State: Installing Application
Upgrade Status: installing application image
Validation Software Pack Status: ok
Firmware Upgrade Status: Ok
Firmware Upgrade Message: up-to-data
Current Task: Waiting for Application Activation to complete(FSM-STAGE:sam:dme:FirmwareSystemDeploy:PollApplicationActivationStatus)
firepower-2120 /firmware/auto-install # Verifying signature for cisco-asa.9.20.2.2 ... success

firepower-2120 /firmware/auto-install # 
Cisco ASA: CMD=-start, CSP-ID=cisco-asa.9.20.2.2__asa_001_JMX2221Y0J6PO57PJ1, FLAG=''
Cisco ASA starting ...

firepower-2120 login: admin (automatic login)　　　　　　　　　###### 'admin'を入力し、FXOSへのログインは自動で行われる

Last login: Sun Mar 19 10:47:47 UTC 2023 on ttyS0
Successful login attempts for user 'admin' : 2

admin
Please wait for Cisco ASA to come online...1...
Registering to process manager ...
Cisco ASA started successfully.
Please wait for Cisco ASA to come online...2...
Please wait for Cisco ASA to come online...3...
Please wait for Cisco ASA to come online...4...
Please wait for Cisco ASA to come online...5...
lina_init_env: memif is not enabled.
System Cores 8 Nodes 1 Max Cores 48
Number of Cores 8
Global Reserve Memory Per Node: 692060160 bytes Nodes=1

LCMB: HEAP-CACHE POOL got 675282944 bytes on numa-id=0, virt=0x000000ffc9200000

total_reserved_mem = 1073741824

total_heapcache_mem = 675282944 
total mem 7149782508 system 7204335616 kernel 54553108 image 0
new 7149782508 old 1073741824 reserve 1749024768 priv new 5455310848 priv old 0
Processor memory: 6889762816
POST started...
POST finished, result is 0 (hint: 1 means it failed)

Cisco Adaptive Security Appliance Software Version 9.20(2)2

Compiled on Tue 12-Dec-23 00:27 GMT by builders
Platform is FPR-2120
Adding Cavium NIC interface 1 port 0

Total NICs found: 5

NIC pci:id 00, slot 0, port 1, bus -1, dev -1 func 0, irq 00, internal, ten_gb-ethernet, ind 1
NIC pci:id 01, slot 0, port -1, bus 0, dev 0 func 0, irq 00, internal, , ind 0
NIC pci:id 02, slot 1, port 1, bus -1, dev -1 func -1, irq 00, internal, gb-ethernet, ind 1
NIC pci:id 03, slot 1, port 1, bus -1, dev -1 func -1, irq 00, external, gb-ethernet, ind 1
NIC pci:id 04, slot 1, port 1, bus -1, dev -1 func -1, irq 00, internal, gb-ethernet, ind 1
en_vtun rev00 Backplane Ext-Mgmt Interface @ index 03 MAC: 700f.6a5d.9901
en_vtun rev00 Backplane Tap Interface @ index 04 MAC: 0000.0100.0001
livecore intialized
WARNING: Attribute already exists in the dictionary.
19Mar2023 10:55:52 Read error: Open failed. Error message: No such file or directory.
License mode file was not found. Assuming this is the initial bootup. Setting the license mode to Smart Licensing.

INFO: Unable to read firewall mode from flash
Writing default firewall mode (single) to flash

INFO: Unable to read cluster interface-mode from flash
Writing default mode "None" to flash
INFO: FXOS interface sync completed 
arp in dp mode is not supported on this platform
Use software crypto.
The 3DES/AES algorithms require a Encryption-3DES-AES entitlement.
The 3DES/AES algorithms require a Encryption-3DES-AES entitlement.

Cisco Adaptive Security Appliance Software Version 9.20(2)2

****************************** Warning *******************************
This product contains cryptographic features and is
subject to United States and local country laws
governing, import, export, transfer, and use.
Delivery of Cisco cryptographic products does not
imply third-party authority to import, export,
distribute, or use encryption. Importers, exporters,
distributors and users are responsible for compliance
with U.S. and local country laws. By using this
product you agree to comply with applicable laws and
regulations. If you are unable to comply with U.S.
and local laws, return the enclosed items immediately.

A summary of U.S. laws governing Cisco cryptographic
products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assis tance please contact us by
sending email to export@cisco.com.
******************************* Warning *******************************
Cisco Adaptive Security Appliance Software, version 9.20
Copyright (c) 1996-2023 by Cisco Systems, Inc.
For licenses and notices for open source software used in this product, please visit
http://www.cisco.com/go/asa-opensource

Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

Cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706

config_fetcher: channel open failed
WARNING: MIGRATION - no startup configuration or configuration not found.

INFO: Power-On Self-Test in process.
..............
INFO: Power-On Self-Test complete.

INFO: Starting SW-DRBG health test...
INFO: SW-DRBG health test passed.
Creating trustpoint "_SmartCallHome_ServerCA" and installing certificate...

Trustpoint CA certificate accepted.
Creating trustpoint "_SmartCallHome_ServerCA2" and installing certificate...

Trustpoint CA certificate accepted.
INFO: Security level for "management" set to 0 by default.
INFO: Security level for "outside" set to 0 by default.
INFO: Security level for "inside" set to 100 by default.

User enable_1 logged in to ciscoasa
Logins over the last 1 days: 1. 
Failed logins since the last login: 0. 
Attaching to ASA CLI ... Press 'Ctrl+a then d' to detach.
Type help or '?' for a list of available commands.

ciscoasa> 　　　　　　　　　　                 　　 ###### ASA が起動する
ciscoasa> enable　　　　　　      　      　　　　　###### 'enable' を実行
The enable password is not set. Please set it now.
Enter Password: ********
Repeat Password: ********
Note: Save your configuration so that the password can be used for FXOS failsafe access and persists across reboots
("write memory" or "copy running-config startup-config").
ciscoasa# 
ciscoasa# write memory 　　                　　　 ###### 'write memory' の実行
Building configuration...
Cryptochecksum: 7985c8f6 5f0f5bee 2c76159a 93eb6b7f

11933 bytes copied in 2.790 secs (5966 bytes/sec)
[OK]
ciscoasa#


ciscoasa# dir

Directory of disk0:/

134217958 drwx 4096 10:56:04 Mar 19 2023 log
224 -rw- 115488736 00:27:43 Dec 12 2023 asdm.bin
2 drwx 4096 10:48:10 Mar 19 2023 cores
2 drwx 4096 10:48:10 Mar 19 2023 coredumpfsys
134217964 drwx 6 10:54:40 Mar 19 2023 fxos
134217966 drwx 22 10:55:54 Mar 19 2023 smart-log
402653606 -rw- 88 10:56:07 Mar 19 2023 npu-asa-cmd-server.log
402653607 -rw- 39 10:55:46 Mar 19 2023 snortpacketinfo.conf
232 drwx 6 10:55:53 Mar 19 2023 packet-tracer
241 drw- 26 10:56:35 Mar 19 2023 coredumpinfo

3 file(s) total size: 115488863 bytes
21475885056 bytes total (21222129664 bytes free/98% free)

ciscoasa# dir disk1:/　　　　　　　　　　　　　　　　　　　###### ASA CLI上で、USBメモリに保存するイメージファイルの確認

Directory of disk1:/

118 -rwx 458120048 13:37:36 Jul 31 2024 cisco-asa-fp2k.9.20.2.2.SPA
119 -rwx 1121518400 22:13:00 Jun 06 2024 cisco-ftd-fp2k.7.4.1-172.SPA

2 file(s) total size: 1579638448 bytes
15710814208 bytes total (14131658752 bytes free/89% free)

ciscoasa# 
 　　　　　　　###### 'copy' を実行し、USBメモリに保存するイメージファイルをASAのフラッシュにダウンロードする
ciscoasa# copy disk1:/cisco-asa-fp2k.9.20.2.2.SPA disk0:/　　　

Source filename [cisco-asa-fp2k.9.20.2.2.SPA]?

Destination filename [cisco-asa-fp2k.9.20.2.2.SPA]?

Copy in progress...CCCCC...省略...CCCC
Verifying file disk0:/cisco-asa-fp2k.9.20.2.2.SPA...

Writing file disk0:/cisco-asa-fp2k.9.20.2.2.SPA...

458120048 bytes copied in 93.230 secs (4926022 bytes/sec)
ciscoasa# 
ciscoasa# 
ciscoasa# dir disk0:　　　###### ASAのフラッシュにイメージファイルをダウンロードしたことを確認する

Directory of disk0:/

134217958 drwx 4096 10:56:04 Mar 19 2023 log
224 -rw- 115488736 00:27:43 Dec 12 2023 asdm.bin
2 drwx 4096 10:48:10 Mar 19 2023 cores
2 drwx 4096 10:48:10 Mar 19 2023 coredumpfsys
134217964 drwx 6 10:54:40 Mar 19 2023 fxos
134217966 drwx 22 10:55:54 Mar 19 2023 smart-log
402653606 -rw- 88 10:56:07 Mar 19 2023 npu-asa-cmd-server.log
402653607 -rw- 39 10:55:46 Mar 19 2023 snortpacketinfo.conf
232 drwx 6 10:55:53 Mar 19 2023 packet-tracer
241 drw- 26 10:56:35 Mar 19 2023 coredumpinfo
402653609 -rwx 458120048 11:00:49 Mar 19 2023 cisco-asa-fp2k.9.20.2.2.SPA

4 file(s) total size: 573608911 bytes
21475885056 bytes total (20763901952 bytes free/96% free)

ciscoasa# 
ciscoasa# conf t　　　　　　　　　　　　　　　　　　　　　　　　　　　###### 'conf t' の実行
ciscoasa(config)#

***************************** NOTICE *****************************

Help to improve the ASA platform by enabling anonymous reporting,
which allows Cisco to securely receive minimal error and health
information from the device. To learn more about this feature,
please visit: http://www.cisco.com/go/smartcall

Would you like to enable anonymous error reporting to help improve
the product? [Y]es, [N]o, [A]sk later: 
ciscoasa(config)# 
　　　　　　　　　　　　###### 'boot system disk0' を実行し、ASA CLIでイメージファイルを指定する
ciscoasa(config)# boot system disk0:/cisco-asa-fp2k.9.20.2.2.SPA　　　　

The system is currently installed with security software package 9.20.2.2, which has:
- The platform version: 2.14.1.131
- The CSP (asa) version: 9.20.2.2
Preparing new image for install...
% Download-task cisco-asa-fp2k.9.20.2.2.SPA : completed successfully. !!!!!!!!!!!

Image download complete (Successful unpack the image).
Boot system image matches currently installed image.
ciscoasa(config)# 
ciscoasa(config)# 
ciscoasa(config)# show run boot system 
boot system disk0:/cisco-asa-fp2k.9.20.2.2.SPA
ciscoasa(config)# 
ciscoasa(config)# 
ciscoasa(config)# write memory　　　　　　　　　　　　###### 'write memory' の実行
Building configuration...
Cryptochecksum: ca84471b 8788c7f8 3a3a2fb6 4b7fbcdb

12019 bytes copied in 6.150 secs (2003 bytes/sec)
[OK]

ciscoasa(config)# show fxos mode　　　　　　　　　　　###### FXOSモードの確認
Mode is currently set to appliance

参考資料

• ASA: FPR2100シリーズをASA (Appliance Mode(Ver 9.13(1)以降))にリイメージする方法について
• ASA: FPR2100シリーズをASA (Platform Mode(Ver 9.13(1)以降))にリイメージする方法について
• ASA: FPR1000シリーズを rommon> から ASA にリイメージする方法について
• ファイアウォール トラブルシューティング
• Firepower System and FTDトラブルシューティン