必要なもの

• コンソールアクセス
• TFTP Server
• ASA イメージ

作業の大まかな流れ

1. 電源 OFF/ON で rommon> モードへ移行
2. rommon> で 'factory-reset' を実行
3. rommon> で 'boot' を実行
4. FXOS 上で 'format-everything' を実行
5. rommon> でイメージのダウンロードを実行
6. FXOS 上で 'download image' を実行
7. FXOS 上で 'install security-pack' を実行

以下はCLI上で行う作業の詳細となります

##### Power OFF/ON 後 

*******************************************************************************
Cisco System ROMMON, Version 1.0.12, RELEASE SOFTWARE
Copyright (c) 1994-2019 by Cisco Systems, Inc.
Compiled Mon 06/17/2019 16:23:23.36 by builder
*******************************************************************************

Current image running: Boot ROM0
Last reset cause: ResetRequest (0x00001000)
DIMM_1/1 : Present
DIMM_2/1 : Absent

Platform FPR-2120 with 16384 MBytes of main memory
BIOS has been successfully locked !!
MAC Address: 6c:03:09:ce:01:80

Use BREAK or ESC to interrupt boot.
Use SPACE to begin boot immediately.
Boot in 10 seconds.
Boot in 9 seconds.
Boot in 8 seconds.
Boot interrupted.

###### Escapeキーを押して Boot を中断させる

rommon 1 > factory-reset                                                           ###### 'factory-reset' を実行
Warning: All configuration will be permanently lost with this operation 
and application will be initialized to default configuration.
This operation cannot be undone after booting the application image.

Are you sure you would like to continue ? yes/no [no]: yes                         ###### 'yes' を回答
Please type 'ERASE' to confirm the operation or any other value to cancel: ERASE   ###### 'ERASE' を回答

Performing factory reset...
Located '.boot_string' @ cluster 115918.


Rommon will continue to boot the application: disk0:installables/switch/fxos-k8-fp2k-lfbff.2.10.1.253.SPA 
Are you sure you would like to continue ? yes/no [no]: no                          ###### 'no' を回答


Execute 'boot' command afterwards for factory-reset to be initiated.
Use of reset/reboot/reload command will cancel the factory-reset request!
rommon 2 > boot                                                                    ###### 'boot' を実行
Located 'installables/switch/fxos-k8-fp2k-lfbff.2.10.1.253.SPA' @ cluster 5200.

############################################################################## [SNIP]

+-------------------------------------------------------------------+
+------------------------- SUCCESS ---------------------------------+
+-------------------------------------------------------------------+
|                                                                   |
| LFBFF signature authentication passed !!!                         |
|                                                                   |
+-------------------------------------------------------------------+
LFBFF signature verified.
+-------------------------------------------------------------------+
+------------------------- SUCCESS ---------------------------------+
+-------------------------------------------------------------------+
|                                                                   |
| LFBFF controller type check passed !!!                            |
|                                                                   |
+-------------------------------------------------------------------+

Linux version: 4.18.45-yocto-standard (oe-user@oe-host) #1 SMP Thu Apr 13 15:49:28 UTC 2023
kernel_image = 0x8daf7f38, kernel_size=0x6452a0
Image validated
INIT: version 2.88 booting
Starting udev
Hardware tweak APPLIED: Disable SATA Throttle.1
Hardware tweak APPLIED: Disable SATA Throttle.2
Configuring network interfaces... done.
Starting random number generator daemon.
Starting Power Off Shutdown Handler (poshd)
poshd: using FPGA version and PSEQ version 
Starting TAm services ...
Device configuration status = TAM_SUCCESS
TAm Services started successfully
Primary SSD discovered
Rommon requested SSD reformat
Formating SSD...
Creating config partition: START: 1MB END: 1001MB
mke2fs 1.44.3 (10-July-2018)
/dev/sda1 contains a ext3 file system
last mounted on /opt/cisco/config on Wed Jun 7 08:42:29 2023
Discarding device blocks: 4096/244224 done 
Creating filesystem with 244224 4k blocks and 61056 inodes
Filesystem UUID: 3b9ebe8f-3208-46f6-a9fb-3dd4560ffee5
Superblock backups stored on blocks: 
32768, 98304, 163840, 229376

Allocating group tables: 0/8 done 
Writing inode tables: 0/8 done 
Creating journal (4096 blocks): done
Writing superblocks and filesystem accounting information: 0/8 done

Creating log partition: START: 1001MB END: 2001MB
mke2fs 1.44.3 (10-July-2018)
/dev/sda2 contains a ext3 file system
last mounted on /opt/cisco/platform/logs on Wed Jun 7 08:42:29 2023
Discarding device blocks: 4096/243968 done 
Creating filesystem with 243968 4k blocks and 61056 inodes
Filesystem UUID: fd667e8b-b476-46ea-8fb0-a45f4a8bb93c
Superblock backups stored on blocks: 
32768, 98304, 163840, 229376

Allocating group tables: 0/8 done 
Writing inode tables: 0/8 done 
Creating journal (4096 blocks): done
Writing superblocks and filesystem accounting information: 0/8 done

Creating coredump partition: START: 2001MB END: 14001MB
mke2fs 1.44.3 (10-July-2018)
/dev/sda3 contains a ext3 file system
last mounted on Wed Jun 7 08:42:29 2023
Discarding device blocks: 4096/2929664 done 
Creating filesystem with 2929664 4k blocks and 732960 inodes
Filesystem UUID: 3ad99db5-c304-4794-9ec8-6735d023a00e
Superblock backups stored on blocks: 
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208

Allocating group tables: 0/90 done 
Writing inode tables: 0/90 done 
Creating journal (16384 blocks): done
Writing superblocks and filesystem accounting information: 0/90 done

Creating csp partition: START: 14001MB END: 100%
meta-data=/dev/sda4 isize=256 agcount=4, agsize=5249344 blks
= sectsz=4096 attr=2, projid32bit=1
= crc=0 finobt=0, sparse=0, rmapbt=0
= reflink=0
data = bsize=4096 blocks=20997376, imaxpct=25
= sunit=0 swidth=0 blks
naming =version 2 bsize=4096 ascii-ci=0, ftype=1
log =internal log bsize=4096 blocks=10252, version=2
= sectsz=4096 sunit=1 blks, lazy-count=1
realtime =none extsz=4096 blocks=0, rtextents=0
Done with primary disk partition
fsck from util-linux 2.32.1
[/sbin/fsck.ext3 (1) -- /dev/sda1] fsck.ext3 -a /dev/sda1 
/dev/sda1: clean, 11/61056 files, 8244/244224 blocks
fsck(/dev/sda1) returned 0
fsck from util-linux 2.32.1
[/sbin/fsck.ext3 (1) -- /dev/sda2] fsck.ext3 -a /dev/sda2 
/dev/sda2: clean, 11/61056 files, 8244/243968 blocks
fsck(/dev/sda2) returned 0
fsck from util-linux 2.32.1
[/sbin/fsck.ext3 (1) -- /dev/sda3] fsck.ext3 -a /dev/sda3 
/dev/sda3: clean, 11/732960 files, 69567/2929664 blocks
fsck(/dev/sda3) returned 0
mount_disk_xfs. device: /dev/sda4, dir: /opt/cisco/csp, mount returned: 0.
fsck from util-linux 2.32.1
[/sbin/fsck.vfat (1) -- /dev/sdb1] fsck.vfat -a /dev/sdb1 
fsck.fat 4.1 (2017-01-24)
/dev/sdb1: 34 files, 115919/1919062 clusters
fsck(/dev/sdb1) returned 0
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
FIPS POST Test Script
NOTICE: The FIPS POST is not run because the FIPS feature is not enabled
Configuring packages on first boINIT: Entering runlevel: 3
Starting system message bus: dbus.
Starting OpenBSD Secure Shell server: sshd
generating ssh ed25519 key...
done.
Starting rpcbind daemon...done.
starting statd: done
Starting Advanced Configuration and Power Interface daemon: acpid.
acpid: starting up with netlink and the input layer
acpid: 1 rule loaded
acpid: waiting for events: event logging is off
Starting DHCP server: .
starting 8 nfsd kernel threads: done
starting mountd: done
Starting ntpd: done
Starting internet superserver: xinetd.
Starting Octeon NPU ... 
Starting Octeon NPU ... success
Starting fan control daemon: fancontrol... done.
INFO: beginning of manager_install
INFO: manager_install: fxmgr=/mnt/boot/installables/switch/fxos-k9-fp2k-manager.2.10.1.253.SPA chmgr=/mnt/boot/installables/switch/fxos-k9-mgmtext.2.10.1.60.SPA update=false
INFO: manager_install: fxmgr is dummy, skip_fxmgr_install=true
INFO: in validating image ...
INFO: manager_validate_image: fxmgr_absfilename /mnt/boot/installables/switch/fxos-k9-fp2k-manager.2.10.1.253.SPA
INFO: Validating image /mnt/boot/installables/switch/fxos-k9-fp2k-manager.2.10.1.253.SPA signature ...
: File /mnt/boot/installables/switch/fxos-k9-fp2k-manager.2.10.1.253.SPA size 1296
Done!
Computed Hash SHA2: 97107ee98270a1f7c55df925e8007f62
a1a3ee4c40ca2993f1e55b318c90498f
d83f79e84c35af3bdbb573bd3745c8fa
78f6efda9dea7b5e6d72a7f0985da376

Embedded Hash SHA2: 97107ee98270a1f7c55df925e8007f62
a1a3ee4c40ca2993f1e55b318c90498f
d83f79e84c35af3bdbb573bd3745c8fa
78f6efda9dea7b5e6d72a7f0985da376

The digital signature of the file: fxos-k9-fp2k-manager.2.10.1.253.SPA verified successfully
INFO: manager_validate_image: chmgr_absfilename /mnt/boot/installables/switch/fxos-k9-mgmtext.2.10.1.60.SPA
INFO: Validating image /mnt/boot/installables/switch/fxos-k9-mgmtext.2.10.1.60.SPA signature ...
: File /mnt/boot/installables/switch/fxos-k9-mgmtext.2.10.1.60.SPA size 37135504
Done!
Computed Hash SHA2: 152e65b198a7b98491ebc4d3212d9b5f
47a3a10dfe42296d9f095cbb45994c15
7a97413e849739cc25a47e5bffbf7ea4
b6e81eaf2c0890f2dea162cc62ef8e4b

Embedded Hash SHA2: 152e65b198a7b98491ebc4d3212d9b5f
47a3a10dfe42296d9f095cbb45994c15
7a97413e849739cc25a47e5bffbf7ea4
b6e81eaf2c0890f2dea162cc62ef8e4b

The digital signature of the file: fxos-k9-mgmtext.2.10.1.60.SPA verified successfully
INFO: manager_install: skip_fxmgr_install=true - delete unnecessary files and skip
INFO: deleting unnecessary xml file..!!
INFO: deleted unnecessary xml file..!!
INFO: manager_post_install ...
INFO: manager_post_install: fxmgr=/mnt/boot/installables/switch/fxos-k9-fp2k-manager.2.10.1.253.SPA chmgr=/mnt/boot/installables/switch/fxos-k9-mgmtext.2.10.1.60.SPA update=false
INFO: manager_post_install: fxmgr is dummy
INFO: manager_post_install: Linking libraries ...
INFO: manager_post_install: Linking binaries ...
INFO: Creating directory /tmp/chmgr
INFO: creating /isan/apache/chassis-mgr/
INFO: Change permission /isan/apache/chassis-mgr/.deploy_onbox.sh
INFO: Change permission /isan/apache/chassis-mgr/.httpd.conf
INFO: Change permission /isan/apache/chassis-mgr/kpmgmt/onbox-version.txt
INFO: manager_post_install: succesful install chassis mgr
Completed system initial setup.
INFO: Trying to add iptables and ip6tables rules ...
INFO: Set up Application Diagnostic Interface ...
INFO: Configure management0 interface ...

2023-06-08T00:15:20 [WARN/lldpctl] unknown command from argument 4: `status`

INFO: Configure system files ...
INFO: System Name is: firepower-2120
Starting sensors logging daemon: sensord... done.
INFO: /mnt/boot/installables/switch/fxos-k8-fp2k-npu.2.10.1.253.SPA
INFO: Need to validate the image
: File /mnt/boot/installables/switch/fxos-k8-fp2k-npu.2.10.1.253.SPA size 73772240
Done!
Computed Hash SHA2: 19ef28285cd2d25898f6a695bc38acfc
ee7078380e7b91a2235900b6ac929fe5
833bcac4975c62b02f8be01de10c7633
39c986d37858908cccf6b830bff8fdb7

Embedded Hash SHA2: 19ef28285cd2d25898f6a695bc38acfc
ee7078380e7b91a2235900b6ac929fe5
833bcac4975c62b02f8be01de10c7633
39c986d37858908cccf6b830bff8fdb7

The digital signature of the file: fxos-k8-fp2k-npu.2.10.1.253.SPA verified successfully
INFO: Creating directory /tmp/npu
INFO: all files are there ...
INFO: console : ttyS0, speed : 9600
INFO: manager_startup: setting up fxmgr apache ...
INFO: manager_startup: Start manager httpd setup...
INFO: manager_startup: /opt/cisco/config/certstore/default.key not found on platform, re-generating files
INFO: manager_startup: reset httpd app config to default
httpdRegister INFO: [httpd.2626 -4 192.168.45.45 -n localhost]
httpdRegister INFO: Starting httpd setup/registration...
httpdRegister INFO: Completed httpd setup/registration!
INFO: httpdRegister [httpd.2626 script exit]
INFO: manager_startup: Completed manager httpd setup!
INFO: manager_startup: configuring chassis manager
INFO: unconfig older conf files
httpdAppconf INFO: [httpd.2705 -d /isan/apache/.httpd.conf]
httpdAppconf [fpr21xx] PARAMS: [GLOBAL_DEL:/isan/apache/.httpd.conf]
httpdAppconf INFO: /isan/apache/.httpd.conf changes already removed
httpdAppconf INFO: httpd.conf GLOBAL_DEL update for /isan/apache/.httpd.conf already applied
INFO: httpdAppconf [httpd.2705 script exit]
httpdAppconf INFO: [httpd.2737 -V -d /isan/apache/.httpd.conf]
httpdAppconf [fpr21xx] PARAMS: [VHOST_DEL:/isan/apache/.httpd.conf]
httpdAppconf INFO: /isan/apache/.httpd.conf changes already removed
httpdAppconf INFO: httpd.conf VHOST_DEL update for /isan/apache/.httpd.conf already applied
INFO: httpdAppconf [httpd.2737 script exit]
INFO: Configuring httpd
httpdAppconf INFO: [httpd.2770 -V -a /isan/apache/.httpd.conf]
httpdAppconf [fpr21xx] PARAMS: [VHOST_ADD:/isan/apache/.httpd.conf]
httpdAppconf INFO: SUCCESSFUL httpd.conf VHOST_ADD update for /isan/apache/.httpd.conf
INFO: httpdAppconf [httpd.2770 script exit]
INFO: manager_startup: successfully configured chassis mgr
nscd: 2819 monitoring file `/etc/hosts` (1)
nscd: 2819 monitoring directory `/etc` (2)
nscd: 2819 monitoring file `/etc/resolv.conf` (3)
nscd: 2819 monitoring directory `/etc` (2)
Starting crond: OK
FTD
Starting Octeon Serial Logd... 
Starting OcteoINFO: System Disks /dev/sda is present. Status: Operable. /dev/sdb is present. Status: Inoperable.


firepower-2120 login: 
Waiting for Application infrastructure to be ready...
Verifying the signature of the Application image...
Jun 8 00:15:45 firepower-2120 rst_manager: Reset Manager not required on this platform: 1
Jun 8 00:15:53 firepower-2120 FPRM: <<%FPRM-2-DEFAULT_INFRA_VERSION_MISSING>> [F1309][critical][default-infra-version-missing][org-root/fw-infra-pack-default] Bundle version in firmware package is empty, need to re-install
Jun 8 00:16:26 firepower-2120 port-manager: Alert: Ethernet1/1 link changed to UP
Jun 8 00:16:26 firepower-2120 port-manager: Alert: Ethernet1/2 link changed to UP

firepower-2120 login: 
firepower-2120 login: admin                                            ###### admin/Admin123 でログイン (このパスワードはDefault)
Password: 
Successful login attempts for user 'admin' : 1
Hello admin. You must change your password.
Enter new password: *******                                            ###### 任意のパスワードを設定 (アスタリスクは出力されません)
Confirm new password: *******                                          ###### 任意のパスワードの再入力 (アスタリスクは出力されません)
Your password was updated successfully.

Cisco Firepower Extensible Operating System (FX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (c) 2009-2019, Cisco Systems, Inc. All rights reserved.

The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under
license.

Certain components of this software are licensed under the "GNU General Public
License, version 3" provided with ABSOLUTELY NO WARRANTY under the terms of
"GNU General Public License, Version 3", available here:
http://www.gnu.org/licenses/gpl.html. See User Manual (''Licensing'') for
details.

Certain components of this software are licensed under the "GNU General Public
License, version 2" provided with ABSOLUTELY NO WARRANTY under the terms of
"GNU General Public License, version 2", available here:
http://www.gnu.org/licenses/old-licenses/gpl-2.0.html. See User Manual
(''Licensing'') for details.

Certain components of this software are licensed under the "GNU LESSER GENERAL
PUBLIC LICENSE, version 3" provided with ABSOLUTELY NO WARRANTY under the terms
of "GNU LESSER GENERAL PUBLIC LICENSE" Version 3", available here:
http://www.gnu.org/licenses/lgpl.html. See User Manual (''Licensing'') for
details.

Certain components of this software are licensed under the "GNU Lesser General
Public License, version 2.1" provided with ABSOLUTELY NO WARRANTY under the
terms of "GNU Lesser General Public License, version 2", available here:
http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html. See User Manual
(''Licensing'') for details.

Certain components of this software are licensed under the "GNU Library General
Public License, version 2" provided with ABSOLUTELY NO WARRANTY under the terms
of "GNU Library General Public License, version 2", available here:
http://www.gnu.org/licenses/old-licenses/lgpl-2.0.html. See User Manual
(''Licensing'') for details.

firepower-2120# connect local-mgmt                ###### 'connect local-mgmt' を実行して 'local-mgmt' に移行
firepower-2120(local-mgmt)# 
firepower-2120(local-mgmt)# format everything     ###### 'format everything' を実行
All configuration and bootable images will be lost.
Do you still want to format? (yes/no):yes         ###### 'yes' を回答

Jun 8 00:17:22 firepower-2120 FPRM: <<%FPRM-2-DEFAULT_INFRA_VERSION_MISSING>> [F1309][cleared][default-infra-version-missing][org-root/fw-infra-pack-default] Bundle version in firmware package is empty, need to re-install
100+0 records in
100+0 records out
51200 bytes (51 kB, 50 KiB) copied, 0.0129412 s, 4.0 MB/s
4+0 records in
4+0 records out
2048 bytes (2.0 kB, 2.0 KiB) copied, 0.000621936 s, 3.3 MB/s
100+0 records in
100+0 records out
51200 bytes (51 kB, 50 KiB) copied, 0.0162028 s, 3.2 MB/s

Broadcast message from root@firepower-2120 (Thu Jun 8 00:17:25 2023):

All shells being terminated due to system /sbin/reboot

Broadcast message from root@firepower-2120 (Thu Jun 8 00:17:26 2023):

System restarted due to disks being reformatted.

Broadcast message from root@firepower-2120 (ttyS0) (Thu Jun 8 00:17:27 2023)System restarted due to disks being reformatted. 
The system is going down for reboot NOW!
INIT: Switching2023 Jun 08 00:17:29 PMLOG: PM IPC UTILITY: Shutting down all ports
Jun 8 00:17:29 firepower-2120 port-manager: Alert: Ethernet1/2 link changed to DOWN
Stopping Octeon Serial Logd... 
Stopping Octeon Serial Logd... success
Stopping OpenBSD Secure Shell server: sshd
stopped /usr/sbin/sshd (pid 11727)
done.
Jun 8 00:17:30 firepower-2120 port-manager: Alert: Ethernet1/1 link changed to DOWN
Stopping Octeon NPU ... 
Stopping Octeon NPU ... unreachable
Stopping Advanced Configuration and Power Interface daemon: stopped /usr/sbin/acpid (pid 1414)
acpid.
Stopping web server: apache2failed
Stopping system message bus: dbus.
Stopping DHCP server: dhcpd3acpid: exiting
no /usr/sbin/dhcpd found; none killed
.
stopping DNS forwarder and DHCP server: dnsmasq... no /usr/bin/dnsmasq found; none killed
stopping mountd: done
stopping nfsd: .done
Stopping ntpd: stopped process in pidfile '/var/run/ntp.pid' (pid 11891)
done
Stopping internet superserver: xinetd.
stopping statd: done
Stopping random number generator daemon.
Stopping domain name service: named.
Stopping crond: OK
Stopping rpcbind daemon...
done.
Stopping fan control daemon: fancontrol... no process in pidfile '/var/run/fancontrol.pid' found; none killed
done.
Stopping sensors logging daemon: sensord... stopped /usr/sbin/sensord (pid 2549)
done.
* Stopping virtualization library daemon: libvirtd
*[fail]
Deconfiguring network interfaces... done.
Stopping FreeRADIUS daemon radiusd Failed
Thu Jun 8 00:17:32 UTC 2023
Jun 8 00:17:32 firepower-2120 KP-NVRAM: Confreg value: confreg = 0x1
SSP-Security-Module is shutting down ...
Thu Jun 8 00:17:33 UTC 2023 SHUTDOWN WARNING: Beginning System Shutdown request for CSP Apps
Thu Jun 8 00:17:33 UTC 2023 SHUTDOWN WARNING: Upgrade process ready for reboot
Thu Jun 8 00:17:33 UTC 2023 SHUTDOWN WARNING: Continue System Shutdown request for CSP Apps
Thu Jun 8 00:17:33 UTC 2023 SHUTDOWN WARNING: Nothing to do for Apps-Services-Down
Thu Jun 8 00:17:33 UTC 2023
Sending ALL processes the TERM signal ...
Note: SIGKILL_ALL will be triggered after after 0 + 2 secs ...
Thu Jun 8 00:17:34 UTC 2023
Sending ALL processes the KILL signal ...
Thu Jun 8 00:17:35 UTC 2023
Deactivating swap...
Unmounting local filesystems...
Rebooting... [ 207.260581] reboot: Restarting system




*******************************************************************************
Cisco System ROMMON, Version 1.0.12, RELEASE SOFTWARE
Copyright (c) 1994-2019 by Cisco Systems, Inc.
Compiled Mon 06/17/2019 16:23:23.36 by builder
*******************************************************************************

Current image running: Boot ROM0
Last reset cause: ResetRequest (0x00001000)
DIMM_1/1 : Present
DIMM_2/1 : Absent

Platform FPR-2120 with 16384 MBytes of main memory
BIOS has been successfully locked !!
MAC Address: 6c:03:09:ce:01:80

Use BREAK or ESC to interrupt boot.
Use SPACE to begin boot immediately.
Boot in 10 seconds.
Boot in 9 seconds.
Boot in 8 seconds.

###### Escapeキーを押して Boot を中断させる

Boot interrupted.


rommon 1 > ADDRESS=10.31.122.56                            ###### IP Address の設定
rommon 2 > NETMASK=255.255.255.192                         ###### Netmask の設定
rommon 3 > GATEWAY=10.31.122.1                             ###### Default Gateway の設定
rommon 4 > SERVER=10.31.104.72                             ###### イメージが置いてあるサーバーの設定
rommon 5 > IMAGE=cisco-asa-fp2k.9.16.4.19.SPA             ###### イメージ名の設定
rommon 6 > set                                             ###### 設定内容の確認
ADDRESS=10.31.122.56
NETMASK=255.255.255.192
GATEWAY=10.31.122.1
SERVER=10.31.104.72
IMAGE=cisco-asa-fp2k.9.16.4.19.SPA
CONFIG=
PS1="rommon ! > "

rommon 7 > 
rommon 7 > ping 10.31.104.72                                  ###### サーバーへの疎通確認

link upSending 10, 32-byte ICMP Echoes to 10.31.104.72 timeout is 4 seconds
?!!!!!!!!!
Success rate is 90 percent (9/10)
rommon 8 > 
rommon 8 > 
rommon 8 > tftpdnld                                           ###### 'tftpdnld' を実行しイメーをダウンロード
ADDRESS: 10.31.122.56
NETMASK: 255.255.255.192
GATEWAY: 10.31.122.1
SERVER: 10.31.104.72
IMAGE: cisco-asa-fp2k.9.16.4.19.SPA
MACADDR: 6c:03:09:ce:01:80
VERBOSITY: Progress
RETRY: 40
PKTTIMEOUT: 7200
BLKSIZE: 1460
CHECKSUM: Yes
PORT: GbE/1
PHYMODE: Auto Detect

link up
Receiving cisco-asa-fp2k.9.16.4.19.SPA from 10.31.104.72!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! [SNIP]
TFTP: Transfer stopped after 268434140 bytes.
will try boot bundle image !!
File reception completed.
Boot buffer bigbuf=7e13e3d8
Boot image size = 191427008 (0xb68f1c0) bytes
[image size] 191427008
[MD5 signature] 0b23d87a3b6db3978f4f632faeeae393

+-------------------------------------------------------------------+
+------------------------- SUCCESS ---------------------------------+
+-------------------------------------------------------------------+
|                                                                   |
| LFBFF signature authentication passed !!!                         |
|                                                                   |
+-------------------------------------------------------------------+
LFBFF signature verified.
+-------------------------------------------------------------------+
+------------------------- SUCCESS ---------------------------------+
+-------------------------------------------------------------------+
|                                                                   |
| LFBFF controller type check passed !!!                            |
|                                                                   |
+-------------------------------------------------------------------+

Linux version: 4.18.45-yocto-standard (oe-user@oe-host) #1 SMP Thu Apr 13 15:49:28 UTC 2023
kernel_image = 0x891882f8, kernel_size=0x6452a0
Image validated
INIT: version 2.88 booting
Starting udev
Hardware tweak APPLIED: Disable SATA Throttle.1
Hardware tweak APPLIED: Disable SATA Throttle.2
Configuring network interfaces... done.
Starting random number generator daemon.
Starting Power Off Shutdown Handler (poshd)
poshd: using FPGA version and PSEQ version 
Starting TAm services ...
Device configuration status = TAM_SUCCESS
TAm Services started successfully
Primary SSD discovered
eMMC has incorrect partitions
Skipping prompt because disk is blank
Reformatting eMMC to clear error
Creating eMMC partition: START: 1 MB END: 100%
mkfs.fat 4.1 (2017-01-24)
Primary SSD has incorrect partitions
Skipping prompt because disk is blank
Formating Primary SSD...
Creating config partition: START: 1MB END: 1001MB
mke2fs 1.44.3 (10-July-2018)
/dev/sda1 contains a ext3 file system
last mounted on /opt/cisco/config on Thu Jun 8 00:14:53 2023
Discarding device blocks: 4096/244224 done 
Creating filesystem with 244224 4k blocks and 61056 inodes
Filesystem UUID: 7b82e284-332b-47b7-bfdf-07302d6c2eee
Superblock backups stored on blocks: 
32768, 98304, 163840, 229376

Allocating group tables: 0/8 done 
Writing inode tables: 0/8 done 
Creating journal (4096 blocks): done
Writing superblocks and filesystem accounting information: 0/8 done

Creating log partition: START: 1001MB END: 2001MB
mke2fs 1.44.3 (10-July-2018)
/dev/sda2 contains a ext3 file system
last mounted on /opt/cisco/platform/logs on Thu Jun 8 00:14:53 2023
Discarding device blocks: 4096/243968 done 
Creating filesystem with 243968 4k blocks and 61056 inodes
Filesystem UUID: f141060b-de02-4cd7-87dd-21d8ac3d0f40
Superblock backups stored on blocks: 
32768, 98304, 163840, 229376

Allocating group tables: 0/8 done 
Writing inode tables: 0/8 done 
Creating journal (4096 blocks): done
Writing superblocks and filesystem accounting information: 0/8 done

Creating coredump partition: START: 2001MB END: 14001MB
mke2fs 1.44.3 (10-July-2018)
/dev/sda3 contains a ext3 file system
last mounted on Thu Jun 8 00:14:53 2023
Discarding device blocks: 4096/29296641576960/2929664 done 
Creating filesystem with 2929664 4k blocks and 732960 inodes
Filesystem UUID: be37c70f-1e0b-4719-a191-f865b116da05
Superblock backups stored on blocks: 
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208

Allocating group tables: 0/90 done 
Writing inode tables: 0/90 done 
Creating journal (16384 blocks): done
Writing superblocks and filesystem accounting information: 0/90 done

Creating csp partition: START: 14001MB END: 100%
meta-data=/dev/sda4 isize=256 agcount=4, agsize=5249344 blks
= sectsz=4096 attr=2, projid32bit=1
= crc=0 finobt=0, sparse=0, rmapbt=0
= reflink=0
data = bsize=4096 blocks=20997376, imaxpct=25
= sunit=0 swidth=0 blks
naming =version 2 bsize=4096 ascii-ci=0, ftype=1
log =internal log bsize=4096 blocks=10252, version=2
= sectsz=4096 sunit=1 blks, lazy-count=1
realtime =none extsz=4096 blocks=0, rtextents=0
Done with primary disk partition
fsck from util-linux 2.32.1
[/sbin/fsck.ext3 (1) -- /dev/sda1] fsck.ext3 -a /dev/sda1 
/dev/sda1: clean, 11/61056 files, 8244/244224 blocks
fsck(/dev/sda1) returned 0
fsck from util-linux 2.32.1
[/sbin/fsck.ext3 (1) -- /dev/sda2] fsck.ext3 -a /dev/sda2 
/dev/sda2: clean, 11/61056 files, 8244/243968 blocks
fsck(/dev/sda2) returned 0
fsck from util-linux 2.32.1
[/sbin/fsck.ext3 (1) -- /dev/sda3] fsck.ext3 -a /dev/sda3 
/dev/sda3: clean, 11/732960 files, 69567/2929664 blocks
fsck(/dev/sda3) returned 0
mount_disk_xfs. device: /dev/sda4, dir: /opt/cisco/csp, mount returned: 0.
fsck from util-linux 2.32.1
[/sbin/fsck.vfat (1) -- /dev/sdb1] fsck.vfat -a /dev/sdb1 
fsck.fat 4.1 (2017-01-24)
/dev/sdb1: 0 files, 1/1919062 clusters
fsck(/dev/sdb1) returned 0
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
FIPS POST Test Script
NOTICE: The FIPS POST is not run because the FIPS feature is not enabled
Configuring packages on first boINIT: Entering runlevel: 3
Starting system message bus: dbus.
Starting OpenBSD Secure Shell server: sshd
generating ssh ed25519 key...
done.
Starting rpcbind daemon...done.
starting statd: done
Starting Advanced Configuration and Power Interface daemon: acpid.
acpid: starting up with netlink and the input layer
acpid: 1 rule loaded
acpid: waiting for events: event logging is off
Starting DHCP server: .
starting 8 nfsd kernel threads: done
starting mountd: done
Starting ntpd: done
Starting internet superserver: xinetd.
Starting Octeon NPU ... 
Starting Octeon NPU ... success
Starting fan control daemon: fancontrol... done.
INFO: beginning of manager_install
INFO: deleting unnecessary xml file..!!
INFO: deleted unnecessary xml file..!!
INFO: disaster recovery - use default service mgr
INFO: manager_post_install ...
INFO: manager_post_install: boot file does not exist
INFO: manager_post_install: fxmgr= chmgr= update=false
INFO: manager_post_install: Linking libraries ...
INFO: manager_post_install: Linking binaries ...
Completed system initial setup.
INFO: Trying to add iptables and ip6tables rules ...
INFO: Set up Application Diagnostic Interface ...
INFO: Configure management0 interface ...

2023-06-08T00:23:11 [WARN/lldpctl] unknown command from argument 4: `status`

INFO: Configure system files ...
INFO: System Name is: firepower-2120
Starting sensors logging daemon: sensord... done.
INFO: file /mnt/boot/.boot_npu does not exist
INFO: console : ttyS0, speed : 9600
INFO: manager_startup: setting up fxmgr apache ...
INFO: manager_startup: Start manager httpd setup...
INFO: manager_startup: /opt/cisco/config/certstore/default.key not found on platform, re-generating files
INFO: manager_startup: reset httpd app config to default
httpdRegister INFO: [httpd.2493 -4 192.168.45.45 -n localhost]
httpdRegister INFO: Starting httpd setup/registration...
httpdRegister INFO: Completed httpd setup/registration!
INFO: httpdRegister [httpd.2493 script exit]
INFO: manager_startup: Completed manager httpd setup!
nscd: 2568 monitoring file `/etc/hosts` (1)
nscd: 2568 monitoring directory `/etc` (2)
nscd: 2568 monitoring file `/etc/resolv.conf` (3)
nscd: 2568 monitoring directory `/etc` (2)
Starting crond: OK
FTD
Starting Octeon Serial Logd... 
Starting OcteoINFO: System Disks /dev/sda is present. Status: Operable. /dev/sdb is present. Status: Inoperable.


firepower-2120 login: 
Waiting for Application infrastructure to be ready...
Verifying the signature of the Application image...
Jun 8 00:23:33 firepower-2120 rst_manager: Reset Manager not required on this platform: 1
Jun 8 00:23:41 firepower-2120 FPRM: <<%FPRM-2-DEFAULT_INFRA_VERSION_MISSING>> [F1309][critical][default-infra-version-missing][org-root/fw-infra-pack-default] Bundle version in firmware package is empty, need to re-install
Jun 8 00:24:14 firepower-2120 port-manager: Alert: Ethernet1/2 link changed to UP
Jun 8 00:24:14 firepower-2120 port-manager: Alert: Ethernet1/1 link changed to UP

firepower-2120 login: admin                                ###### 'admin/Admin123' でログイン
Password: 
Successful login attempts for user 'admin' : 1
Hello admin. You must change your password.
Enter new password: 
Confirm new password: 
Your password was updated successfully.

Cisco Firepower Extensible Operating System (FX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (c) 2009-2019, Cisco Systems, Inc. All rights reserved.

The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under
license.

Certain components of this software are licensed under the "GNU General Public
License, version 3" provided with ABSOLUTELY NO WARRANTY under the terms of
"GNU General Public License, Version 3", available here:
http://www.gnu.org/licenses/gpl.html. See User Manual (''Licensing'') for
details.

Certain components of this software are licensed under the "GNU General Public
License, version 2" provided with ABSOLUTELY NO WARRANTY under the terms of
"GNU General Public License, version 2", available here:
http://www.gnu.org/licenses/old-licenses/gpl-2.0.html. See User Manual
(''Licensing'') for details.

Certain components of this software are licensed under the "GNU LESSER GENERAL
PUBLIC LICENSE, version 3" provided with ABSOLUTELY NO WARRANTY under the terms
of "GNU LESSER GENERAL PUBLIC LICENSE" Version 3", available here:
http://www.gnu.org/licenses/lgpl.html. See User Manual (''Licensing'') for
details.

Certain components of this software are licensed under the "GNU Lesser General
Public License, version 2.1" provided with ABSOLUTELY NO WARRANTY under the
terms of "GNU Lesser General Public License, version 2", available here:
http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html. See User Manual
(''Licensing'') for details.

Certain components of this software are licensed under the "GNU Library General
Public License, version 2" provided with ABSOLUTELY NO WARRANTY under the terms
of "GNU Library General Public License, version 2", available here:
http://www.gnu.org/licenses/old-licenses/lgpl-2.0.html. See User Manual
(''Licensing'') for details.

firepower-2120# scope fabric-interconnect a               ###### 'scope fabric-interconnect a' を実行
                            ###### 'set out-of-band static ip' コマンドで IP Addressを設定
firepower-2120 /fabric-interconnect # set out-of-band static ip 10.31.122.56 net mask 255.255.255.192 gw 10.31.122.1
Warning: When committed, this change may disconnect the current CLI session.
Use commit-buffer command to commit the changes.
firepower-2120 /fabric-interconnect* # commit-buffer      ###### 'commit-buffer' で設定変更を確定する
firepower-2120 /fabric-interconnect # exit                ###### 'exit' で抜ける
firepower-2120# 
firepower-2120# connect local-mgmt                        ###### 'connect local-mgmt' で 'local-mgmt' に移行
firepower-2120(local-mgmt)# 
firepower-2120(local-mgmt)# ping 10.31.104.72             ###### ping で TFTP Server への疎通確認
PING 10.31.104.72 (10.31.104.72) from 10.31.122.56 : 56(84) bytes of data.
64 bytes from 10.31.104.72: icmp_seq=1 ttl=61 time=0.217 ms
64 bytes from 10.31.104.72: icmp_seq=2 ttl=61 time=0.228 ms
64 bytes from 10.31.104.72: icmp_seq=3 ttl=61 time=0.227 ms
^C
--- 10.31.104.72 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 68ms
rtt min/avg/max/mdev = 0.217/0.224/0.228/0.005 ms

firepower-2120(local-mgmt)#

firepower-2120(local-mgmt)# exit                          ###### 'exit' で抜ける
firepower-2120# 
firepower-2120# scope firmware                            ###### 'scope firmware' を実行
                           ###### 'download image' コマンドを実行しイメージをダウンロードする
firepower-2120 /firmware # download image tftp://10.31.104.72/cisco-asa-fp2k.9.1 6.4.19.SPA
Please use the command 'show download-task' or 'show download-task detail' to check download progress.
firepower-2120 /firmware # 
firepower-2120 /firmware # % Download-task cisco-asa-fp2k.9.16.4.19.SPA : transferring 218768 KB 
firepower-2120 /firmware # % Download-task cisco-asa-fp2k.9.16.4.19.SPA : transferring 427728 KB 
firepower-2120 /firmware # % Download-task cisco-asa-fp2k.9.16.4.19.SPA : transferring 463550 KB 
firepower-2120 /firmware # % Download-task cisco-asa-fp2k.9.16.4.19.SPA : verifying image ... 
                                                          ###### ダウンロード完了の確認
firepower-2120 /firmware # % Download-task cisco-asa-fp2k.9.16.4.19.SPA : completed successfully.

firepower-2120 /firmware # 
firepower-2120 /firmware # 
firepower-2120 /firmware # show package                   ###### 'show package' を実行してダウンロードしたファイルの 'Package-Vers' を確認しておく
Name                                          Package-Vers
--------------------------------------------- ------------
cisco-asa-fp2k.9.16.4.19.SPA                  9.16.4.19
firepower-2120 /firmware # 
firepower-2120 /firmware # 
firepower-2120 /firmware # scope auto-install             ###### 'scope auto-install' を実行
firepower-2120 /firmware/auto-install # 
                                                          ###### 'install security-pack' を実行
                                                          ###### 'version' は上記の 'show package' で確認した 'Package-Vers' を指定
firepower-2120 /firmware/auto-install # install security-pack version 9.16.4.19

The system is currently installed with security software package not set, which has:
- The platform version: not set
If you proceed with the upgrade 9.16.4.19, it will do the following:
- upgrade to the new platform version 2.10.1.253
- install with CSP asa version 9.16.4.19
During the upgrade, the system will be reboot

Do you want to proceed ? (yes/no):yes                     ###### 'yes' を回答

This operation upgrades firmware and software on Security Platform Components
Here is the checklist of things that are recommended before starting Auto-Install
(1) Review current critical/major faults
(2) Initiate a configuration backup

Do you want to proceed? (yes/no):yes                      ###### 'yes' を回答

Triggered the install of software package version 9.16.4.19
Install started. This will take several minutes.
For monitoring the upgrade progress, please enter 'show' or 'show detail' command.
firepower-2120 /firmware/auto-install # Jun 8 00:29:18 firepower-2120 FPRM: <<%FPRM-2-DEFAULT_INFRA_VERSION_MISSING>> [F1309][cleared][default-infra-version-missing][org-root/fw-infra-pack-default] Bundle version in firmware package is empty, need to re-install

firepower-2120 /firmware/auto-install # 
firepower-2120 /firmware/auto-install # show

Firmware Auto-Install:
Package-Vers Oper State Upgrade State
------------ ---------------------------- -------------
9.16.4.19 Scheduled Ready
firepower-2120 /firmware/auto-install # 
firepower-2120 /firmware/auto-install # show detail

Firmware Auto-Install:
Package-Vers: 9.16.4.19
Oper State: Scheduled
Installation Time: 2023-06-08T00:29:18.552
Upgrade State: Ready
Upgrade Status:
Validation Software Pack Status:
Firmware Upgrade Status:
Current Task:
firepower-2120 /firmware/auto-install # 
firepower-2120 /firmware/auto-install # 
firepower-2120 /firmware/auto-install # show detail

Firmware Auto-Install:
Package-Vers: 9.16.4.19
Oper State: Scheduled
Installation Time: 2023-06-08T00:29:18.552
Upgrade State: Validating Images
Upgrade Status: validating the software package
Validation Software Pack Status:
Firmware Upgrade Status:
Current Task: Validating the application pack(FSM-STAGE:sam:dme:FirmwareSystemDeploy:ValidateApplicationPack)
firepower-2120 /firmware/auto-install # 
firepower-2120 /firmware/auto-install # show detail

Firmware Auto-Install:
Package-Vers Oper State Upgrade State
------------ ---------------------------- -------------
9.16.4.19 Scheduled Upgrading Service Manager
firepower-2120 /firmware/auto-install # 
firepower-2120 /firmware/auto-install # show detail

Firmware Auto-Install:
Package-Vers: 9.16.4.19
Oper State: Scheduled
Installation Time: 2023-06-08T00:29:18.552
Upgrade State: Installing Application
Upgrade Status: installing application image
Validation Software Pack Status: ok
Firmware Upgrade Status: up-to-date
Current Task: Waiting for Application Activation to complete(FSM-STAGE:sam:dme:FirmwareSystemDeploy:PollApplicationActivationStatus)
firepower-2120 /firmware/auto-install # 
Cisco ASA: CMD=-install, CSP-ID=cisco-asa.9.16.4.19__asa_001_JMX2519X18F43FCJJ1, FLAG=''
Verifying signature for cisco-asa.9.16.4.19 ...
Verifying signature for cisco-asa.9.16.4.19 ... success

Cisco ASA: CMD=-start, CSP-ID=cisco-asa.9.16.4.19__asa_001_JMX2519X18F43FCJJ1, FLAG=''
Cisco ASA starting ...

firepower-2120 login: admin (automatic login)                      ###### FXOSへのログインは自動で行われる

Last login: Thu Jun 8 00:25:03 UTC 2023 on ttyS0
Successful login attempts for user 'admin' : 2
Please wait for Cisco ASA to come online...1...
Registering to process manager ...
Cisco ASA started successfully.
Jun 8 00:31:56 firepower-2120 port-manager: Alert: Ethernet1/2 link changed to DOWN
Jun 8 00:31:56 firepower-2120 port-manager: Alert: Ethernet1/1 link changed to DOWN
Please wait for Cisco ASA to come online...2...
Please wait for Cisco ASA to come online...3...
Please wait for Cisco ASA to come online...4...
Please wait for Cisco ASA to come online...5...
lina_init_env: memif is not enabled.
System Cores 8 Nodes 1 Max Cores 48
Number of Cores 8
Global Reserve Memory Per Node: 692060160 bytes Nodes=1

LCMB: HEAP-CACHE POOL got 683671552 bytes on numa-id=0, virt=0x0000005555600000

total_reserved_mem = 1073741824

total_heapcache_mem = 683671552 
total mem 7168227615 system 7222882304 kernel 54654689 image 0
new 7168227615 old 1073741824 reserve 1757413376 priv new 5465468928 priv old 0
Processor memory: 6908309504
POST started...
POST finished, result is 0 (hint: 1 means it failed)

Cisco Adaptive Security Appliance Software Version 9.16(4)19

Compiled on Wed 19-Apr-23 20:29 GMT by builders
Platform is FPR-2120
Adding Cavium NIC interface 1 port 0

Total NICs found: 5

NIC pci:id 00, slot 0, port 1, bus -1, dev -1 func 0, irq 00, internal, ten_gb-ethernet, ind 1
NIC pci:id 01, slot 0, port -1, bus 0, dev 0 func 0, irq 00, internal, , ind 0
NIC pci:id 02, slot 1, port 1, bus -1, dev -1 func -1, irq 00, internal, gb-ethernet, ind 1
NIC pci:id 03, slot 1, port 1, bus -1, dev -1 func -1, irq 00, external, gb-ethernet, ind 1
NIC pci:id 04, slot 1, port 1, bus -1, dev -1 func -1, irq 00, internal, gb-ethernet, ind 1
Jun 8 00:32:56 firepower-2120 port-manager: Alert: Internal1/3 link changed to UP
en_vtun rev00 Backplane Ext-Mgmt Interface @ index 03 MAC: 6c03.09ce.0181
en_vtun rev00 Backplane Tap Interface @ index 04 MAC: 0000.0100.0001
WARNING: Attribute already exists in the dictionary.
08Jun2023 00:33:00 Read error: Open failed. Error message: No such file or directory.
License mode file was not found. Assuming this is the initial bootup. Setting the license mode to Smart Licensing.

INFO: Unable to read firewall mode from flash
Writing default firewall mode (single) to flash

INFO: Unable to read cluster interface-mode from flash
Writing default mode "None" to flash
Use software crypto.
The 3DES/AES algorithms require a Encryption-3DES-AES entitlement.
The 3DES/AES algorithms require a Encryption-3DES-AES entitlement.

Cisco Adaptive Security Appliance Software Version 9.16(4)19

****************************** Warning *******************************
This product contains cryptographic features and is
subject to United States and local country laws
governing, import, export, transfer, and use.
Delivery of Cisco cryptographic products does not
imply third-party authority to import, export,
distribute, or use encryption. Importers, exporters,
distributors and users are responsible for compliance
with U.S. and local country laws. By using this
product you agree to comply with applicable laws and
regulations. If you are unable to comply with U.S.
and local laws, return the enclosed items immediately.

A summary of U.S. laws governing Cisco cryptographic
products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by
sending email to export@cisco.com.
******************************* Warning *******************************
Cisco Adaptive Security Appliance Software, version 9.16
Copyright (c) 1996-2023 by Cisco Systems, Inc.
For licenses and notices for open source software used in this product, please visit
http://www.cisco.com/go/asa-opensource

Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

Cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706

config_fetcher: channel open failed
WARNING: MIGRATION - no startup configuration or configuration not found.

INFO: Power-On Self-Test in process.
..............
INFO: Power-On Self-Test complete.

INFO: Starting SW-DRBG health test...
INFO: SW-DRBG health test passed.
Creating trustpoint "_SmartCallHome_ServerCA" and installing certificate...

Trustpoint CA certificate accepted.
Creating trustpoint "_SmartCallHome_ServerCA2" and installing certificate...

Trustpoint CA certificate accepted.
INFO: Security level for "management" set to 0 by default.
INFO: Security level for "outside" set to 0 by default.
INFO: Security level for "inside" set to 100 by default.





User enable_1 logged in to ciscoasa
Logins over the last 1 days: 1. 
Failed logins since the last login: 0. 
Attaching to ASA CLI ... Press 'Ctrl+a then d' to detach.
Type help or '?' for a list of available commands.

ciscoasa>
ciscoasa>                                                    ###### ASA が起動する
ciscoasa> enable                                             ###### 'enable' を実行
The enable password is not set. Please set it now.           ###### 初期 'enable password' を設定
Enter Password: *****                                        ###### 初期パスワードの入力
Repeat Password: *****                                       ###### 初期パスワードの再入力
Note: Save your configuration so that the password can be used for FXOS failsafe access and persists across reboots
("write memory" or "copy running-config startup-config").
ciscoasa# 
ciscoasa# write memory                                       ###### 'write memory' の実行
Building configuration...
Cryptochecksum: 5920526d 1fe21e25 b0f02cbb 0fb013ec

11889 bytes copied in 1.740 secs (11889 bytes/sec)
[OK]
ciscoasa# 
ciscoasa# 
ciscoasa# show version

Cisco Adaptive Security Appliance Software Version 9.16(4)19 
SSP Operating System Version 2.10(1.253)
Device Manager Version 7.18(1)152

Compiled on Wed 19-Apr-23 20:29 GMT by builders
System image file is "disk0:/mnt/boot/installables/switch/fxos-k8-fp2k-npu.2.10.1.253.SPA"
Config file at boot was "startup-config"

ciscoasa up 1 min 57 secs

Hardware: FPR-2120, 6588 MB RAM, CPU MIPS 1200 MHz, 1 CPU (8 cores)


1: Int: Internal-Data0/1 : address is 000f.b748.4801, irq 0
3: Int: Not licensed : irq 0
4: Ext: Management1/1 : address is 6c03.09ce.0181, irq 0
5: Int: Internal-Data1/1 : address is 0000.0100.0001, irq 0

License mode: Smart Licensing

Licensed features for this platform:
Maximum Physical Interfaces : Unlimited 
Maximum VLANs : 1024 
Inside Hosts : Unlimited 
Failover : Active/Active 
Encryption-DES : Enabled 
Encryption-3DES-AES : Disabled 
Security Contexts : 2 
Carrier : Disabled 
AnyConnect Premium Peers : 3500 
AnyConnect Essentials : Disabled 
Other VPN Peers : 3500 
Total VPN Peers : 3500 
AnyConnect for Mobile : Enabled 
AnyConnect for Cisco VPN Phone : Enabled 
Advanced Endpoint Assessment : Enabled 
Shared License : Disabled 
Total TLS Proxy Sessions : 8000 
Cluster : Disabled

Serial Number: JAD25180E7V
Configuration register is 0x1
Configuration last modified by enable_1 at 00:34:21.779 UTC Thu Jun 8 2023
ciscoasa# 

参考情報

• ASA: FPR2100シリーズをASA (Platform Mode(Ver 9.13(1)以降))にリイメージする方法について
• ASA: FPR1000シリーズを rommon> から ASA にリイメージする方法について
  
• ファイアウォール トラブルシューティング
• Firepower System and FTDトラブルシューティング