キャンセル
次の結果を表示 
次の代わりに検索 
もしかして: 
cancel
791
閲覧回数
1
いいね!
0
コメント
Daisuke Nagai
Cisco Employee
Cisco Employee

FPR2100 シリーズを rommon> より ASA (Platform Mode) に Re-imageする方法を紹介します.

 

必要なもの

  • コンソールアクセス
  • TFTP Server
  • ASA イメージ

 

作業の大まかな流れ

  1. 電源 OFF/ON で rommon> モードへ移行
  2. rommon> で 'factory-reset' を実行
  3. rommon> で 'boot' を実行
  4. FXOS 上で 'format-everything' を実行
  5. rommon> でイメージのダウンロードを実行
  6. FXOS 上で 'download image' を実行
  7. FXOS 上で 'install security-pack' を実行
  8. ASA CLI 上で 'no fxos mode appliance' を実行

 

以下はCLI上で行う作業の詳細となります

*******************************************************************************

Cisco System ROMMON, Version 1.0.12, RELEASE SOFTWARE

Copyright (c) 1994-2019  by Cisco Systems, Inc.

Compiled Mon 06/17/2019 16:23:23.36 by builder

*******************************************************************************




Current image running: Boot ROM0

Last reset cause: ResetRequest (0x00001000)

DIMM_1/1 : Present

DIMM_2/1 : Present




Platform FPR-2140 with 65536 MBytes of main memory




WARNING: This board is using a temporary MAC address.

WARNING: The temporary MAC address override value = 00:11:22:33:44:24

WARNING: Please clear this value to use the programmed MAC address.

WARNING: Use the following two CLI commands:

WARNING:   unset MACADDR

WARNING:   sync




BIOS has been successfully locked !!

MAC Address: 60:26:aa:0e:36:80




Use BREAK or ESC to interrupt boot.

Use SPACE to begin boot immediately.

Boot in 10 seconds.

Boot in 9 seconds.

Boot in 8 seconds.

Boot in 7 seconds.

Boot interrupted.




###### Escape キーを押して Boot を中断させる







rommon 1 > factory-reset                                                                            ###### 'factory-reset' を実行

Warning: All configuration will be permanently lost with this operation 

         and application will be initialized to default configuration.

         This operation cannot be undone after booting the application image.




         Are you sure you would like to continue ? yes/no [no]: yes                                 ###### 'yes' を回答

         Please type 'ERASE' to confirm the operation or any other value to cancel: ERASE           ###### 'ERASE' を回答




Performing factory reset...

Located '.boot_string' @ cluster 115924.







Rommon will continue to boot the application: disk0:installables/switch/fxos-k8-fp2k-lfbff.2.10.1.1611.SPA 

Are you sure you would like to continue ? yes/no [no]: no                                           ###### 'no' を回答







Execute 'boot' command afterwards for factory-reset to be initiated.

Use of reset/reboot/reload command will cancel the factory-reset request!

rommon 2 > 

rommon 2 > boot                                                                                     ###### 'boot' を実行

Located 'installables/switch/fxos-k8-fp2k-lfbff.2.10.1.1611.SPA' @ cluster 5200.




####################################################################################### [SNIP]




+-------------------------------------------------------------------+

+------------------------- SUCCESS ---------------------------------+

+-------------------------------------------------------------------+

|                                                                   |

|             LFBFF signature authentication passed !!!             |

|                                                                   |

+-------------------------------------------------------------------+

LFBFF signature verified.

+-------------------------------------------------------------------+

+------------------------- SUCCESS ---------------------------------+

+-------------------------------------------------------------------+

|                                                                   |

|              LFBFF controller type check passed !!!               |

|                                                                   |

+-------------------------------------------------------------------+




Linux version: 4.18.45-yocto-standard (oe-user@oe-host) #1 SMP Thu Sep 21 19:54:34 UTC 2023

kernel_image = 0x8daf8478, kernel_size=0x6452a0

Image validated

[   11.445818] Disabling IRQ #16

INIT: version 2.88 booting

Starting udev

Hardware tweak APPLIED: Disable SATA Throttle.1

Hardware tweak APPLIED: Disable SATA Throttle.2

Configuring network interfaces... done.

Starting random number generator daemon.

Starting Power Off Shutdown Handler (poshd)

poshd: using FPGA version  and PSEQ version 

Starting TAm services ...

Device configuration status = TAM_SUCCESS

TAm Services started successfully

Primary SSD discovered

Rommon requested SSD reformat

Formating SSD...

Creating config partition: START: 1MB END: 1001MB

mke2fs 1.44.3 (10-July-2018)

/dev/sda1 contains a ext3 file system

last mounted on /opt/cisco/config on Tue Oct 10 13:22:07 2023

Discarding device blocks:   4096/244224             done                            

Creating filesystem with 244224 4k blocks and 61056 inodes

Filesystem UUID: f128bf4f-d489-42ea-ac19-33e3328ccd32

Superblock backups stored on blocks: 

32768, 98304, 163840, 229376




Allocating group tables: 0/8   done                            

Writing inode tables: 0/8   done                            

Creating journal (4096 blocks): done

Writing superblocks and filesystem accounting information: 0/8   done




Creating log partition: START: 1001MB END: 2001MB

mke2fs 1.44.3 (10-July-2018)

/dev/sda2 contains a ext3 file system

last mounted on /opt/cisco/platform/logs on Tue Oct 10 13:22:07 2023

Discarding device blocks:   4096/243968             done                            

Creating filesystem with 243968 4k blocks and 61056 inodes

Filesystem UUID: 8f46f10e-64dc-49ae-acb3-1c1152b434aa

Superblock backups stored on blocks: 

32768, 98304, 163840, 229376




Allocating group tables: 0/8   done                            

Writing inode tables: 0/8   done                            

Creating journal (4096 blocks): done

Writing superblocks and filesystem accounting information: 0/8   done




Creating coredump partition: START: 2001MB END: 32001MB

mke2fs 1.44.3 (10-July-2018)

/dev/sda3 contains a ext3 file system

last mounted on Tue Oct 10 13:22:07 2023

Discarding device blocks:    4096/73244165771264/7324416               done                            

Creating filesystem with 7324416 4k blocks and 1831424 inodes

Filesystem UUID: b137e416-e39f-4461-a675-d156da3f993f

Superblock backups stored on blocks: 

32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208, 

4096000




Allocating group tables:   0/224       done                            

Writing inode tables:   0/224       done                            

Creating journal (32768 blocks): done

Writing superblocks and filesystem accounting information:   0/224       done




Creating csp partition: START: 32001MB END: 100%

meta-data=/dev/sda4              isize=256    agcount=4, agsize=10254144 blks

         =                       sectsz=4096  attr=2, projid32bit=1

         =                       crc=0        finobt=0, sparse=0, rmapbt=0

         =                       reflink=0

data     =                       bsize=4096   blocks=41016576, imaxpct=25

         =                       sunit=0      swidth=0 blks

naming   =version 2              bsize=4096   ascii-ci=0, ftype=1

log      =internal log           bsize=4096   blocks=20027, version=2

         =                       sectsz=4096  sunit=1 blks, lazy-count=1

realtime =none                   extsz=4096   blocks=0, rtextents=0

Done with primary disk partition

fsck from util-linux 2.32.1

[/sbin/fsck.ext3 (1) -- /dev/sda1] fsck.ext3 -a /dev/sda1 

/dev/sda1: clean, 11/61056 files, 8244/244224 blocks

fsck(/dev/sda1) returned 0

fsck from util-linux 2.32.1

[/sbin/fsck.ext3 (1) -- /dev/sda2] fsck.ext3 -a /dev/sda2 

/dev/sda2: clean, 11/61056 files, 8244/243968 blocks

fsck(/dev/sda2) returned 0

fsck from util-linux 2.32.1

[/sbin/fsck.ext3 (1) -- /dev/sda3] fsck.ext3 -a /dev/sda3 

/dev/sda3: clean, 11/1831424 files, 158994/7324416 blocks

fsck(/dev/sda3) returned 0

mount_disk_xfs. device: /dev/sda4, dir: /opt/cisco/csp, mount returned: 0.

fsck from util-linux 2.32.1

[/sbin/fsck.vfat (1) -- /dev/sdb1] fsck.vfat -a /dev/sdb1 

fsck.fat 4.1 (2017-01-24)

/dev/sdb1: 34 files, 115925/1919062 clusters

fsck(/dev/sdb1) returned 0

useradd: warning: the home directory already exists.

Not copying any file from skel directory into it.

useradd: warning: the home directory already exists.

Not copying any file from skel directory into it.

useradd: warning: the home directory already exists.

Not copying any file from skel directory into it.

useradd: warning: the home directory already exists.

Not copying any file from skel directory into it.

useradd: warning: the home directory already exists.

Not copying any file from skel directory into it.

useradd: warning: the home directory already exists.

Not copying any file from skel directory into it.

FIPS POST Test Script

NOTICE: The FIPS POST is not run because the FIPS feature is not enabled

Configuring packages on first boINIT: Entering runlevel: 3

Starting system message bus: dbus.

Starting OpenBSD Secure Shell server: sshd

  generating ssh ed25519 key...

done.

Starting rpcbind daemon...done.

starting statd: done

Starting Advanced Configuration and Power Interface daemon: acpid.

acpid: starting up with netlink and the input layer

acpid: 1 rule loaded

acpid: waiting for events: event logging is off

Starting DHCP server: .

starting 8 nfsd kernel threads: done

starting mountd: done

Starting ntpd: done

Starting internet superserver: xinetd.

Starting Octeon NPU ... 

Starting Octeon NPU ... success

Starting fan control daemon: fancontrol... done.

INFO: beginning of manager_install

INFO: manager_install: fxmgr=/mnt/boot/installables/switch/fxos-k9-fp2k-manager.2.10.1.1611.SPA chmgr=/mnt/boot/installables/switch/fxos-k9-mgmtext.2.10.1.60.SPA update=false

INFO: manager_install: fxmgr is dummy, skip_fxmgr_install=true

INFO: in validating image ...

INFO: manager_validate_image: fxmgr_absfilename /mnt/boot/installables/switch/fxos-k9-fp2k-manager.2.10.1.1611.SPA

INFO: Validating image /mnt/boot/installables/switch/fxos-k9-fp2k-manager.2.10.1.1611.SPA signature ...

: File /mnt/boot/installables/switch/fxos-k9-fp2k-manager.2.10.1.1611.SPA size 1296

Done!

Computed Hash   SHA2: b017cba05abf5495f8e598501d60f518

                      0ef46d1ef0436453c242f2d2421a6de3

                      ef9e56df4cacc6547d5a5d30138a2ef6

                      1427ed399485eaedd95240ae37810ddf

                      

Embedded Hash   SHA2: b017cba05abf5495f8e598501d60f518

                      0ef46d1ef0436453c242f2d2421a6de3

                      ef9e56df4cacc6547d5a5d30138a2ef6

                      1427ed399485eaedd95240ae37810ddf

                      

The digital signature of the file: fxos-k9-fp2k-manager.2.10.1.1611.SPA verified successfully

INFO: manager_validate_image: chmgr_absfilename /mnt/boot/installables/switch/fxos-k9-mgmtext.2.10.1.60.SPA

INFO: Validating image /mnt/boot/installables/switch/fxos-k9-mgmtext.2.10.1.60.SPA signature ...

: File /mnt/boot/installables/switch/fxos-k9-mgmtext.2.10.1.60.SPA size 37135504

Done!

Computed Hash   SHA2: 152e65b198a7b98491ebc4d3212d9b5f

                      47a3a10dfe42296d9f095cbb45994c15

                      7a97413e849739cc25a47e5bffbf7ea4

                      b6e81eaf2c0890f2dea162cc62ef8e4b

                      

Embedded Hash   SHA2: 152e65b198a7b98491ebc4d3212d9b5f

                      47a3a10dfe42296d9f095cbb45994c15

                      7a97413e849739cc25a47e5bffbf7ea4

                      b6e81eaf2c0890f2dea162cc62ef8e4b

                      

The digital signature of the file: fxos-k9-mgmtext.2.10.1.60.SPA verified successfully

INFO: manager_install: skip_fxmgr_install=true - delete unnecessary files and skip

INFO: deleting unnecessary xml file..!!

INFO: deleted unnecessary xml file..!!

INFO: manager_post_install ...

INFO: manager_post_install: fxmgr=/mnt/boot/installables/switch/fxos-k9-fp2k-manager.2.10.1.1611.SPA chmgr=/mnt/boot/installables/switch/fxos-k9-mgmtext.2.10.1.60.SPA update=false

INFO: manager_post_install: fxmgr is dummy

INFO: manager_post_install: Linking libraries ...

INFO: manager_post_install: Linking binaries ...

INFO: Creating directory /tmp/chmgr

INFO: creating /isan/apache/chassis-mgr/

INFO: Change permission /isan/apache/chassis-mgr/.deploy_onbox.sh

INFO: Change permission /isan/apache/chassis-mgr/.httpd.conf

INFO: Change permission /isan/apache/chassis-mgr/kpmgmt/onbox-version.txt

INFO: manager_post_install: succesful install chassis mgr

Completed system initial setup.

INFO: Trying to add iptables and ip6tables rules ...

INFO: Set up Application Diagnostic Interface ...

INFO: Configure management0 interface ...




2023-10-10T13:33:02 [WARN/lldpctl] unknown command from argument 4: `status`




INFO: Configure system files ...

INFO: System Name is: firepower-2140

Starting sensors logging daemon: sensord... done.

INFO: /mnt/boot/installables/switch/fxos-k8-fp2k-npu.2.10.1.1611.SPA

INFO: Need to validate the image

: File /mnt/boot/installables/switch/fxos-k8-fp2k-npu.2.10.1.1611.SPA size 73782640

Done!

Computed Hash   SHA2: c04a9fdf274ab056a8f07e7abade825c

                      0d42272fdd5e5f1e170eec6c2b28ea65

                      427c6d820a86bfb7def348a2fd98529b

                      0b012de4a333a3266b2dac3739b96cb2

                      

Embedded Hash   SHA2: c04a9fdf274ab056a8f07e7abade825c

                      0d42272fdd5e5f1e170eec6c2b28ea65

                      427c6d820a86bfb7def348a2fd98529b

                      0b012de4a333a3266b2dac3739b96cb2

                      

The digital signature of the file: fxos-k8-fp2k-npu.2.10.1.1611.SPA verified successfully

INFO: Creating directory /tmp/npu

INFO: all files are there ...

INFO: console : ttyS0, speed : 9600

INFO: manager_startup: setting up fxmgr apache ...

INFO: manager_startup: Start manager httpd setup...

INFO: manager_startup: /opt/cisco/config/certstore/default.key not found on platform, re-generating files

INFO: manager_startup: reset httpd app config to default

 httpdRegister INFO: [httpd.2839 -4 192.168.45.45 -n localhost]

 httpdRegister INFO: Starting httpd setup/registration...

 httpdRegister INFO: Completed httpd setup/registration!

 INFO: httpdRegister [httpd.2839 script exit]

INFO: manager_startup: Completed manager httpd setup!

INFO: manager_startup: configuring chassis manager

INFO: unconfig older conf files

 httpdAppconf INFO: [httpd.2918 -d /isan/apache/.httpd.conf]

 httpdAppconf [fpr21xx] PARAMS: [GLOBAL_DEL:/isan/apache/.httpd.conf]

 httpdAppconf INFO: /isan/apache/.httpd.conf changes already removed

 httpdAppconf INFO: httpd.conf GLOBAL_DEL update for /isan/apache/.httpd.conf already applied

 INFO: httpdAppconf [httpd.2918 script exit]

 httpdAppconf INFO: [httpd.2948 -V -d /isan/apache/.httpd.conf]

 httpdAppconf [fpr21xx] PARAMS: [VHOST_DEL:/isan/apache/.httpd.conf]

 httpdAppconf INFO: /isan/apache/.httpd.conf changes already removed

 httpdAppconf INFO: httpd.conf VHOST_DEL update for /isan/apache/.httpd.conf already applied

 INFO: httpdAppconf [httpd.2948 script exit]

INFO: Configuring httpd

 httpdAppconf INFO: [httpd.2981 -V -a /isan/apache/.httpd.conf]

 httpdAppconf [fpr21xx] PARAMS: [VHOST_ADD:/isan/apache/.httpd.conf]

 httpdAppconf INFO: SUCCESSFUL httpd.conf VHOST_ADD update for /isan/apache/.httpd.conf

 INFO: httpdAppconf [httpd.2981 script exit]

INFO: manager_startup: successfully configured chassis mgr

nscd: 3030 monitoring file `/etc/hosts` (1)

nscd: 3030 monitoring directory `/etc` (2)

nscd: 3030 monitoring file `/etc/resolv.conf` (3)

nscd: 3030 monitoring directory `/etc` (2)

Starting crond: OK

FTD

Starting Octeon Serial Logd... 

Starting OcteoINFO: System Disks /dev/sda is present. Status: Operable. /dev/sdb is present. Status: Inoperable.







firepower-2140 login: 

Waiting for Application infrastructure to be ready...

Verifying the signature of the Application image...

Oct 10 13:33:27 firepower-2140 kernel: [   11.445818] Disabling IRQ #16

Oct 10 13:33:29 firepower-2140 rst_manager: Reset Manager not required on this platform: 1

Oct 10 13:33:38 firepower-2140 FPRM: <<%FPRM-2-DEFAULT_INFRA_VERSION_MISSING>> [F1309][critical][default-infra-version-missing][org-root/fw-infra-pack-default] Bundle version in firmware package is empty, need to re-install

Oct 10 13:34:23 firepower-2140 port-manager: Alert: Ethernet1/2 link changed to UP

Oct 10 13:34:23 firepower-2140 port-manager: Alert: Ethernet1/1 link changed to UP




firepower-2140 login: admin                                                     ###### admin/Admin123 でログイン (このパスワードはDefault)

Password: 

Successful login attempts for user 'admin' : 1

Hello admin. You must change your password.

Enter new password: *********                                                   ###### 任意のパスワードを設定 (アスタリスクは出力されません)

Confirm new password: *********                                                 ###### 任意のパスワードの再入力 (アスタリスクは出力されません)

Your password was updated successfully.




Cisco Firepower Extensible Operating System (FX-OS) Software

TAC support: http://www.cisco.com/tac

Copyright (c) 2009-2019, Cisco Systems, Inc. All rights reserved.




The copyrights to certain works contained in this software are

owned by other third parties and used and distributed under

license.




Certain components of this software are licensed under the "GNU General Public

License, version 3" provided with ABSOLUTELY NO WARRANTY under the terms of

"GNU General Public License, Version 3", available here:

http://www.gnu.org/licenses/gpl.html. See User Manual (''Licensing'') for

details.




Certain components of this software are licensed under the "GNU General Public

License, version 2" provided with ABSOLUTELY NO WARRANTY under the terms of

"GNU General Public License, version 2", available here:

http://www.gnu.org/licenses/old-licenses/gpl-2.0.html. See User Manual

(''Licensing'') for details.




Certain components of this software are licensed under the "GNU LESSER GENERAL

PUBLIC LICENSE, version 3" provided with ABSOLUTELY NO WARRANTY under the terms

of "GNU LESSER GENERAL PUBLIC LICENSE" Version 3", available here:

http://www.gnu.org/licenses/lgpl.html. See User Manual (''Licensing'') for

details.




Certain components of this software are licensed under the "GNU Lesser General

Public License, version 2.1" provided with ABSOLUTELY NO WARRANTY under the

terms of "GNU Lesser General Public License, version 2", available here:

http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html. See User Manual

(''Licensing'') for details.




Certain components of this software are licensed under the "GNU Library General

Public License, version 2" provided with ABSOLUTELY NO WARRANTY under the terms

of "GNU Library General Public License, version 2", available here:

http://www.gnu.org/licenses/old-licenses/lgpl-2.0.html. See User Manual

(''Licensing'') for details.




firepower-2140# 

firepower-2140# connect local-mgmt                                              ###### 'connect local-mgmt' を実行して 'local-mgmt' に移行

firepower-2140(local-mgmt)# 

firepower-2140(local-mgmt)# format everything                                   ###### 'format everything' を実行

All configuration and bootable images will be lost.

Do you still want to format? (yes/no):yes                                       ###### 'yes' を回答

100+0 records in

100+0 records out

51200 bytes (51 kB, 50 KiB) copied, 0.00821808 s, 6.2 MB/s

4+0 records in

4+0 records out

2048 bytes (2.0 kB, 2.0 KiB) copied, 6.5215e-05 s, 31.4 MB/s

100+0 records in

100+0 records out

51200 bytes (51 kB, 50 KiB) copied, 0.0956049 s, 536 kB/s




Broadcast message from root@firepower-2140 (Tue Oct 10 13:34:59 2023):




All shells being terminated due to system /sbin/reboot




Broadcast message from root@firepower-2140 (Tue Oct 10 13:35:00 2023):




 System restarted due to disks being reformatted.

INIT: 2023 Oct 10 13:35:07 PMLOG: PM IPC UTILITY: Shutting down all ports

Stopping Octeon Serial Logd... 

Stopping Octeon Serial Logd... success

Stopping OpenBSD Secure Shell server: sshd

stopped /usr/sbin/sshd (pid 1611)

done.

Stopping Octeon NPU ... 

Oct 10 13:35:08 firepower-2140 port-manager: Alert: Ethernet1/2 link changed to DOWN

Oct 10 13:35:08 firepower-2140 port-manager: Alert: Ethernet1/1 link changed to DOWN

Oct 10 13:35:08 firepower-2140 FPRM: <<%FPRM-2-DEFAULT_INFRA_VERSION_MISSING>> [F1309][cleared][default-infra-version-missing][org-root/fw-infra-pack-default] Bundle version in firmware package is empty, need to re-install

Stopping Octeon NPU ... unreachable

Stopping Advanced Configuration and Power Interface daemon: stopped /usr/sbin/acpid (pid 1623)

acpid.

Stopping web server: apache2failed

Stopping system message bus: acpid: exiting

dbus.

Stopping DHCP server: dhcpd3no /usr/sbin/dhcpd found; none killed

.

stopping DNS forwarder and DHCP server: dnsmasq... no /usr/bin/dnsmasq found; none killed

stopping mountd: done

stopping nfsd: .done

Stopping ntpd: stopped process in pidfile '/var/run/ntp.pid' (pid 1661)

done

Stopping internet superserver: xinetd.

stopping statd: done

Stopping random number generator daemon.

Stopping domain name service: named.

Stopping crond: OK

Stopping rpcbind daemon...

done.

Stopping fan control daemon: fancontrol... no process in pidfile '/var/run/fancontrol.pid' found; none killed

done.

Stopping sensors logging daemon: sensord... stopped /usr/sbin/sensord (pid 2761)

done.

 * Stopping virtualization library daemon: libvirtd

 *[fail]

Deconfiguring network interfaces... done.

Stopping FreeRADIUS daemon radiusd Failed

Tue Oct 10 13:35:11 UCT 2023

Oct 10 13:35:11 firepower-2140 KP-NVRAM: Confreg value: confreg = 0x1

SSP-Security-Module is shutting down ...

Tue Oct 10 13:35:12 UCT 2023 SHUTDOWN WARNING: Beginning System Shutdown request for CSP Apps

Tue Oct 10 13:35:12 UCT 2023 SHUTDOWN WARNING: Upgrade process ready for reboot

Tue Oct 10 13:35:12 UCT 2023 SHUTDOWN WARNING: Continue System Shutdown request for CSP Apps

Tue Oct 10 13:35:13 UCT 2023 SHUTDOWN WARNING: Nothing to do for Apps-Services-Down

omit_pids_opt: -o 679,700,704

Tue Oct 10 13:35:13 UCT 2023

Sending ALL processes the TERM signal ...

Note: SIGKILL_ALL will be triggered after after 0 + 2 secs ...

Tue Oct 10 13:35:14 UCT 2023

Sending ALL processes the KILL signal ...

Tue Oct 10 13:35:15 UCT 2023

Deactivating swap...

Unmounting local filesystems...

Rebooting... [  212.511600] reboot: Restarting system










*******************************************************************************

Cisco System ROMMON, Version 1.0.12, RELEASE SOFTWARE

Copyright (c) 1994-2019  by Cisco Systems, Inc.

Compiled Mon 06/17/2019 16:23:23.36 by builder

*******************************************************************************




Current image running: Boot ROM0

Last reset cause: ResetRequest (0x00001000)

DIMM_1/1 : Present

DIMM_2/1 : Present




Platform FPR-2140 with 65536 MBytes of main memory




WARNING: This board is using a temporary MAC address.

WARNING: The temporary MAC address override value = 00:11:22:33:44:24

WARNING: Please clear this value to use the programmed MAC address.

WARNING: Use the following two CLI commands:

WARNING:   unset MACADDR

WARNING:   sync




BIOS has been successfully locked !!

MAC Address: 60:26:aa:0e:36:80




Use BREAK or ESC to interrupt boot.

Use SPACE to begin boot immediately.

Boot in 10 seconds.

Boot in 9 seconds.

Boot in 8 seconds.

Boot in 7 seconds.




###### Escapeキーを押して Boot を中断させる




Boot interrupted.







rommon 1 > 

rommon 1 > ADDRESS=10.122.187.155                           ###### IP Address の設定

rommon 2 > NETMASK=255.255.255.240                          ###### Netmask の設定

rommon 3 > GATEWAY=10.122.187.145                           ###### Default Gateway の設定

rommon 4 > SERVER=10.207.204.10                             ###### イメージが置いてあるサーバーの設定

rommon 5 > IMAGE=cisco-asa-fp2k.9.16.4.42.SPA               ###### イメージ名の設定

rommon 6 > set                                              ###### 設定内容の確認

    ADDRESS=10.122.187.155

    NETMASK=255.255.255.240

    GATEWAY=10.122.187.145

    SERVER=10.207.204.10

    IMAGE=cisco-asa-fp2k.9.16.4.42.SPA

    CONFIG=

    PS1="rommon ! > "

    MACADDR=00:11:22:33:44:24

    FIRMWARE_VERSION=1012.0200.0213




rommon 7 > 

rommon 7 > ping 10.207.204.10                               ###### サーバーへの疎通確認




link upSending 10, 32-byte ICMP Echoes to 10.207.204.10 timeout is 4 seconds

!!!!!!!!!!

Success rate is 100 percent (10/10)

rommon 8 > 

rommon 8 > tftpdnld                                         ##### 'tftpdnld' を実行しイメーをダウンロード

             ADDRESS: 10.122.187.155

             NETMASK: 255.255.255.240

             GATEWAY: 10.122.187.145

              SERVER: 10.207.204.10

               IMAGE: cisco-asa-fp2k.9.16.4.42.SPA

             MACADDR: 60:26:aa:0e:36:80

           VERBOSITY: Progress

               RETRY: 40

          PKTTIMEOUT: 7200

             BLKSIZE: 1460

            CHECKSUM: Yes

                PORT: GbE/1

             PHYMODE: Auto Detect




link up

Receiving cisco-asa-fp2k.9.16.4.42.SPA from 10.207.204.10!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! [SNIP]

TFTP: Transfer stopped after 268434140 bytes.

will try boot bundle image !!

File reception completed.

Boot buffer bigbuf=7e13e3d8

Boot image size = 191411968 (0xb68b700) bytes

[image size]      191411968

[MD5 signature]    afe2e2f0f675ffc728d04bcb7394a36a




+-------------------------------------------------------------------+

+------------------------- SUCCESS ---------------------------------+

+-------------------------------------------------------------------+

|                                                                   |

|             LFBFF signature authentication passed !!!             |

|                                                                   |

+-------------------------------------------------------------------+

LFBFF signature verified.

+-------------------------------------------------------------------+

+------------------------- SUCCESS ---------------------------------+

+-------------------------------------------------------------------+

|                                                                   |

|              LFBFF controller type check passed !!!               |

|                                                                   |

+-------------------------------------------------------------------+




Linux version: 4.18.45-yocto-standard (oe-user@oe-host) #1 SMP Thu Sep 21 19:54:34 UTC 2023

kernel_image = 0x89184838, kernel_size=0x6452a0

Image validated

[   11.447411] Disabling IRQ #16

INIT: version 2.88 booting

Starting udev

Hardware tweak APPLIED: Disable SATA Throttle.1

Hardware tweak APPLIED: Disable SATA Throttle.2

Configuring network interfaces... done.

Starting random number generator daemon.

Starting Power Off Shutdown Handler (poshd)

poshd: using FPGA version  and PSEQ version 

Starting TAm services ...

Device configuration status = TAM_SUCCESS

TAm Services started successfully

Primary SSD discovered

eMMC has incorrect partitions

Skipping prompt because disk is blank

Reformatting eMMC to clear error

Creating eMMC partition: START: 1 MB END: 100%

mkfs.fat 4.1 (2017-01-24)

Primary SSD has incorrect partitions

Skipping prompt because disk is blank

Formating Primary SSD...

Creating config partition: START: 1MB END: 1001MB

mke2fs 1.44.3 (10-July-2018)

/dev/sda1 contains a ext3 file system

last mounted on /opt/cisco/config on Tue Oct 10 13:32:34 2023

Discarding device blocks:   4096/244224             done                            

Creating filesystem with 244224 4k blocks and 61056 inodes

Filesystem UUID: 0574363d-9dac-4d82-aa27-dd670a2ede42

Superblock backups stored on blocks: 

32768, 98304, 163840, 229376




Allocating group tables: 0/8   done                            

Writing inode tables: 0/8   done                            

Creating journal (4096 blocks): done

Writing superblocks and filesystem accounting information: 0/8   done




Creating log partition: START: 1001MB END: 2001MB

mke2fs 1.44.3 (10-July-2018)

/dev/sda2 contains a ext3 file system

last mounted on /opt/cisco/platform/logs on Tue Oct 10 13:32:34 2023

Discarding device blocks:   4096/243968             done                            

Creating filesystem with 243968 4k blocks and 61056 inodes

Filesystem UUID: 4163d307-1119-4953-a8d9-250c3ce3d8a4

Superblock backups stored on blocks: 

32768, 98304, 163840, 229376




Allocating group tables: 0/8   done                            

Writing inode tables: 0/8   done                            

Creating journal (4096 blocks): done

Writing superblocks and filesystem accounting information: 0/8   done




Creating coredump partition: START: 2001MB END: 32001MB

mke2fs 1.44.3 (10-July-2018)

/dev/sda3 contains a ext3 file system

last mounted on Tue Oct 10 13:32:34 2023

Discarding device blocks:    4096/73244164198400/7324416               done                            

Creating filesystem with 7324416 4k blocks and 1831424 inodes

Filesystem UUID: f41d5307-ec84-4a8c-8092-b4717454f638

Superblock backups stored on blocks: 

32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208, 

4096000




Allocating group tables:   0/224       done                            

Writing inode tables:   0/224       done                            

Creating journal (32768 blocks): done

Writing superblocks and filesystem accounting information:   0/224       done




Creating csp partition: START: 32001MB END: 100%

meta-data=/dev/sda4              isize=256    agcount=4, agsize=10254144 blks

         =                       sectsz=4096  attr=2, projid32bit=1

         =                       crc=0        finobt=0, sparse=0, rmapbt=0

         =                       reflink=0

data     =                       bsize=4096   blocks=41016576, imaxpct=25

         =                       sunit=0      swidth=0 blks

naming   =version 2              bsize=4096   ascii-ci=0, ftype=1

log      =internal log           bsize=4096   blocks=20027, version=2

         =                       sectsz=4096  sunit=1 blks, lazy-count=1

realtime =none                   extsz=4096   blocks=0, rtextents=0

Done with primary disk partition

fsck from util-linux 2.32.1

[/sbin/fsck.ext3 (1) -- /dev/sda1] fsck.ext3 -a /dev/sda1 

/dev/sda1: clean, 11/61056 files, 8244/244224 blocks

fsck(/dev/sda1) returned 0

fsck from util-linux 2.32.1

[/sbin/fsck.ext3 (1) -- /dev/sda2] fsck.ext3 -a /dev/sda2 

/dev/sda2: clean, 11/61056 files, 8244/243968 blocks

fsck(/dev/sda2) returned 0

fsck from util-linux 2.32.1

[/sbin/fsck.ext3 (1) -- /dev/sda3] fsck.ext3 -a /dev/sda3 

/dev/sda3: clean, 11/1831424 files, 158994/7324416 blocks

fsck(/dev/sda3) returned 0

mount_disk_xfs. device: /dev/sda4, dir: /opt/cisco/csp, mount returned: 0.

fsck from util-linux 2.32.1

[/sbin/fsck.vfat (1) -- /dev/sdb1] fsck.vfat -a /dev/sdb1 

fsck.fat 4.1 (2017-01-24)

/dev/sdb1: 0 files, 1/1919062 clusters

fsck(/dev/sdb1) returned 0

useradd: warning: the home directory already exists.

Not copying any file from skel directory into it.

useradd: warning: the home directory already exists.

Not copying any file from skel directory into it.

useradd: warning: the home directory already exists.

Not copying any file from skel directory into it.

useradd: warning: the home directory already exists.

Not copying any file from skel directory into it.

useradd: warning: the home directory already exists.

Not copying any file from skel directory into it.

useradd: warning: the home directory already exists.

Not copying any file from skel directory into it.

FIPS POST Test Script

NOTICE: The FIPS POST is not run because the FIPS feature is not enabled

Configuring packages on first boINIT: Entering runlevel: 3

Starting system message bus: dbus.

Starting OpenBSD Secure Shell server: sshd

  generating ssh ed25519 key...

done.

Starting rpcbind daemon...done.

starting statd: done

Starting Advanced Configuration and Power Interface daemon: acpid.

acpid: starting up with netlink and the input layer

acpid: 1 rule loaded

acpid: waiting for events: event logging is off

Starting DHCP server: .

starting 8 nfsd kernel threads: done

starting mountd: done

Starting ntpd: done

Starting internet superserver: xinetd.

Starting Octeon NPU ... 

Starting Octeon NPU ... success

Starting fan control daemon: fancontrol... done.

INFO: beginning of manager_install

INFO: deleting unnecessary xml file..!!

INFO: deleted unnecessary xml file..!!

INFO: disaster recovery - use default service mgr

INFO: manager_post_install ...

INFO: manager_post_install: boot file does not exist

INFO: manager_post_install: fxmgr= chmgr= update=false

INFO: manager_post_install: Linking libraries ...

INFO: manager_post_install: Linking binaries ...

Completed system initial setup.

INFO: Trying to add iptables and ip6tables rules ...

INFO: Set up Application Diagnostic Interface ...

INFO: Configure management0 interface ...




2023-10-10T13:39:11 [WARN/lldpctl] unknown command from argument 4: `status`




INFO: Configure system files ...

INFO: System Name is: firepower-2140

Starting sensors logging daemon: sensord... done.

INFO: file /mnt/boot/.boot_npu does not exist

INFO: console : ttyS0, speed : 9600

INFO: manager_startup: setting up fxmgr apache ...

INFO: manager_startup: Start manager httpd setup...

INFO: manager_startup: /opt/cisco/config/certstore/default.key not found on platform, re-generating files

INFO: manager_startup: reset httpd app config to default

 httpdRegister INFO: [httpd.2698 -4 192.168.45.45 -n localhost]

 httpdRegister INFO: Starting httpd setup/registration...

 httpdRegister INFO: Completed httpd setup/registration!

 INFO: httpdRegister [httpd.2698 script exit]

INFO: manager_startup: Completed manager httpd setup!

nscd: 2773 monitoring file `/etc/hosts` (1)

nscd: 2773 monitoring directory `/etc` (2)

nscd: 2773 monitoring file `/etc/resolv.conf` (3)

nscd: 2773 monitoring directory `/etc` (2)

Starting crond: OK

FTD

Starting Octeon Serial Logd... 

Starting OcteoINFO: System Disks /dev/sda is present. Status: Operable. /dev/sdb is present. Status: Inoperable.







firepower-2140 login: 

Waiting for Application infrastructure to be ready...

Verifying the signature of the Application image...

Oct 10 13:39:31 firepower-2140 kernel: [   11.447411] Disabling IRQ #16

Oct 10 13:39:34 firepower-2140 rst_manager: Reset Manager not required on this platform: 1

Oct 10 13:39:43 firepower-2140 FPRM: <<%FPRM-2-DEFAULT_INFRA_VERSION_MISSING>> [F1309][critical][default-infra-version-missing][org-root/fw-infra-pack-default] Bundle version in firmware package is empty, need to re-install

Oct 10 13:40:47 firepower-2140 port-manager: Alert: Ethernet1/2 link changed to UP

Oct 10 13:40:47 firepower-2140 port-manager: Alert: Ethernet1/1 link changed to UP




firepower-2140 login: admin                                           ###### 'admin/Admin123' でログイン

Password: 

Successful login attempts for user 'admin' : 1

Hello admin. You must change your password.

Enter new password: *******                                           ###### 任意のパスワードを設定 (アスタリスクは出力されません)

Confirm new password: *******                                         ###### 任意のパスワードの再入力 (アスタリスクは出力されません)

Your password was updated successfully.




Cisco Firepower Extensible Operating System (FX-OS) Software

TAC support: http://www.cisco.com/tac

Copyright (c) 2009-2019, Cisco Systems, Inc. All rights reserved.




The copyrights to certain works contained in this software are

owned by other third parties and used and distributed under

license.




Certain components of this software are licensed under the "GNU General Public

License, version 3" provided with ABSOLUTELY NO WARRANTY under the terms of

"GNU General Public License, Version 3", available here:

http://www.gnu.org/licenses/gpl.html. See User Manual (''Licensing'') for

details.




Certain components of this software are licensed under the "GNU General Public

License, version 2" provided with ABSOLUTELY NO WARRANTY under the terms of

"GNU General Public License, version 2", available here:

http://www.gnu.org/licenses/old-licenses/gpl-2.0.html. See User Manual

(''Licensing'') for details.




Certain components of this software are licensed under the "GNU LESSER GENERAL

PUBLIC LICENSE, version 3" provided with ABSOLUTELY NO WARRANTY under the terms

of "GNU LESSER GENERAL PUBLIC LICENSE" Version 3", available here:

http://www.gnu.org/licenses/lgpl.html. See User Manual (''Licensing'') for

details.




Certain components of this software are licensed under the "GNU Lesser General

Public License, version 2.1" provided with ABSOLUTELY NO WARRANTY under the

terms of "GNU Lesser General Public License, version 2", available here:

http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html. See User Manual

(''Licensing'') for details.




Certain components of this software are licensed under the "GNU Library General

Public License, version 2" provided with ABSOLUTELY NO WARRANTY under the terms

of "GNU Library General Public License, version 2", available here:

http://www.gnu.org/licenses/old-licenses/lgpl-2.0.html. See User Manual

(''Licensing'') for details.




firepower-2140# 

firepower-2140# scope fabric-interconnect a               ###### 'scope fabric-interconnect a' を実行




                                      ###### 'set out-of-band static ip' コマンドで IP Addressを設定




firepower-2140 /fabric-interconnect # set out-of-band static ip 10.122.187.155 netmask 255.255.255.240 gw 10.122.187.145

Warning: When committed, this change may disconnect the current CLI session.

Use commit-buffer command to commit the changes.

firepower-2140 /fabric-interconnect* # commit-buffer      ###### 'commit-buffer' で設定変更を確定する

firepower-2140 /fabric-interconnect # exit                ###### 'exit' で抜ける

firepower-2140# 

firepower-2140# connect local-mgmt                        ###### 'connect local-mgmt' で 'local-mgmt' に移行

firepower-2140(local-mgmt)# 

firepower-2140(local-mgmt)# ping 10.207.204.10            ###### ping で TFTP Server への疎通確認

PING 10.207.204.10 (10.207.204.10) from 10.122.187.155 : 56(84) bytes of data.

64 bytes from 10.207.204.10: icmp_seq=1 ttl=61 time=0.181 ms

64 bytes from 10.207.204.10: icmp_seq=2 ttl=61 time=0.166 ms

64 bytes from 10.207.204.10: icmp_seq=3 ttl=61 time=0.179 ms

^C

--- 10.207.204.10 ping statistics ---

3 packets transmitted, 3 received, 0% packet loss, time 92ms

rtt min/avg/max/mdev = 0.166/0.175/0.181/0.012 ms




firepower-2140(local-mgmt)# 




firepower-2140(local-mgmt)# exit                          ###### 'exit' で抜ける

firepower-2140# 

firepower-2140# scope firmware                            ###### 'scope firmware' を実行

firepower-2140 /firmware # 




                           ###### 'download image' コマンドを実行しイメージをダウンロードする

firepower-2140 /firmware # download image tftp://10.207.204.10/cisco-asa-fp2k.9.16.4.42.SPA

Please use the command 'show download-task' or 'show download-task detail' to check download progress.

firepower-2140 /firmware # 

firepower-2140 /firmware # % Download-task cisco-asa-fp2k.9.16.4.42.SPA : transferring 104128 KB

firepower-2140 /firmware # % Download-task cisco-asa-fp2k.9.16.4.42.SPA : transferring 320768 KB

firepower-2140 /firmware # % Download-task cisco-asa-fp2k.9.16.4.42.SPA : transferring 463574 KB

firepower-2140 /firmware # % Download-task cisco-asa-fp2k.9.16.4.42.SPA : verifying image ...




                                                                          ###### ダウンロード完了の確認

firepower-2140 /firmware # % Download-task cisco-asa-fp2k.9.16.4.42.SPA : completed successfully.




firepower-2140 /firmware # 

firepower-2140 /firmware # show package                   ###### 'show package' を実行してダウンロードしたファイルの 'Package-Vers' を確認する

Name                                          Package-Vers

--------------------------------------------- ------------

cisco-asa-fp2k.9.16.4.42.SPA                  9.16.4.42

firepower-2140 /firmware # 

firepower-2140 /firmware # scope auto-install             ###### 'scope auto-install' を実行

firepower-2140 /firmware/auto-install # 




                                                          ###### 'install security-pack' を実行

                                                          ###### 'version' は上記の 'show package' で確認した 'Package-Vers' を指定

firepower-2140 /firmware/auto-install # install security-pack version 9.16.4.42




The system is currently installed with security software package not set, which has:

   - The platform version: not set

If you proceed with the upgrade 9.16.4.42, it will do the following:

   - upgrade to the new platform version 2.10.1.1611

   - install with CSP asa version 9.16.4.42

During the upgrade, the system will be reboot




Do you want to proceed ? (yes/no):yes                     ###### 'yes' を回答




This operation upgrades firmware and software on Security Platform Components

Here is the checklist of things that are recommended before starting Auto-Install

(1) Review current critical/major faults

(2) Initiate a configuration backup




Do you want to proceed? (yes/no):yes                     ###### 'yes' を回答




Triggered the install of software package version 9.16.4.42

Install started. This will take several minutes.

For monitoring the upgrade progress, please enter 'show' or 'show detail' command.

firepower-2140 /firmware/auto-install # Oct 10 13:44:43 firepower-2140 FPRM: <<%FPRM-2-DEFAULT_INFRA_VERSION_MISSING>> [F1309][cleared][default-infra-version-missing][org-root/fw-infra-pack-default] Bundle version in firmware package is empty, need to re-install




firepower-2140 /firmware/auto-install # 

firepower-2140 /firmware/auto-install # show




Firmware Auto-Install:

    Package-Vers Oper State                   Upgrade State

    ------------ ---------------------------- -------------

    9.16.4.42    Scheduled                    Ready

firepower-2140 /firmware/auto-install # 

firepower-2140 /firmware/auto-install # show detail




Firmware Auto-Install:

    Package-Vers: 9.16.4.42

    Oper State: Scheduled

    Installation Time: 2023-10-10T13:44:43.540

    Upgrade State: Validating Images

    Upgrade Status: validating the software package

    Validation Software Pack Status:

    Firmware Upgrade Status:

    Current Task: Validating the application pack(FSM-STAGE:sam:dme:FirmwareSystemDeploy:ValidateApplicationPack)

firepower-2140 /firmware/auto-install # 

firepower-2140 /firmware/auto-install # show




Firmware Auto-Install:

    Package-Vers Oper State                   Upgrade State

    ------------ ---------------------------- -------------

    9.16.4.42    Scheduled                    Validating Images

firepower-2140 /firmware/auto-install # 

firepower-2140 /firmware/auto-install # show detail




Firmware Auto-Install:

    Package-Vers: 9.16.4.42

    Oper State: Scheduled

    Installation Time: 2023-10-10T13:44:43.540

    Upgrade State: Upgrading Npu

    Upgrade Status: upgrading the npu image

    Validation Software Pack Status: ok

    Firmware Upgrade Status:

    Current Task: Activating NPU Image(FSM-STAGE:sam:dme:FirmwareSystemDeploy:ActivateNpuImage)

firepower-2140 /firmware/auto-install # 

firepower-2140 /firmware/auto-install # show




Firmware Auto-Install:

    Package-Vers Oper State                   Upgrade State

    ------------ ---------------------------- -------------

    9.16.4.42    Scheduled                    Upgrading Service Manager

firepower-2140 /firmware/auto-install # 

firepower-2140 /firmware/auto-install # show detail




Firmware Auto-Install:

    Package-Vers: 9.16.4.42

    Oper State: Scheduled

    Installation Time: 2023-10-10T13:44:43.540

    Upgrade State: Upgrading Service Manager

    Upgrade Status: upgrading chassis manager image

    Validation Software Pack Status: ok

    Firmware Upgrade Status: up-to-date

    Current Task: Activating Service Manager(FSM-STAGE:sam:dme:FirmwareSystemDeploy:ActivateManagerImage)

firepower-2140 /firmware/auto-install # 

firepower-2140 /firmware/auto-install # show




Firmware Auto-Install:

    Package-Vers Oper State                   Upgrade State

    ------------ ---------------------------- -------------

    9.16.4.42    Scheduled                    Installing Application

firepower-2140 /firmware/auto-install # 

firepower-2140 /firmware/auto-install # show detail




Firmware Auto-Install:

    Package-Vers: 9.16.4.42

    Oper State: Scheduled

    Installation Time: 2023-10-10T13:44:43.540

    Upgrade State: Installing Application

    Upgrade Status: installing application image

    Validation Software Pack Status: ok

    Firmware Upgrade Status: up-to-date

    Current Task: Waiting for Application Activation to complete(FSM-STAGE:sam:dme:FirmwareSystemDeploy:PollApplicationActivationStatus)

firepower-2140 /firmware/auto-install # 

Cisco ASA: CMD=-install, CSP-ID=cisco-asa.9.16.4.42__asa_001_JMX2617X0U4KKYKW71, FLAG=''

Verifying signature for cisco-asa.9.16.4.42 ...

Verifying signature for cisco-asa.9.16.4.42 ... success




Cisco ASA: CMD=-start, CSP-ID=cisco-asa.9.16.4.42__asa_001_JMX2617X0U4KKYKW71, FLAG=''

Cisco ASA starting ...




firepower-2140 login: admin (automatic login)                      ###### FXOSへのログインは自動で行われる




Last login: Tue Oct 10 13:40:54 UTC 2023 on ttyS0

Successful login attempts for user 'admin' : 2

Please wait for Cisco ASA to come online...1...

Registering to process manager ...

Cisco ASA started successfully.

Oct 10 13:48:54 firepower-2140 port-manager: Alert: Ethernet1/2 link changed to DOWN

Oct 10 13:48:54 firepower-2140 port-manager: Alert: Ethernet1/1 link changed to DOWN

Please wait for Cisco ASA to come online...2...

Please wait for Cisco ASA to come online...3...

Please wait for Cisco ASA to come online...4...

Please wait for Cisco ASA to come online...5...

lina_init_env: memif is not enabled.

System Cores 16 Nodes 1 Max Cores 48

Number of Cores 16

Global Reserve Memory Per Node: 1384120320 bytes Nodes=1




LCMB: HEAP-CACHE POOL got 1375731712 bytes on numa-id=0, virt=0x0000005555600000




total_reserved_mem = 1073741824 




total_heapcache_mem = 1375731712 

total mem 15545602335 system 15677886464 kernel 132284129 image 0

new 15545602335 old 1073741824 reserve 2449473536 priv new 13228412928 priv old 0

Processor memory:  14367166464

POST started...

POST finished, result is 0 (hint: 1 means it failed)




Cisco Adaptive Security Appliance Software Version 9.16(4)42




Compiled on Fri 22-Sep-23 04:35 GMT by builders

Platform is FPR-2140

Adding Cavium NIC interface 0 port 0




Total NICs found: 5




NIC pci:id 00, slot 0, port 1, bus -1, dev -1 func 0, irq 00, internal, ten_gb-ethernet, ind 1

NIC pci:id 01, slot 0, port -1, bus 0, dev 0 func 0, irq 00, internal, , ind 0

NIC pci:id 02, slot 1, port 1, bus -1, dev -1 func -1, irq 00, internal, gb-ethernet, ind 1

NIC pci:id 03, slot 1, port 1, bus -1, dev -1 func -1, irq 00, external, gb-ethernet, ind 1

NIC pci:id 04, slot 1, port 1, bus -1, dev -1 func -1, irq 00, internal, gb-ethernet, ind 1

en_vtun rev00 Backplane Ext-Mgmt Interface     @ index 03 MAC: 6026.aa0e.3681

en_vtun rev00 Backplane Tap Interface     @ index 04 MAC: 0000.0100.0001

WARNING: Attribute already exists in the dictionary.

10Oct2023 13:50:00 Read error: Open failed. Error message: No such file or directory.

License mode file was not found. Assuming this is the initial bootup. Setting the license mode to Smart Licensing.




INFO: Unable to read firewall mode from flash

       Writing default firewall mode (single) to flash




INFO: Unable to read cluster interface-mode from flash

        Writing default mode "None" to flash

Use software crypto.

The 3DES/AES algorithms require a Encryption-3DES-AES entitlement.

The 3DES/AES algorithms require a Encryption-3DES-AES entitlement.




Cisco Adaptive Security Appliance Software Version 9.16(4)42 




  ****************************** Warning *******************************

  This product contains cryptographic features and is

  subject to United States and local country laws

  governing, import, export, transfer, and use.

  Delivery of Cisco cryptographic products does not

  imply third-party authority to import, export,

  distribute, or use encryption. Importers, exporters,

  distributors and users are responsible for compliance

  with U.S. and local country laws. By using this

  product you agree to comply with applicable laws and

  regulations. If you are unable to comply with U.S.

  and local laws, return the enclosed items immediately.




  A summary of U.S. laws governing Cisco cryptographic

  products may be found at:

  http://www.cisco.com/wwl/export/crypto/tool/stqrg.html




  If you require further assistance please contact us by

  sending email to export@cisco.com.

  ******************************* Warning *******************************

Cisco Adaptive Security Appliance Software, version 9.16

Copyright (c) 1996-2023 by Cisco Systems, Inc.

For licenses and notices for open source software used in this product, please visit

http://www.cisco.com/go/asa-opensource




                Restricted Rights Legend

Use, duplication, or disclosure by the Government is

subject to restrictions as set forth in subparagraph

(c) of the Commercial Computer Software - Restricted

Rights clause at FAR sec. 52.227-19 and subparagraph

(c) (1) (ii) of the Rights in Technical Data and Computer

Software clause at DFARS sec. 252.227-7013.




                Cisco Systems, Inc.

                170 West Tasman Drive

                San Jose, California 95134-1706




config_fetcher: channel open failed

WARNING: MIGRATION - no startup configuration or configuration not found.




INFO: Power-On Self-Test in process.

..............

INFO: Power-On Self-Test complete.




INFO: Starting SW-DRBG health test...

INFO: SW-DRBG health test passed.

Creating trustpoint "_SmartCallHome_ServerCA" and installing certificate...




Trustpoint CA certificate accepted.

Creating trustpoint "_SmartCallHome_ServerCA2" and installing certificate...




Trustpoint CA certificate accepted.

INFO: Security level for "management" set to 0 by default.

INFO: Security level for "outside" set to 0 by default.

INFO: Security level for "inside" set to 100 by default.













User enable_1 logged in to ciscoasa

Logins over the last 1 days: 1.  

Failed logins since the last login: 0.  

 Attaching to ASA CLI ... Press 'Ctrl+a then d' to detach.

Type help or '?' for a list of available commands.




ciscoasa> 

ciscoasa> enable ###### 'enable' を実行

The enable password is not set.  Please set it now.

Enter  Password: ***** ###### パスワードを入力

Repeat Password: *****                   ###### パスワードを入力

Note: Save your configuration so that the password can be used for FXOS failsafe access and persists across reboots

("write memory" or "copy running-config startup-config").

ciscoasa# 

ciscoasa# 

ciscoasa# show fxos mode                                    ###### 現在の稼働モードを確認する

Mode is currently set to appliance

ciscoasa# 

ciscoasa# 

ciscoasa# config terminal ###### 'config terminal' を実行

ciscoasa(config)# 




***************************** NOTICE *****************************




Help to improve the ASA platform by enabling anonymous reporting,

which allows Cisco to securely receive minimal error and health

information from the device. To learn more about this feature,

please visit: http://www.cisco.com/go/smartcall




Would you like to enable anonymous error reporting to help improve

the product? [Y]es, [N]o, [A]sk later: 

ciscoasa(config)# 

ciscoasa(config)# 

ciscoasa(config)# no fxos mode appliance                    ###### 'no fxos mode appliance' コマンドで動作モードを 'Platform Mode' に変更する

Mode set to platform mode

WARNING: The running-config must be saved and the system must 

be rebooted for this command to take effect. Upon reboot, the current 

configuration will be erased, and the default configuration for 

platform mode will be applied.

ciscoasa(config)# reload ###### 'reload' を実行する

System config has been modified. Save? [Y]es/[N]o:  Y       ###### 'Y' を返答する

Cryptochecksum: 9b5cef5e 9c1a1668 056471bc 35881f22 




12637 bytes copied in 2.230 secs (6318 bytes/sec)

WARNING: Mode change detected. Upon reboot,

current configuration will be cleared and the default

configuration for platform mode will be applied.




Proceed with reload? [confirm]                              ###### Enterキーを押して再起動させる

ciscoasa(config)# 







***

*** --- START GRACEFUL SHUTDOWN ---

Shutting down Application Agent

Shutting down isakmp

Shutting down webvpn

Shutting down fover_reload

Shutting down sw-module

Shutting down License Controller

Shutting down File system










***

*** --- SHUTDOWN NOW ---

Process shutdown finished

Rebooting... (status 0x9)

..

lina_monitor process exited norm2023 Oct 10 13:52:17 PMLOG: PM IPC UTILITY: Shutting down all ports




Cisco ASA: CMD=-stop, CSP-ID=cisco-asa.9.16.4.42__asa_001_JMX2617X0U4KKYKW71, FLAG=''

Cisco ASA stopping ...

Cisco ASA stopped successfully.

Stopping Octeon Serial Logd... 

Stopping Octeon Serial Logd... success

Stopping OpenBSD Secure Shell server: sshd

stopped /usr/sbin/sshd (pid 46182)

done.

Stopping Octeon NPU ... 

Stopping Octeon NPU ... success

Stopping Advanced Configuration and Power Interface daemon: stopped /usr/sbin/acpid (pid 1621)

acpid.

Stopping web server: apache2failed

Stopping system message bus: dbus.

Stopping DHCP server: dhcpd3no /usr/sbin/dhcpd found; none killed

.

stopping DNS forwarder and DHCP server: dnsmasq... no /usr/bin/dnsmasq found; none killed

stopping mountd: done

stopping nfsd: .acpid: exiting

done

Stopping ntpd: stopped process in pidfile '/var/run/ntp.pid' (pid 39204)

done

Stopping internet superserver: xinetd.

stopping statd: done

Stopping random number generator daemon.

Stopping domain name service: named.

Stopping crond: OK

Stopping rpcbind daemon...

done.

Stopping fan control daemon: fancontrol... no process in pidfile '/var/run/fancontrol.pid' found; none killed

done.

Stopping sensors logging daemon: sensord... stopped /usr/sbin/sensord (pid 2645)

done.

 * Stopping virtualization library daemon: libvirtd

 *[fail]

Deconfiguring network interfaces... done.

Stopping FreeRADIUS daemon radiusd Failed

Tue Oct 10 13:52:28 UTC 2023

SSP-Security-Module is shutting down ...

Tue Oct 10 13:52:29 UTC 2023 SHUTDOWN WARNING: Beginning System Shutdown request for CSP Apps

Tue Oct 10 13:52:29 UTC 2023 SHUTDOWN WARNING: Upgrade process ready for reboot

Tue Oct 10 13:52:29 UTC 2023 SHUTDOWN WARNING: Continue System Shutdown request for CSP Apps

omit_pids_opt: -o 679,699,703

Tue Oct 10 13:52:29 UTC 2023

Sending ALL processes the TERM signal ...

Note: SIGKILL_ALL will be triggered after after 1 + 2 secs ...

Tue Oct 10 13:52:31 UTC 2023

Sending ALL processes the KILL signal ...

Tue Oct 10 13:52:32 UTC 2023

Deactivating swap...

Unmounting local filesystems...

Rebooting... [  877.961794] reboot: Restarting system










*******************************************************************************

Cisco System ROMMON, Version 1.0.12, RELEASE SOFTWARE

Copyright (c) 1994-2019  by Cisco Systems, Inc.

Compiled Mon 06/17/2019 16:23:23.36 by builder

*******************************************************************************




Current image running: Boot ROM0

Last reset cause: ResetRequest (0x00001000)

DIMM_1/1 : Present

DIMM_2/1 : Present




Platform FPR-2140 with 65536 MBytes of main memory




WARNING: This board is using a temporary MAC address.

WARNING: The temporary MAC address override value = 00:11:22:33:44:24

WARNING: Please clear this value to use the programmed MAC address.

WARNING: Use the following two CLI commands:

WARNING:   unset MACADDR

WARNING:   sync




BIOS has been successfully locked !!

MAC Address: 60:26:aa:0e:36:80




Use BREAK or ESC to interrupt boot.

Use SPACE to begin boot immediately.

Boot in 10 seconds.

Boot in 9 seconds.

Boot in 8 seconds.

Boot in 7 seconds.

Boot in 6 seconds.

Boot in 5 seconds.

Boot in 4 seconds.

Boot in 3 seconds.

Boot in 2 seconds.

Boot in 1 second.




Located '.boot_string' @ cluster 115924.







Attempt autoboot: "boot disk0:installables/switch/fxos-k8-fp2k-lfbff.2.10.1.1611.SPA"

Located 'installables/switch/fxos-k8-fp2k-lfbff.2.10.1.1611.SPA' @ cluster 5200.




#############################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################




+-------------------------------------------------------------------+

+------------------------- SUCCESS ---------------------------------+

+-------------------------------------------------------------------+

|                                                                   |

|             LFBFF signature authentication passed !!!             |

|                                                                   |

+-------------------------------------------------------------------+

LFBFF signature verified.

+-------------------------------------------------------------------+

+------------------------- SUCCESS ---------------------------------+

+-------------------------------------------------------------------+

|                                                                   |

|              LFBFF controller type check passed !!!               |

|                                                                   |

+-------------------------------------------------------------------+




Linux version: 4.18.45-yocto-standard (oe-user@oe-host) #1 SMP Thu Sep 21 19:54:34 UTC 2023

kernel_image = 0x8daf8478, kernel_size=0x6452a0

Image validated

[   11.436677] Disabling IRQ #16

INIT: version 2.88 booting

Starting udev

Hardware tweak APPLIED: Disable SATA Throttle.1

Hardware tweak APPLIED: Disable SATA Throttle.2

Configuring network interfaces... done.

Starting random number generator daemon.

Starting Power Off Shutdown Handler (poshd)

poshd: using FPGA version  and PSEQ version 

Starting TAm services ...

Device configuration status = TAM_SUCCESS

TAm Services started successfully

Primary SSD discovered

fsck from util-linux 2.32.1

[/sbin/fsck.ext3 (1) -- /dev/sda1] fsck.ext3 -a /dev/sda1 

/dev/sda1: clean, 131/61056 files, 9505/244224 blocks

fsck(/dev/sda1) returned 0

fsck from util-linux 2.32.1

[/sbin/fsck.ext3 (1) -- /dev/sda2] fsck.ext3 -a /dev/sda2 

/dev/sda2: clean, 81/61056 files, 10384/243968 blocks

fsck(/dev/sda2) returned 0

fsck from util-linux 2.32.1

[/sbin/fsck.ext3 (1) -- /dev/sda3] fsck.ext3 -a /dev/sda3 

/dev/sda3: clean, 13/1831424 files, 158996/7324416 blocks

fsck(/dev/sda3) returned 0

mount_disk_xfs. device: /dev/sda4, dir: /opt/cisco/csp, mount returned: 0.

fsck from util-linux 2.32.1

[/sbin/fsck.vfat (1) -- /dev/sdb1] fsck.vfat -a /dev/sdb1 

fsck.fat 4.1 (2017-01-24)

/dev/sdb1: 34 files, 115925/1919062 clusters

fsck(/dev/sdb1) returned 0

useradd: warning: the home directory already exists.

Not copying any file from skel directory into it.

useradd: warning: the home directory already exists.

Not copying any file from skel directory into it.

useradd: warning: the home directory already exists.

Not copying any file from skel directory into it.

useradd: warning: the home directory already exists.

Not copying any file from skel directory into it.

useradd: warning: the home directory already exists.

Not copying any file from skel directory into it.

useradd: warning: the home directory already exists.

Not copying any file from skel directory into it.

FIPS POST Test Script

NOTICE: The FIPS POST is not run because the FIPS feature is not enabled

Configuring packages on first boINIT: Entering runlevel: 3

Starting system message bus: dbus.

Starting OpenBSD Secure Shell server: sshd

done.

Starting rpcbind daemon...done.

starting statd: done

Starting Advanced Configuration and Power Interface daemon: acpid.

acpid: starting up with netlink and the input layer

acpid: 1 rule loaded

acpid: waiting for events: event logging is off

Starting DHCP server: .

starting 8 nfsd kernel threads: done

starting mountd: done

Starting ntpd: done

Starting internet superserver: xinetd.

Starting Octeon NPU ... 

Starting Octeon NPU ... success

Starting fan control daemon: fancontrol... done.

INFO: beginning of manager_install

INFO: manager_install: fxmgr=/mnt/boot/installables/switch/fxos-k9-fp2k-manager.2.10.1.1611.SPA chmgr=/mnt/boot/installables/switch/fxos-k9-mgmtext.2.10.1.60.SPA update=false

INFO: manager_install: fxmgr is dummy, skip_fxmgr_install=true

INFO: in validating image ...

INFO: manager_validate_image: fxmgr_absfilename /mnt/boot/installables/switch/fxos-k9-fp2k-manager.2.10.1.1611.SPA

INFO: Validating image /mnt/boot/installables/switch/fxos-k9-fp2k-manager.2.10.1.1611.SPA signature ...

: File /mnt/boot/installables/switch/fxos-k9-fp2k-manager.2.10.1.1611.SPA size 1296

Done!

Computed Hash   SHA2: b017cba05abf5495f8e598501d60f518

                      0ef46d1ef0436453c242f2d2421a6de3

                      ef9e56df4cacc6547d5a5d30138a2ef6

                      1427ed399485eaedd95240ae37810ddf

                      

Embedded Hash   SHA2: b017cba05abf5495f8e598501d60f518

                      0ef46d1ef0436453c242f2d2421a6de3

                      ef9e56df4cacc6547d5a5d30138a2ef6

                      1427ed399485eaedd95240ae37810ddf

                      

The digital signature of the file: fxos-k9-fp2k-manager.2.10.1.1611.SPA verified successfully

INFO: manager_validate_image: chmgr_absfilename /mnt/boot/installables/switch/fxos-k9-mgmtext.2.10.1.60.SPA

INFO: Validating image /mnt/boot/installables/switch/fxos-k9-mgmtext.2.10.1.60.SPA signature ...

: File /mnt/boot/installables/switch/fxos-k9-mgmtext.2.10.1.60.SPA size 37135504

Done!

Computed Hash   SHA2: 152e65b198a7b98491ebc4d3212d9b5f

                      47a3a10dfe42296d9f095cbb45994c15

                      7a97413e849739cc25a47e5bffbf7ea4

                      b6e81eaf2c0890f2dea162cc62ef8e4b

                      

Embedded Hash   SHA2: 152e65b198a7b98491ebc4d3212d9b5f

                      47a3a10dfe42296d9f095cbb45994c15

                      7a97413e849739cc25a47e5bffbf7ea4

                      b6e81eaf2c0890f2dea162cc62ef8e4b

                      

The digital signature of the file: fxos-k9-mgmtext.2.10.1.60.SPA verified successfully

INFO: manager_install: skip_fxmgr_install=true - delete unnecessary files and skip

INFO: deleting unnecessary xml file..!!

INFO: deleted unnecessary xml file..!!

INFO: manager_post_install ...

INFO: manager_post_install: fxmgr=/mnt/boot/installables/switch/fxos-k9-fp2k-manager.2.10.1.1611.SPA chmgr=/mnt/boot/installables/switch/fxos-k9-mgmtext.2.10.1.60.SPA update=false

INFO: manager_post_install: fxmgr is dummy

INFO: manager_post_install: Linking libraries ...

INFO: manager_post_install: Linking binaries ...

INFO: Creating directory /tmp/chmgr

INFO: creating /isan/apache/chassis-mgr/

INFO: Change permission /isan/apache/chassis-mgr/.deploy_onbox.sh

INFO: Change permission /isan/apache/chassis-mgr/.httpd.conf

INFO: Change permission /isan/apache/chassis-mgr/kpmgmt/onbox-version.txt

INFO: manager_post_install: succesful install chassis mgr

INFO: Trying to add iptables and ip6tables rules ...

INFO: Set up Application Diagnostic Interface ...

INFO: Configure management0 interface ...




2023-10-10T13:54:58 [WARN/lldpctl] unknown command from argument 4: `status`




INFO: Configure system files ...

INFO: System Name is: firepower-2140

Starting sensors logging daemon: sensord... done.

INFO: /mnt/boot/installables/switch/fxos-k8-fp2k-npu.2.10.1.1611.SPA

INFO: Need to validate the image

: File /mnt/boot/installables/switch/fxos-k8-fp2k-npu.2.10.1.1611.SPA size 73782640

Done!

Computed Hash   SHA2: c04a9fdf274ab056a8f07e7abade825c

                      0d42272fdd5e5f1e170eec6c2b28ea65

                      427c6d820a86bfb7def348a2fd98529b

                      0b012de4a333a3266b2dac3739b96cb2

                      

Embedded Hash   SHA2: c04a9fdf274ab056a8f07e7abade825c

                      0d42272fdd5e5f1e170eec6c2b28ea65

                      427c6d820a86bfb7def348a2fd98529b

                      0b012de4a333a3266b2dac3739b96cb2

                      

The digital signature of the file: fxos-k8-fp2k-npu.2.10.1.1611.SPA verified successfully

INFO: Creating directory /tmp/npu

INFO: all files are there ...

Set to platform default

INFO: console : ttyS0, speed : 9600

INFO: manager_startup: setting up fxmgr apache ...

INFO: manager_startup: Start manager httpd setup...

INFO: manager_startup: using HTTPD_INFO persistent cache

/bin/rm: cannot remove '/tmp/openssl.conf': No such file or directory

 httpdRegister INFO: [httpd.2788 -s -4 192.168.45.45 -n localhost]

 httpdRegister INFO: SKIP httpd syntax check

 httpdRegister INFO: Starting httpd setup/registration...

 httpdRegister INFO: Completed httpd setup/registration!

 INFO: httpdRegister [httpd.2788 script exit]

INFO: manager_startup: Completed manager httpd setup!

INFO: manager_startup: configuring chassis manager

INFO: unconfig older conf files

 httpdAppconf INFO: [httpd.2850 -d /isan/apache/.httpd.conf]

 httpdAppconf [fpr21xx] PARAMS: [GLOBAL_DEL:/isan/apache/.httpd.conf]

 httpdAppconf INFO: /isan/apache/.httpd.conf changes already removed

 httpdAppconf INFO: httpd.conf GLOBAL_DEL update for /isan/apache/.httpd.conf already applied

 INFO: httpdAppconf [httpd.2850 script exit]

 httpdAppconf INFO: [httpd.2882 -V -d /isan/apache/.httpd.conf]

 httpdAppconf [fpr21xx] PARAMS: [VHOST_DEL:/isan/apache/.httpd.conf]

 httpdAppconf INFO: SUCCESSFUL httpd.conf VHOST_DEL update for /isan/apache/.httpd.conf

 INFO: httpdAppconf [httpd.2882 script exit]

INFO: Configuring httpd

 httpdAppconf INFO: [httpd.2931 -V -a /isan/apache/.httpd.conf]

 httpdAppconf [fpr21xx] PARAMS: [VHOST_ADD:/isan/apache/.httpd.conf]

 httpdAppconf INFO: SUCCESSFUL httpd.conf VHOST_ADD update for /isan/apache/.httpd.conf

 INFO: httpdAppconf [httpd.2931 script exit]

INFO: manager_startup: successfully configured chassis mgr

nscd: 2980 monitoring file `/etc/hosts` (1)

nscd: 2980 monitoring directory `/etc` (2)

nscd: 2980 monitoring file `/etc/resolv.conf` (3)

nscd: 2980 monitoring directory `/etc` (2)

Starting crond: OK

FTD

1:/opt/cisco/csp/cores

/opt/cisco/csp/cores 31457280




Cisco ASA: CMD=-bootup, CSP-ID=cisco-asa.9.16.4.42__asa_001_JMX2617X0U4KKYKW71, FLAG=''

Cisco ASA booting up ...

INFO:-MspCheck: Configuration Xml found is /opt/cisco/csp/applications/configs/cspCfg_cisco-asa.9.16.4.42__asa_001_JMX2617X0U4KKYKW71.xml

INFO:-MspCheck: CSPID for App is cisco-asa.9.16.4.42INFO: System Disks /dev/sda is present. Status: Operable. /dev/sdb is present. Status: Inoperable.




firepower-2140 login: 

Waiting for Application infrastructure to be ready...

Verifying the signature of the Application image...




Cisco ASA: CMD=-bootup, CSP-ID=cisco-asa.9.16.4.42__asa_001_JMX2617X0U4KKYKW71, FLAG='fromHconfFile'

Cisco ASA booting up ...

Cisco ASA started successfully.

Oct 10 13:55:35 firepower-2140 kernel: [   11.436677] Disabling IRQ #16

Oct 10 13:55:38 firepower-2140 rst_manager: Reset Manager not required on this platform: 1

Oct 10 13:55:47 firepower-2140 FPRM: <<%FPRM-2-DEFAULT_INFRA_VERSION_MISSING>> [F1309][critical][default-infra-version-missing][org-root/fw-infra-pack-default] Bundle version in firmware package is empty, need to re-install

Oct 10 13:56:51 firepower-2140 port-manager: Alert: Ethernet1/2 link changed to UP

Oct 10 13:56:51 firepower-2140 port-manager: Alert: Ethernet1/1 link changed to UP

Oct 10 13:57:16 firepower-2140 FPRM: <<%FPRM-2-DEFAULT_INFRA_VERSION_MISSING>> [F1309][cleared][default-infra-version-missing][org-root/fw-infra-pack-default] Bundle version in firmware package is empty, need to re-install

lina_init_env: memif is not enabled.

System Cores 16 Nodes 1 Max Cores 48

Number of Cores 16

Global Reserve Memory Per Node: 1384120320 bytes Nodes=1




LCMB: HEAP-CACHE POOL got 1375731712 bytes on numa-id=0, virt=0x0000005555600000




total_reserved_mem = 1073741824 




total_heapcache_mem = 1375731712 

total mem 15545602335 system 15677886464 kernel 132284129 image 0

new 15545602335 old 1073741824 reserve 2449473536 priv new 13228412928 priv old 0

Processor memory:  14367166464

POST started...

POST finished, result is 0 (hint: 1 means it failed)




Cisco Adaptive Security Appliance Software Version 9.16(4)42




Compiled on Fri 22-Sep-23 04:35 GMT by builders

Platform is FPR-2140

Adding Cavium NIC interface 0 port 0




Total NICs found: 4




NIC pci:id 00, slot 0, port 1, bus -1, dev -1 func 0, irq 00, internal, ten_gb-ethernet, ind 1

NIC pci:id 01, slot 0, port -1, bus 0, dev 0 func 0, irq 00, internal, , ind 0

NIC pci:id 02, slot 1, port 1, bus -1, dev -1 func -1, irq 00, external, gb-ethernet, ind 1

NIC pci:id 03, slot 1, port 1, bus -1, dev -1 func -1, irq 00, internal, gb-ethernet, ind 1

Oct 10 13:58:37 firepower-2140 port-manager: Alert: Internal1/3 link changed to UP

en_vtun rev00 Backplane Ext-Mgmt Interface     @ index 02 MAC: 6026.aa0e.3681

en_vtun rev00 Backplane Tap Interface     @ index 03 MAC: 0000.0100.0001

WARNING: Attribute already exists in the dictionary.




INFO: Unable to read firewall mode from flash

       Writing default firewall mode (single) to flash




INFO: Unable to read cluster interface-mode from flash

        Writing default mode "None" to flash

Use software crypto.

The 3DES/AES algorithms require a Encryption-3DES-AES entitlement.

The 3DES/AES algorithms require a Encryption-3DES-AES entitlement.




Cisco Adaptive Security Appliance Software Version 9.16(4)42 




  ****************************** Warning *******************************

  This product contains cryptographic features and is

  subject to United States and local country laws

  governing, import, export, transfer, and use.

  Delivery of Cisco cryptographic products does not

  imply third-party authority to import, export,

  distribute, or use encryption. Importers, exporters,

  distributors and users are responsible for compliance

  with U.S. and local country laws. By using this

  product you agree to comply with applicable laws and

  regulations. If you are unable to comply with U.S.

  and local laws, return the enclosed items immediately.




  A summary of U.S. laws governing Cisco cryptographic

  products may be found at:

  http://www.cisco.com/wwl/export/crypto/tool/stqrg.html




  If you require further assistance please contact us by

  sending email to export@cisco.com.

  ******************************* Warning *******************************

Cisco Adaptive Security Appliance Software, version 9.16

Copyright (c) 1996-2023 by Cisco Systems, Inc.

For licenses and notices for open source software used in this product, please visit

http://www.cisco.com/go/asa-opensource




                Restricted Rights Legend

Use, duplication, or disclosure by the Government is

subject to restrictions as set forth in subparagraph

(c) of the Commercial Computer Software - Restricted

Rights clause at FAR sec. 52.227-19 and subparagraph

(c) (1) (ii) of the Rights in Technical Data and Computer

Software clause at DFARS sec. 252.227-7013.




                Cisco Systems, Inc.

                170 West Tasman Drive

                San Jose, California 95134-1706




config_fetcher: channel open failed

WARNING: MIGRATION - no startup configuration or configuration not found.




INFO: Power-On Self-Test in process.

..............

INFO: Power-On Self-Test complete.




INFO: Starting SW-DRBG health test...

INFO: SW-DRBG health test passed.

Creating trustpoint "_SmartCallHome_ServerCA" and installing certificate...




Trustpoint CA certificate accepted.

Creating trustpoint "_SmartCallHome_ServerCA2" and installing certificate...




Trustpoint CA certificate accepted.

INFO: Security level for "management" set to 0 by default.

INFO: Security level for "outside" set to 0 by default.

INFO: Security level for "inside" set to 100 by default.

WARNING: This command wil 

firepower-2140 login: admin                                           ###### admin/Admin123 でログイン (このパスワードはDefault)

Password: 

Last login: Tue Oct 10 13:48:29 UTC 2023 on ttyS0

Successful login attempts for user 'admin' : 1

Hello admin. You must change your password.

Enter new password: *********                  ###### 任意のパスワードを設定 (アスタリスクは出力されません)

Confirm new password: *********                                      ###### 任意のパスワードの再入力 (アスタリスクは出力されません)

Your password was updated successfully.




Cisco Firepower Extensible Operating System (FX-OS) Software

TAC support: http://www.cisco.com/tac

Copyright (c) 2009-2019, Cisco Systems, Inc. All rights reserved.




The copyrights to certain works contained in this software are

owned by other third parties and used and distributed under

license.




Certain components of this software are licensed under the "GNU General Public

License, version 3" provided with ABSOLUTELY NO WARRANTY under the terms of

"GNU General Public License, Version 3", available here:

http://www.gnu.org/licenses/gpl.html. See User Manual (''Licensing'') for

details.




Certain components of this software are licensed under the "GNU General Public

License, version 2" provided with ABSOLUTELY NO WARRANTY under the terms of

"GNU General Public License, version 2", available here:

http://www.gnu.org/licenses/old-licenses/gpl-2.0.html. See User Manual

(''Licensing'') for details.




Certain components of this software are licensed under the "GNU LESSER GENERAL

PUBLIC LICENSE, version 3" provided with ABSOLUTELY NO WARRANTY under the terms

of "GNU LESSER GENERAL PUBLIC LICENSE" Version 3", available here:

http://www.gnu.org/licenses/lgpl.html. See User Manual (''Licensing'') for

details.




Certain components of this software are licensed under the "GNU Lesser General

Public License, version 2.1" provided with ABSOLUTELY NO WARRANTY under the

terms of "GNU Lesser General Public License, version 2", available here:

http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html. See User Manual

(''Licensing'') for details.




Certain components of this software are licensed under the "GNU Library General

Public License, version 2" provided with ABSOLUTELY NO WARRANTY under the terms

of "GNU Library General Public License, version 2", available here:

http://www.gnu.org/licenses/old-licenses/lgpl-2.0.html. See User Manual

(''Licensing'') for details.




firepower-2140# connect asa

Attaching to ASA CLI ... Press 'Ctrl+a then d' to detach.

Type help or '?' for a list of available commands.




ciscoasa> enable                                                      ###### ASA CLI 上で 'enable' に移行する

The enable password is not set.  Please set it now.

Enter  Password: *****                                                ###### 'enable password' の設定を行う

Repeat Password: *****                                                ###### 'enable password' の再入力を行う

Note: Save your configuration so that the password persists across reboots

("write memory" or "copy running-config startup-config").

ciscoasa# 

ciscoasa# write memory                                                ###### 'write memory' を実行する

Building configuration...

Cryptochecksum: 979151af 353758ba 20a3082e 672f861a 




12528 bytes copied in 0.560 secs

[OK]

ciscoasa# 

ciscoasa# show fxos mode                                              ###### 'show fxos mode' で現在の動作モードを確認する

Mode is currently set to platform

ciscoasa#

参考資料

Getting Started

検索バーにキーワード、フレーズ、または質問を入力し、お探しのものを見つけましょう

シスコ コミュニティをいち早く使いこなしていただけるよう役立つリンクをまとめました。みなさんのジャーニーがより良いものとなるようお手伝いします