The following procedures can be taken into account if the device becomes faulty which is managed by FMC. In that case a be hardware can be added with the following procedure. There will be no downtime during the procedure and the HA break is also not required.
KTM-FPR1# scope ssa
KTM-FPR1 /ssa # show app-instance
App Name Identifier Slot ID Admin State Oper State Running Version Startup Version Deploy Type Turbo Mode Profile Name Cluster State Cluster Role
———- ———- ———- ———– —————- ————— ————— ———– ———- ———— ————— ————
ftd KTM-FW1 1 Enabled Online 6.6.1.91 6.6.1.91 Native No Not Applicable None
KTM-FPR1 /ssa # connect module 1 console
Telnet escape character is ‘~’.
Trying 127.5.1.1…
Connected to 127.5.1.1.
Escape character is ‘~’.
CISCO Serial Over LAN:
Close Network Connection to Exit
Firepower-module1>connect ftd
Connecting to ftd(KTM-FW1) console… enter exit to return to bootCLI
> show network
===============[ System Information ]===============
Hostname : firepower
Domains : ndap.com
DNS Servers : 192.168.70.31
Management port : 8305
IPv4 Default route
Gateway : 10.70.254.14
Netmask : 0.0.0.0
==================[ management0 ]===================
State : Enabled
Link : Up
Channels : Management & Events
Mode : Non-Autonegotiation
MDI/MDIX : Auto/MDIX
MTU : 1500
MAC Address : CC:7F:76:5B:6E:4F
———————-[ IPv4 ]———————-
Configuration : Manual
Address : 10.70.254.8
Netmask : 255.255.255.240
Gateway : 10.70.254.14
———————-[ IPv6 ]———————-
Configuration : Disabled
==================[ management1 ]===================
State : Disabled
Link : Down
Channels : Management & Events
Mode : Non-Autonegotiation
MDI/MDIX : Auto/MDIX
MTU : 9000
MAC Address : CC:7F:76:5B:6E:2F
———————-[ IPv4 ]———————-
Configuration : Disabled
———————-[ IPv6 ]———————-
Configuration : Disabled
===============[ Proxy Information ]================
State : Disabled
Authentication : Disabled
root@firepower:sf# cd backup/
root@firepower:backup# ls -lrth
total 130M
-rwx—— 1 root root 130M May 21 12:20 10.70.128.200_KTM_BACKUP_KTM-FW1_Primary_20210517131505.tar
root@firepower:backup# date
Fri May 21 12:26:09 NPT 2021
root@firepower:backup# ifconfig
management0 Link encap:Ethernet HWaddr cc:7f:76:5b:6e:4f
inet addr:10.70.254.8 Bcast:0.0.0.0 Mask:255.255.255.240
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:144171 errors:0 dropped:1830 overruns:0 frame:0
TX packets:79939 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:157116409 (149.8 MiB) TX bytes:14124144 (13.4 MiB)
root@firepower:backup# ls -lrth
total 130M
-rwx—— 1 root root 130M May 21 12:20 10.70.128.200_KTM_BACKUP_KTM-FW1_Primary_20210517131505.tar
root@firepower:backup# rm 10.70.128.200_KTM_BACKUP_KTM-FW1_Primary_20210517131505.tar
root@firepower:backup# ls
root@firepower:backup# pwd
/ngfw/var/sf/backup
> expert
admin@firepower:/opt/cisco/csp/applications$ cd /ngfw/var/
admin@firepower:/ngfw/var$ cd sf/backup/
admin@firepower:/ngfw/var/sf/backup$ pwd
/ngfw/var/sf/backup
> expert
admin@firepower:/opt/cisco/csp/applications$ cd /ngfw/var/sf/
admin@firepower:/ngfw/var/sf$ cd backup/
admin@firepower:/ngfw/var/sf/backup$ ls -lrth
total 0
admin@firepower:/ngfw/var/sf/backup$ cd /var/sf/
admin@firepower:/var/sf$ ls -lrth
total 112K
drwxr-xr-x 9 root root 4.0K Aug 22 2020 etc
drwxrwxr-x 2 www www 6 Sep 16 2020 userauth
drwxr-xr-x 2 www www 6 Sep 16 2020 user_enforcement
drwxrwxr-x 2 root www 6 Sep 16 2020 updates
drwxrwxr-x 2 www www 6 Sep 16 2020 top10cacher
drwxr-xr-x 2 root root 6 Sep 16 2020 tds
drwxr-xr-x 2 www www 6 Sep 16 2020 rules_update
drwxr-xr-x 2 www www 6 Sep 16 2020 remote-backup
drwxr-xr-x 2 www www 6 Sep 16 2020 reactd
drwxr-xr-x 2 www www 6 Sep 16 2020 hw_state
drwxrwxr-x 2 root detection 6 Sep 16 2020 fileCapture
drwxr-xr-x 2 root root 6 Sep 16 2020 db_restore
drwxr-xr-x 2 www www 6 Sep 16 2020 archive
drwxrwxr-x 2 root bin 6 Sep 16 2020 useridentity
drwxr-xr-x 2 www www 6 Sep 16 2020 action_queue
drwxr-xr-x 2 root bin 4.0K Sep 16 2020 healthmon_modules
drwxr-xr-x 3 root root 34 Sep 16 2020 dstat
drwxr-xr-x 2 root root 45 Sep 16 2020 collectl
drwxrwxr-x 3 www www 21 Sep 16 2020 reports
drwxr-xr-x 2 root bin 96 Sep 16 2020 remediation_modules
drwxr-xr-x 3 root root 27 Sep 16 2020 mabain
drwxr-xr-x 5 root bin 41 Sep 16 2020 nmap
drwxr-xr-x 2 root root 60 Sep 16 2020 python_modules
drwxr-xr-x 7 root root 71 Sep 16 2020 idhttpsd
drwxr-x— 3 root www 24 Sep 16 2020 sfhassd
drwxr-xr-x 2 www www 63 Sep 16 2020 SRU
drwxr-xr-x 2 root root 46 Sep 16 2020 dynamic-preproc
drwxr-xr-x 2 root root 129 Sep 16 2020 snort-2.9.16-1025
drwxr-xr-x 2 www www 79 Sep 16 2020 rules
drwxr-xr-x 2 root root 46 Sep 16 2020 dynamic-plugins
drwxr-xr-x 2 root root 158 Sep 16 2020 snort-3.0.0-264.75
drwxr-xr-x 2 root root 6 Sep 16 2020 snort
drwxr-xr-x 2 root root 12K Sep 16 2020 bin
drwxr-xr-x 7 root bin 4.0K Sep 16 2020 lib64
drwxr-xr-x 10 root root 182 Sep 16 2020 lib
-rw-r–r– 1 www www 25 May 20 21:24 userappid.conf
-rw-r–r– 1 root root 12K May 20 21:24 DetectorCommon.lua
drwxr-xr-x 2 root root 217 May 20 21:24 fingerprints
drwxr-xr-x 2 root root 24K May 20 21:24 rna-detectors-clear
drwxr-xr-x 4 root root 31 May 20 21:25 appid
drwxr-xr-x 2 www www 162 May 20 21:26 ngfw_vdb
drwxr-xr-x 2 www www 44 May 20 21:26 ngfw_GeoDB
drwxr-xr-x 3 root root 50 May 20 21:26 detection_engines
drwxr-xr-x 2 www www 30 May 20 21:27 ngfw_UserIdentity
drwxr-xr-x 6 www www 100 May 20 21:27 remediations
drwxr-xr-x 39 www www 4.0K May 20 21:27 healthmon
drwxr-xr-x 2 www www 6 May 20 21:27 file_processing
drwxr-xr-x 5 www www 66 May 20 21:27 iprep_download
drwxr-xr-x 2 www www 6 May 20 21:27 clam-default-sig
drwxr-xr-x 3 www www 94 May 20 21:28 geodb
drwxr-x— 3 www www 17 May 20 21:29 ssl
drwxr-xr-x 3 root bin 4.0K May 20 21:34 vdb
drwxr-xr-x 2 root root 6 May 20 21:35 peers_unregistered
drwxr-xr-x 2 root root 6 May 20 21:35 peers_pending
drwxr-xr-x 2 root root 6 May 20 21:35 peers_failed
drwxr-xr-x 38 www www 4.0K May 20 21:35 htdocs
drwxr-xr-x 2 root root 8.0K May 20 21:36 time_series
drwxr-xr-x 5 www www 237 May 20 21:39 cloud_download
drwxr-xr-x 5 root root 60 May 20 21:59 sync
drwxr-xr-x 2 sfsnort sfsnort 22 May 20 21:59 localendpoint
drwxrwxr-x 3 root sfrna 58 May 20 21:59 rna
drwxrwxr-x 6 www detection 120 May 20 22:00 siurl_download
drwxr-xr-x 2 root root 285 May 20 22:00 fwcfg
drwxrwxr-x 5 www detection 86 May 20 22:00 sifile_download
drwxrwxr-x 5 www detection 85 May 20 22:00 sidns_download
drwxr-xr-x 2 root root 71 May 20 22:01 peers
drwxr-xr-x 5 www www 116 May 20 22:01 clamupd_download
drwxrwxr-x 2 root www 4.0K May 21 10:45 run
drwxr-xr-x 2 www www 6 May 21 12:27 backup
> restore remote-manager-backup location 10.70.1.82 root /root KTM_BACKUP_KTM-FW1_Primary_20210517131505.tar
Enter SCP password:
***********************************************
Backup Details
***********************************************
Model = Cisco Firepower 4115 Threat Defense
Software Version = 6.6.1
Serial = FLM241804H7
Hostname = KTM_BACKUP_KTM-FW1_Primary
IP Address = 10.70.254.8
Role = PRIMARY
VDB Version = 336
SRU Version = 2020-08-18-001-vrt
FXOS Version = 2.8(1.143)
Manager IP(s) = 10.70.254.1
Backup Date = 2021-05-17 13:15:05
Backup Filename = KTM_BACKUP_KTM-FW1_Primary_20210517131505.tar
***********************************************
********************* Caution ****************************
Verify that you are restoring a valid backup file. Make sure that software, SRU and VDB Versions on this device match versions from the backup manifest before proceeding.
Restore operation will overwrite all configurations on this device with the configurations in backup. Kindly ensure the old device is disconnected from the network to avoid IP conflict.
**********************************************************
Are you sure you want to continue (Y/N)y
Restoring device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Use of uninitialized value in string eq at /usr/local/sf/lib/perl/5.10.1/SF/Util.pm line 904.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Refreshing Events InfoDB…
Added table rna_attribute with table_id 1
.Added table rna_client_app with table_id 2
Added table url_cat_stats with table_id 3
Added table transmission_type_stats with table_id 4
Added table app_session_stats with table_id 5
Added table storage_disp_stats with table_id 6
Added table current_users with table_id 7
Added table geoloc_session_stats with table_id 8
Added table rua_event with table_id 9
Added table url_rep_stats with table_id 10
Added table app_ids_stats with table_id 11
Added table whitelist_violations with table_id 12
Added table ip_rep_cat_session_stats with table_id 13
Added table ssl_stats with table_id 14
Added table remediation_status with table_id 15
Added table dns_queries_by_record_type with table_id 16
Added table captured_file with table_id 17
Added table intf_session_stats with table_id 18
Added table session_stats with table_id 19
Added table rna_ip_host with table_id 20
Added table rna_scan_results_tableview with table_id 21
Added table rna_event with table_id 22
Added table health_alarm_syslog with table_id 23
Added table rna_service with table_id 24
Added table user_ids_stats with table_id 25
Added table ids_impact_stats with table_id 26
Added table ioc_state with table_id 27
Added table qos_rule_session_stats with table_id 28
Added table flow_chunk with table_id 29
Added table rna_flow_stats_prioritized with table_id 30
Added table dce_event with table_id 31
Added table application with table_id 32
Added table wl_dce_event with table_id 33
Added table rna_flow_stats with table_id 34
Added table storage_type_stats with table_id 35
Added table user_ioc_state with table_id 36
Added table audit_log with table_id 37
Added table user_session_stats with table_id 38
Added table user_identities with table_id 39
INIT:
Threat Defense System: CMD=-stop, CSP-ID=cisco-ftd.6.6.1.91__ftd_001_JMX2411L02FU1PQ7C5, FLAG=”
Cisco FTD stopping …
Stopping Cisco Firepower 4115 Threat Defense……ok
Shutting down sfifd…
Shutting down sfifd… [FAILED]
Stopping nscd…
Stopping nscd… [ OK ]
Turning off swapfile /ngfw/Volume/.swaptwo
Stopping system log daemon…
Stopping system log daemon… [ OK ]
Stopping Threat Defense …
Stopping Threat Defense … [ OK ]
Cisco FTD stopped successfully.
Stopping all devices.
Stopping OpenBSD Secure Shell server: sshd
stopped /usr/sbin/sshd (pid 11841)
done.
Stopping Advanced Configuration and Power Interface daemon: stopped /usr/sbin/acpid (pid 1655)
acpid.
Stopping system message bus: dbus.
Stopping ntpd: stopped process in pidfile ‘/var/run/ntp.pid’ (pid 22316)
done
Stopping random number generator daemon.
Stopping internet superserver: xinetd.
Stopping syslog-ng:stopped process in pidfile ‘/var/run/fxos-syslog-ng.pid’ (pid 1389)
.
no /etc/sysconfig/kdump.conf
Deconfiguring network interfaces… done.
SSP-Security-Module is shutting down …
Fri May 21 13:00:49 NPT 2021 SHUTDOWN WARNING: Beginning System Shutdown request for CSP Apps
acpid: exiting
Fri May 21 13:00:49 NPT 2021 SHUTDOWN WARNING: Continue System Shutdown request for CSP Apps
Sending ALL processes the TERM signal …
Note: SIGKILL_ALL will be triggered after after 1 + 2 secs …
Sending ALL processes the KILL signal …
Deactivating swap…
Unmounting local filesystems…
Rebooting… [54321.226836] reboot: Restarting system
Cisco FXOSSM1 Blade Rommon 1.3.1.41, Sep 12 2019 23:24:28
Platform: SSPXRU
INFO: enic_identify: Enabling Adapter driver…
INFO: enic_identify: Adapter driver enabled.
INFO: init_spi_interface: HSFS_BERASE_256.
INFO: enic_init: bar[0].vaddr 0xa0770000.
INFO: enic_init: bar[2].vaddr 0xa078e000.
INFO: enic_init: eNic port MTU is 1500.
INFO: enic_init: eNic bsize 1500 ring size 512.
INFO: enic_init: Waiting for Adapter link…
INFO: enic_init: Adapter link detected.
INFO: nb_eth_app_init: MAC address for interface 0: 00 15 a5 01 01 00
INFO: nb_eth_app_init: IP address 127.128.1.254
Start communicating with MIO in blade slot 1…
INFO: Allocated 1000 bytes of memory for cmd at 0x24d61358.
INFO: Allocated 1000 bytes of memory for status at 0x2494c018.
INFO: Allocated 196608 bytes of memory for key file at 0x2491b018.
INFO: Status code 1: ‘rommon initialize is completed’.
INFO: tftp_open: ‘/rommon/status_1.txt’@127.128.254.1 via 127.128.254.1
!
INFO: nb_tftp_upload: 32 bytes sent.
INFO: get_image_file_size: Could not open file ‘fs0:kernel_cmdline_for_rommon.txt’.
INFO: fs0:kernel_cmdline_for_rommon.txt does not exist, use retrieved data instead.
INFO: tftp_open: ‘/rommon/command_1.txt’@127.128.254.1 via 127.128.254.1
Received 166 bytes
WARNING: retrieve_mio_cmd_info: Invalid checksum 0x0.
INFO: tftp_open: ‘rommon/key_1.bin’@127.128.254.1 via 127.128.254.1
Received 131636 bytes
INFO: Status code 8: ‘rommon succeeds to retrieve key file’.
INFO: tftp_open: ‘/rommon/status_1.txt’@127.128.254.1 via 127.128.254.1
!
INFO: nb_tftp_upload: 32 bytes sent.
INFO: Primary keys in flash are up-to-date.
INFO: Backup keys in flash are up-to-date.
INFO: Software keys in flash are up-to-date.
continue check local image
the image file path: installables/chassis/fxos-lfbff-k8.2.8.1.143.SPA
the image file name only: fxos-lfbff-k8.2.8.1.143.SPA
local_image_file: fs0:fxos-lfbff-k8.2.8.1.143.SPA
INFO: File ‘fs0:fxos-lfbff-k8.2.8.1.143.SPA’ has 163119504 bytes.
local_image_file_size 163119504
Found image fs0:fxos-lfbff-k8.2.8.1.143.SPA in local storage, boot local image.
set pboot_image fxos-lfbff-k8.2.8.1.143.SPA
INFO: File ‘fs0:fxos-lfbff-k8.2.8.1.143.SPA’ has 163119504 bytes.
INFO: ‘fs0:fxos-lfbff-k8.2.8.1.143.SPA’ has 163119504 bytes
INFO: Booting LFBFF image…
INFO: Status code 7: ‘rommon about to verify image signature from local disk’.
INFO: tftp_open: ‘/rommon/status_1.txt’@127.128.254.1 via 127.128.254.1
!
INFO: nb_tftp_upload: 32 bytes sent.
kernel image end addr: 1e4f000
INFO: cmdline_dest rw console=ttyS0,38400 loglevel=2 auto kstack=128 reboot=force panic=1 ide_generic.probe_mask=0x1 ide1=noprobe pci=nocrs pci=realloc processor.max_cstate=1 iommu=pt nousb platform=sspxru boot_img=disk0:/fxos-lfbff-k8.2.8.1.143.SPA ciscodmasz=1048576 cisconrsvsz=2359296 hugepagesz=1g hugepages=26 pti=off rom_ver=1.3.1.41 ssp_mode=0 initrd d214018 initrdLen=90c9950
INIT: version 2.88 booting
Starting udev
Configuring network interfaces… done.
Populating dev cache
realpath: ‘/dev/disk/by-path/*’: No such file or directory
Block device not found. Continue with /dev/sda.
fsck.fat 3.0.28 (2015-05-16)
Starting check/repair pass.
Starting verification pass.
/dev/sda1: 4 files, 39829/392701 clusters
fsck.fat(/dev/sda1) returned 0
e2fsck 1.42.9 (28-Dec-2013)
Using EXT2FS Library version 1.42.9, 28-Dec-2013
fsck.ext3(/dev/sda2) returned 0
e2fsck 1.42.9 (28-Dec-2013)
Using EXT2FS Library version 1.42.9, 28-Dec-2013
fsck.ext3(/dev/sda3) returned 0
e2fsck 1.42.9 (28-Dec-2013)
Using EXT2FS Library version 1.42.9, 28-Dec-2013
fsck.ext3(/dev/sda5) returned 0
mount_disk_xfs. device: /dev/sda6, dir: /opt/cisco/csp, mount returned: 0.
Starting syslog-ng:.
kaslr rw console=ttyS0,38400 loglevel=2 auto kstack=128 reboot=force panic=1 ide_generic.probe_mask=0x1 ide1=noprobe pci=nocrs pci=realloc processor.max_cstate=1 iommu=pt nousb platform=sspxru boot_img=disk0:/fxos-lfbff-k8.2.8.1.143.SPA ciscodmasz=1048576 cisconrsvsz=2359296 hugepagesz=1g hugepages=26 pti=off rom_ver=1.3.1.41 ssp_mode=0
Create libvirt group
Start libvirtd Service
* Starting virtualization library daemon: libvirtd
no /usr/bin/dnsmasq found; none killed
2021-05-21 07:18:52.451+0000: 1438: info : libvirt version: 1.2.19
2021-05-21 07:18:52.451+0000: 1438: warning : virGetHostname:667 : getaddrinfo failed for ‘ciscoasa’: Temporary failure in name resolution
2021-05-21 07:18:52.451+0000: 1438: warning : virGetHostname:667 : getadd[ ok ]failed for ‘ciscoasa’: Temporary failure in name resolution
Disable the default virtual networks
Network default destroyed
Done with libvirt initialization
Running postinst /etc/rpm-postinsts/100-dnsmasq…
INIT: Entering runlevel: 3postinsts/101-dnsma
Starting system message bus: dbus.
Stopping all devices.
Starting all devices.
Checking status of all devices.
There is 0 QAT acceleration device(s) in the system:
Starting OpenBSD Secure Shell server: sshd
done.
Starting Advanced Configuration and Power Interface daemon: acpid.
acpid: starting up with netlink and the input layer
acpid: 1 rule loaded
acpid: waiting for events: event logging is off
Starting random number generator daemonUnable to open file: /dev/tpm0
.
Starting internet superserver: xinetd.
No makedumpfile found.
+++++++++++++++ BOOT CLI FILES COPIED +++++++++++++++++++++++++++
Restarting OpenBSD Secure Shell server: sshd
stopped /usr/sbin/sshd (pid 1675)
done.
System Mode Check: NATIVE mode assigned
Rebind Data vNICs for FPR4K-SM-24S
Turbo Boost is UNSUPPORTED on this platform.
***********************************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
To go to Maintenance Mode, Please type YES and press [ENTER] within 5 seconds:
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
***********************************************************************************
SSP System continue for Regular Boot Sequence
Starting ntpd: done
Starting crond: OK
FTD
1:/opt/cisco/csp/cores
Start_CSP_RcInit in Progress………..
Threat Defense System: CMD=-bootup, CSP-ID=cisco-ftd.6.6.1.91__ftd_001_JMX2411L02FU1PQ7C5, FLAG=”
System is booting up …
Cisco FTD booted up successfully.
INFO:-MspCheck: Configuration Xml found is /opt/cisco/csp/applications/configs/cspCfg_cisco-ftd.6.6.1.91__ftd_001_JMX2411L02FU1PQ7C5.xml
INFO:-MspCheck: CSPID for App is cisco-ftd.6.6.1.91__ftd_001_JMX2411L02FU1PQ7C5
WARNING: chkSysAltHDD: Unable to locate the tag in /opt/cisco/csp/applications/configs/cspCfg_cisco-ftd.6.6.1.91__ftd_001_JMX2411L02FU1PQ7C5.xml
DEBUG-SSP-RM: checkSystemAlternateHdd not passed!
WARNING:-MspCheck: checkSystemAlternateHdd = anomaly
Continue to proceed Normal Mode start-up.
Cisco Firepower Extensible Operating System (FX-OS) Software. TAC support: http://www.cisco.com/tac Copyright (c) 2009-2016, Cisco Systems, Inc. All rights reserved. The copyrights to certain works contained in this software are owned by other third parties and used and distributed under license. Certain components of this software are licensed under the ‘GNU General Public License, version 3’ provided with ABSOLUTELY NO WARRANTY under the terms of ‘GNU General Public License, Version 3’, available here: http://www.gnu.org/licenses/gpl.html. See User Manual (”Licensing”) for details. Certain components of this software are licensed under the ‘GNU General Public License, version 2’ provided with ABSOLUTELY NO WARRANTY under the terms of ‘GNU General Public License, version 2’, available here: http://www.gnu.org/licenses/old-licenses/gpl-2.0.html. See User Manual (”Licensing”) for details. Certain components of this software are licensed under the ‘GNU LESSER GENERAL PUBLIC LICENSE, version 3’ provided with ABSOLUTELY NO WARRANTY under the terms of ‘GNU LESSER GENERAL PUBLIC LICENSE’ Version 3, available here: http://www.gnu.org/licenses/lgpl.html. See User Manual (”Licensing”) for details. Certain components of this software are licensed under the ‘GNU Lesser General Public License, version 2.1’ provided with ABSOLUTELY NO WARRANTY under the terms of ‘GNU Lesser General Public License, version 2’, available here: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html. See User Manual (”Licensing”) for details. Certain components of this software are licensed under the ‘GNU Library General Public License, version 2’ provided with ABSOLUTELY NO WARRANTY under the terms of ‘GNU Library General Public License, version 2′, available here: http://www.gnu.org/licenses/old-licenses/lgpl-2.0.html. See User Manual (”Licensing”) for details.
/opt/ssp-mgmt-scripts/ssp_heimdall_init: line 93: /usr/bin/echo: No such file or directory
System Mode Check: NATIVE mode assigned
/opt/ssp-mgmt-scripts/ssp_heimdall_init: line 114: /usr/bin/echo: No such file or directory
System Mode Check: NATIVE mode assigned
INFO: System Disk /dev/sda present. Status: Operable. System Disk /dev/sdb is not present.
Cisco Security Services Platform
Type ? for list of commands
System Mode Check: NATIVE mode assigned
Firepower-module1>
Waiting for Application infrastructure to be ready…
Verifying the signature of the Application image…
System Mode Check: NATIVE mode assigned
Deleting swap file …
Done with swap file …
Cisco FTD initializing …
Verify FSIC, File System Integrity Check
Setting up VNICs …
Found Firepower management vnic 18.
Found Firepower eventing vnic 17.
Current bootstrap version: KTM-FW1-H1T1215-3
Last applied bootstrap version: KTM-FW1-H1T1215-3
firstboot flag not found and bootstrap version not changed, no need to apply bootstrap config to management interface.
Bringing management0 interface up…
Bringing management1 interface up…
verify_fsic(start)
Do not run FSIC twice for SSP systems…
Initializing Threat Defense …
Initializing Threat Defense … [ OK ]
Starting system log daemon…
[2021-05-21T07:20:18.609862] Connection failed; fd=’24’, server=’AF_UNIX(/dev/asalog)’, local=’AF_UNIX(anonymous)’, error=’No such file or directory (2)’
[2021-05-21T07:20:18.609924] Initiating connection failed, reconnecting; time_reopen=’60’
[2021-05-21T07:20:18.609924] Initiating connection failed, reconnecting; time_reopen=’60’ [ OK ]
Adding swapfile /ngfw/Volume/.swaptwo
Flushing all current IPv4 rules and user defined chains: …success
Clearing all current IPv4 rules and user defined chains: …success
Applying iptables firewall rules:
Flushing chain `PREROUTING’
Flushing chain `INPUT’
Flushing chain `OUTPUT’
Flushing chain `POSTROUTING’
Flushing chain `PREROUTING’
Flushing chain `INPUT’
Flushing chain `FORWARD’
Flushing chain `OUTPUT’
Flushing chain `POSTROUTING’
Flushing chain `INPUT’
Flushing chain `FORWARD’
Flushing chain `OUTPUT’
Applying rules successed
Flushing all current IPv6 rules and user defined chains: …success
Clearing all current IPv6 rules and user defined chains: …success
Applying ip6tables firewall rules:
Flushing chain `PREROUTING’
Flushing chain `INPUT’
Flushing chain `OUTPUT’
Flushing chain `POSTROUTING’
Flushing chain `PREROUTING’
Flushing chain `INPUT’
Flushing chain `FORWARD’
Flushing chain `OUTPUT’
Flushing chain `POSTROUTING’
Flushing chain `INPUT’
Flushing chain `FORWARD’
Flushing chain `OUTPUT’
Applying rules successed
Starting nscd…
Starting nscd… [ OK ]
Starting , please wait……complete.
cleaning up *.TMM and *.TMD files
Sucessfully updated threat.conf
cleanup /var/sf/mabain/metadatastore
Configuring NTP…
Configuring NTP… [ OK ]
Fru Size : 512 bytes
Done
ERR: VNIC system error; pci-stub VNIC 9 in [9] already re-binded
ERR: VNIC system error; pci-stub VNIC 22 in [22] already re-binded
Not reconfigurating
Fri May 21 07:20:20 UTC 2021
Starting MySQL…
Pinging mysql
Pinging mysql, try 1
Found mysql is running
Detecting expanded storage…
Running initializeObjects…
Stopping MySQL…
Killing mysqld with pid 11418
Wait for mysqld to exit\c
done
Fri May 21 07:20:28 UTC 2021
Starting sfifd…
Starting sfifd… [ OK ]
Removing Compiled Python Files on Sensor……done
Starting Cisco Firepower 4115 Threat Defense, please wait……started.
Running [kill -1Cisco FTD initialization finishe
Cisco Firepower Extensible Operating System (FX-OS) Software. TAC support: http://www.cisco.com/tac Copyright (c) 2009-2016, Cisco Systems, Inc. All rights reserved. The copyrights to certain works contained in this software are owned by other third parties and used and distributed under license. Certain components of this software are licensed under the ‘GNU General Public License, version 3’ provided with ABSOLUTELY NO WARRANTY under the terms of ‘GNU General Public License, Version 3’, available here: http://www.gnu.org/licenses/gpl.html. See User Manual (”Licensing”) for details. Certain components of this software are licensed under the ‘GNU General Public License, version 2’ provided with ABSOLUTELY NO WARRANTY under the terms of ‘GNU General Public License, version 2’, available here: http://www.gnu.org/licenses/old-licenses/gpl-2.0.html. See User Manual (”Licensing”) for details. Certain components of this software are licensed under the ‘GNU LESSER GENERAL PUBLIC LICENSE, version 3’ provided with ABSOLUTELY NO WARRANTY under the terms of ‘GNU LESSER GENERAL PUBLIC LICENSE’ Version 3, available here: http://www.gnu.org/licenses/lgpl.html. See User Manual (”Licensing”) for details. Certain components of this software are licensed under the ‘GNU Lesser General Public License, version 2.1’ provided with ABSOLUTELY NO WARRANTY under the terms of ‘GNU Lesser General Public License, version 2’, available here: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html. See User Manual (”Licensing”) for details. Certain components of this software are licensed under the ‘GNU Library General Public License, version 2’ provided with ABSOLUTELY NO WARRANTY under the terms of ‘GNU Library General Public License, version 2’, available here: http://www.gnu.org/licenses/old-licenses/lgpl-2.0.html. See User Manual (”Licensing”) for details.
Allocated cores for offload-engine:
-Socket[0]: [1]
-Socket[1]: [13]
Setting the offload CPU count to 2
IO Memory Nodes: 2
IO Memory Per Node: 4294967296 bytes num_pages = 1048576 page_size = 4096
Global Reserve Memory Per Node: 9663676416 bytes Nodes=2
LCMB: got 4294967296 bytes on numa-id=0, phys=0x16c0000000, virt=0x2b9b40000000
LCMB: got 4294967296 bytes on numa-id=1, phys=0x2ec0000000, virt=0x2b9c80000000
LCMB: HEAP-CACHE POOL got 9663676416 bytes on numa-id=0, virt=0x2b9d80000000
LCMB: HEAP-CACHE POOL got 9663676416 bytes on numa-id=1, virt=0x2b9fc0000000
total_reserved_mem = 8589934592
total_heapcache_mem = 19327352832
total mem 115218894028 system 200434876416 kernel 134217728 image 113047696
new 115218894028 old 4408014992 reserve 27917287424 priv new 87435824332 priv old 0
Processor memory: 115218894028
POST started…
POST finished, result is 0 (hint: 1 means it failed)
Compiled on Tue 15-Sep-20 23:14 GMT by builders
SSL Hardware Offload is Enabled
Snort trust pinhole is enabled
Increased the limit of 80-block by 882527 for SSL hardware offload.
Increased the limit of 256-block by 550636 for SSL hardware offload.
Increased the limit of 1550-block by 690509 for SSL hardware offload.
Increased the limit of 2048-block by 545046 for SSL hardware offload.
total 2 num 9 22 -1988666029 22034 -2072925568 11165 0 0
Nic assigned 8 21
Reserved Nic 9 (b:100 d:0 f:0) for offload
Reserved Nic 22 (b:222 d:0 f:0) for offload
Total NICs found: 6
ENIC: Detected new memory model for enic 4099
Flow table memory is successfully mapped at 0x00002b9a66269000
Rewrite memory is successfully mapped at 0x00002b9a76269000
ENIC: Detected new memory model for enic 4101
Flow table memory is successfully mapped at 0x00002b9a86269000
Rewrite memory is successfully mapped at 0x00002b9a96269000
en_vtun rev00 Backplane Tap Interface @ index 4102 MAC: 0000.0001.0003
en_vtun rev00 Backplane Control Interface @ index 4104 MAC: 0000.0001.0001
Cisco Security Services Platform
Type ? for list of commands
Firepower-module1>WARNING: Attribute already exists in the dictionary.
offload_app: Waiting for start command…
offload_app: start command recieved
offload_app: Flow redirect is not enabled…
offload_vnic_count = 2
offload_portmask = 0x3
redirect_vnic_count = 0
redirect_portmask = 0x0
redirect_queue_count = 0
offload_EAL: Detected 48 lcore(s)
EAL: No free hugepages reported in hugepages-1048576kB
app started with 12 set args:
larg[0]: offload_app
larg[1]: -c
larg[2]: 0x2002
larg[3]: -n
larg[4]: 4
larg[5]: -d
larg[6]: librte_mempool_ring.so.1.1
larg[7]: -w
larg[8]: 0000:64:00.0
larg[9]: -w
larg[10]: 0000:DE:00.0
larg[11]: –socket-mem=64,64
EAL: Probing VFIO support…
EAL: VFIO support initialized
———————Logout at 13:06:24——————————-
KTM-FPR1# connect module 1 console
Telnet escape character is ‘~’.
Trying 127.5.1.1…
Connected to 127.5.1.1.
Escape character is ‘~’.
CISCO Serial Over LAN:
Close Network Connection to Exit
Firepower-module1>connect ftd
Connecting to ftd(KTM-FW1) console… enter exit to return to bootCLI
> show failover
Failover Off
Failover unit Primary
Failover LAN Interface: KTM-HA Port-channel20 (down)
Reconnect timeout 0:00:00
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 3 of 1291 maximum
MAC Address Move Notification Interval not set
failover replication http
> sftunnel-status
SFTUNNEL Start Time: Fri May 21 07:20:34 2021
Both IPv4 and IPv6 connectivity is supported
Broadcast count = 2
Reserved SSL connections: 0
Management Interfaces: 1
management0 (control events) 10.70.254.8,
***********************
**RUN STATUS****10.70.254.1*************
Key File = /var/sf/peers/e5f65f28-6518-11ea-823f-3966d9f605b4/sftunnel-key.pem
Cert File = /var/sf/peers/e5f65f28-6518-11ea-823f-3966d9f605b4/sftunnel-cert.pem
CA Cert = /var/sf/peers/e5f65f28-6518-11ea-823f-3966d9f605b4/cacert.pem
Cipher used = AES256-GCM-SHA384 (strength:256 bits)
ChannelA Connected: Yes, Interface managemen
Cipher used = AES256-GCM-SHA384 (strength:256 bits)
ChannelB Connected: Yes, Interface managemen
Registration: Completed.
IPv4 Connection to peer ‘10.70.254.1’ Start Time: Fri May 21 13:08:04 2021
PEER INFO:
sw_version 6.6.1
sw_build 91
Management Interfaces: 1
eth0 (control events) 10.70.254.1,
Peer channel Channel-A is valid type (CONTROL), using ‘managemen’, connected to ‘10.70.254.1’ via ‘10.70.254.8’
Peer channel Channel-B is valid type (EVENT), using ‘managemen’, connected to ‘10.70.254.1’ via ‘10.70.254.8’
TOTAL TRANSMITTED MESSAGES <4> for Identity service
RECEIVED MESSAGES <1> for Identity service
SEND MESSAGES <3> for Identity service
FAILED MESSAGES <0> for Identity service
HALT REQUEST SEND COUNTER <0> for Identity service
STORED MESSAGES for Identity service (service 0/peer 0)
STATE for Identity service
REQUESTED FOR REMOTE for Identity service
REQUESTED FROM REMOTE for Identity service
TOTAL TRANSMITTED MESSAGES <1> for Health Events service
RECEIVED MESSAGES <1> for Health Events service
SEND MESSAGES <0> for Health Events service
FAILED MESSAGES <0> for Health Events service
HALT REQUEST SEND COUNTER <0> for Health Events service
STORED MESSAGES for Health service (service 0/peer 0)
STATE for Health Events service
REQUESTED FOR REMOTE for Health Events service
REQUESTED FROM REMOTE for Health Events service
TOTAL TRANSMITTED MESSAGES <157> for IP(NTP) service
RECEIVED MESSAGES <106> for IP(NTP) service
SEND MESSAGES <51> for IP(NTP) service
FAILED MESSAGES <0> for IP(NTP) service
HALT REQUEST SEND COUNTER <0> for IP(NTP) service
STORED MESSAGES for IP(NTP) service (service 0/peer 0)
STATE for IP(NTP) service
REQUESTED FOR REMOTE for IP(NTP) service
REQUESTED FROM REMOTE for IP(NTP) service
TOTAL TRANSMITTED MESSAGES <7> for RPC service
RECEIVED MESSAGES <3> for RPC service
SEND MESSAGES <4> for RPC service
FAILED MESSAGES <0> for RPC service
HALT REQUEST SEND COUNTER <0> for RPC service
STORED MESSAGES for RPC service (service 0/peer 0)
STATE for RPC service
REQUESTED FOR REMOTE for RPC service
REQUESTED FROM REMOTE for RPC service
TOTAL TRANSMITTED MESSAGES <0> for EStreamer Events service
RECEIVED MESSAGES <0> for service EStreamer Events service
SEND MESSAGES <0> for EStreamer Events service
FAILED MESSAGES <0> for EStreamer Events service
HALT REQUEST SEND COUNTER <0> for EStreamer Events service
STORED MESSAGES for EStreamer Events service (service 0/peer 0)
STATE for EStreamer Events service
REQUESTED FOR REMOTE for EStreamer Events service
REQUESTED FROM REMOTE for EStreamer Events service
TOTAL TRANSMITTED MESSAGES <62> for IDS Events service
RECEIVED MESSAGES <31> for service IDS Events service
SEND MESSAGES <31> for IDS Events service
FAILED MESSAGES <0> for IDS Events service
HALT REQUEST SEND COUNTER <0> for IDS Events service
STORED MESSAGES for IDS Events service (service 0/peer 0)
STATE for IDS Events service
REQUESTED FOR REMOTE for IDS Events service
REQUESTED FROM REMOTE for IDS Events service
TOTAL TRANSMITTED MESSAGES <3> for Malware Lookup Service service
RECEIVED MESSAGES <1> for Malware Lookup Service) service
SEND MESSAGES <2> for Malware Lookup Service service
FAILED MESSAGES <0> for Malware Lookup Service service
HALT REQUEST SEND COUNTER <0> for Malware Lookup Service service
STORED MESSAGES for Malware Lookup Service service (service 0/peer 0)
STATE for Malware Lookup Service service
REQUESTED FOR REMOTE for Malware Lookup Service) service
REQUESTED FROM REMOTE for Malware Lookup Service service
TOTAL TRANSMITTED MESSAGES <4> for service 7000
RECEIVED MESSAGES <1> for service 7000
SEND MESSAGES <3> for service 7000
FAILED MESSAGES <0> for service 7000
HALT REQUEST SEND COUNTER <0> for service 7000
STORED MESSAGES for service 7000 (service 0/peer 0)
STATE for service 7000
REQUESTED FOR REMOTE for service 7000
REQUESTED FROM REMOTE for service 7000
TOTAL TRANSMITTED MESSAGES <6> for CSM_CCM service
RECEIVED MESSAGES <3> for CSM_CCM service
SEND MESSAGES <3> for CSM_CCM service
FAILED MESSAGES <0> for CSM_CCM service
HALT REQUEST SEND COUNTER <0> for CSM_CCM service
STORED MESSAGES for CSM_CCM (service 0/peer 0)
STATE for CSM_CCM service
REQUESTED FOR REMOTE for CSM_CCM service
REQUESTED FROM REMOTE for CSM_CCM service
Priority UE Channel 1 service
TOTAL TRANSMITTED MESSAGES <11> for UE Channel service
RECEIVED MESSAGES <2> for UE Channel service
SEND MESSAGES <9> for UE Channel service
FAILED MESSAGES <0> for UE Channel service
HALT REQUEST SEND COUNTER <0> for UE Channel service
STORED MESSAGES for UE Channel service (service 0/peer 0)
STATE for UE Channel service
REQUESTED FOR REMOTE for UE Channel service
REQUESTED FROM REMOTE for UE Channel service
Priority UE Channel 0 service
TOTAL TRANSMITTED MESSAGES <13> for UE Channel service
RECEIVED MESSAGES <2> for UE Channel service
SEND MESSAGES <11> for UE Channel service
FAILED MESSAGES <0> for UE Channel service
HALT REQUEST SEND COUNTER <0> for UE Channel service
STORED MESSAGES for UE Channel service (service 0/peer 0)
STATE for UE Channel service
REQUESTED FOR REMOTE for UE Channel service
REQUESTED FROM REMOTE for UE Channel service
TOTAL TRANSMITTED MESSAGES <0> for FSTREAM service
RECEIVED MESSAGES <0> for FSTREAM service
SEND MESSAGES <0> for FSTREAM service
FAILED MESSAGES <0> for FSTREAM service
Heartbeat Send Time: Fri May 21 13:09:36 2021
Heartbeat Received Time: Fri May 21 13:10:43 2021
***********************
**RPC STATUS****10.70.254.1*************
‘ip’ => ‘10.70.254.1’,
‘uuid’ => ‘e5f65f28-6518-11ea-823f-3966d9f605b4’,
‘ipv6’ => ‘IPv6 is not configured for management’,
‘name’ => ‘10.70.254.1’,
‘active’ => 1,
‘uuid_gw’ => ”,
‘last_changed’ => ‘Wed Dec 2 15:22:40 2020’
Check routes:
No peers to check
> /opt/ssp-mgmt-scripts/ssp_heimdall_init: line 377: /usr/bin/echo: No such file or directory
/opt/ssp-mgmt-scripts/ssp_heimdall_init: line 377: /usr/bin/echo: No such file or directory
/opt/ssp-mgmt-scripts/ssp_heimdall_init: line 377: /usr/bin/echo: No such file or directory
/opt/ssp-mgmt-scripts/ssp_heimdall_init: line 377: /usr/bin/echo: No such file or directory
/opt/ssp-mgmt-scripts/ssp_heimdall_init: line 377: /usr/bin/echo: No such file or directory
/opt/ssp-mgmt-scripts/ssp_heimdall_init: line 377: /usr/bin/echo: No such file or directory
/opt/ssp-mgmt-scripts/ssp_heimdall_init: line 377: /usr/bin/echo: No such file or directory
Inactive timeout reached, logging out.
———————Logout at 13:21:30——————————-
Leave A Comment?