Understand Firepower Models, Managers, and Log in Commands

Available Languages

Download Options

  • ePub     (931.1 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (637.5 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:September 28, 2023
Document ID:220991

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

    Introduction

    This document describes different types of Firepower models and managers, and how to access them using Command Line Interface (CLI).

    Prerequisites

    Requirements

    Cisco recommends that you must have knowledge of these topics:

    • Firepower, Firepower Threat Defense (FTD) and Firepower Management Center (FMC)
    • Difference between Firepower and Firepower Threat Defense (FTD)

    Abbreviations

    • Next Generation Intrusion Prevention System (NGIPS)

    • Next Generation Firewall (NGFW)

    • Firepower Threat Defense (FTD)

    • Firepower Extensible Operating System (FXOS)

    • Firepower Chassis Manager (FCM)

    • Adaptive Security Device Manager (ASDM)

    • Firepower Device Manager (FDM)

    • Defense Center (DC)

    • Firepower Management Center (FMC)

    Terminology and Types

    Device Terminology and Types

    Sourcefire/ Firepower/ SFR/ NGIPS/ Sensors/ FTD/ NGFW

    Sourcefire/Firepower services (SFR)  Sourcefire/Firepower services (SFR) installed on ASA as software service.
     Firepower installed on hardware module inserted in ASA.
    Next Generation Intrusion Prevention System (NGIPS, Sensors)  Firepower installed on 7000 & 8000 series hardware.
     Firepower installed on virtual platform.
    Firepower Threat Defense (FTD, Next Generation Firewall (NGFW))  Firepower Threat Defense (FTD) installed on ASA (ASA 5500-X series except 5585).
     Firepower Threat Defense (FTD) installed on Firepower hardware (1000, 2100, 3100, 4100 & 9300 series).
     Firepower Threat Defense (FTD) installed on virtual platform.

    Managers Terminology and Types

    ASDM/ FDM/ FCM/ DC/ Firesight/ FMC/ FMCv

    Adaptive Security Device Manager (ASDM)  It is a local manager to manage Firepower services (SFR).
    Firepower Device Manager (FDM)  It is a local manager to manage Firepower Threat Defense (FTD).
    Firepower Management Center (FMC, Defense Center (DC), Firesight)  It is a separate manager to manage devices(Sourcefire/ Firepower/ SFR/ NGIPS/ Sensors/ FTD/ NGFW).

                         

    Managers are used to manage devices.

    Adaptive Security Device Manager (ASDM) and Firepower Device Manager (FDM) are local management Graphical User Based (GUI) based option in the device.

    Firepower Management Center (FMC) is a separate management GUI based tool.

    At a time, one manager can be used to manage the device.

    For example : If you want to manage Firepower services (SFR) so either you can use Adaptive Security Device Manager (ASDM) or Firepower Management Center (FMC).

                         : If you want to manage Firepower Threat Defense (FTD) so either you can use Firepower Device Manager (FDM) or Firepower Management Center (FMC).

    Detailed Information

    1. Firepower

    1. ASA Firepower Services (SFR)

    Firepower installed as software on ASA except in one model ASA 5585. In ASA 5585, hardware module is inserted to get firepower services.

    In ASA 5500-X series, Firepower services (SFR) software services installed on Solid State Drive (SSD) and ASA 5585 has hardware firepower module.

    Fresh Installation or Reimage Files  Image (.img) file and Packages (.pkg) file is required for installation of Firepower services (SFR).
    Supported Manager    Either Adaptive Security Device Manager (ASDM) or Firepower Management Center (FMC).

    2. Sensor/NGIPS (7000 and 8000 Series and Virtual)

    7000 and 8000 series are hardware firepower devices.

    Virtual Firepower installed on supported virtual platform. (For supported platform details, refer to release notes.)

    Fresh Installation or Reimage Files  Restore.iso required for Hardware 7000 and 8000 series.
    Supported Manager   Firepower Management Center (FMC).

    3. FTD/NGFW (ASA 5500-x Series, 1000 Series, 2100 Series, 3100 Series, 4100 Series, 9300 Series and Virtual)

    Mentioned Firepower series are hardware Firepower Threat Defense (FTD) devices.

    Virtual Firepower Threat Defense is installed on supported virtual platform. (For supported platform details, refer to release notes.)

    In Firepower Threat Defense, ASA and Firepower features are merged in one unified image represented as lina engine and snort engine.

    CLI is available, but no configure terminal mode (config t).

    Firepower Extensible Operating System (FXOS) is an operating system on the supervisor. 

    The Firepower Chassis Manager (FCM) is used to manage FXOS.

    FXOS and FTD are 2 separate software OS images on FPR4100 and 9300, while FPR1000, FPR2100 and FPR3100 are a unified OS bundle of FTD and FXOS.

    On these hardware series, you can either install ASA and completely covert into ASA, or you can install FTD and take leverage of both features in one image.

    Fresh Installation or Reimage Files  Refer to the installation user guide of respective model.
    Supported Manager   

     Depending on whether you are running ASA or FTD on these hardware series:

    - If running ASA, then it can be managed by ASDM.

    - If running FTD, then it can be managed by either FDM or FMC.

    - For managing FXOS, FCM is used.
    note-icon

    Note: On 1000 series, 2100 series and 3100 series, when you are running FTD then you cannot manage the FXOS using FCM. On 1000 series, 2100 series and 3100 series, when you are running ASA, then FCM is available and you can manage the FXOS using FCM only if ASA version is less than 9.13.

    2. Firepower Management Center 

    FMC is a separate manager to use to manage the multiple devices.

    FMC is available as hardware as well as virtual.

    Hardware FMC: FMC 1000, FMC 1600, FMC 2500, FMC 2600, FMC 4500 and FMC 4600 

    Virtual FMC: FMCv(2/10/25) and FMCv300 (For supported platform details, refer to release notes.)

    note-icon

    Note: Number 2/10/25/300 represents maximum number of devices can be managed by FMC. For example: FMCv300 means it can manage 300 devices.

    Fresh Installation or Reimage Files: Restore.iso required for Hardware FMC.

    Connect to Firepower, FTD, FXOS, and FMC CLI

    There are 3 user privilege modes in CLI, named below:

    Clish  >

    Expert $

    Root #

    1. SFR CLI

    There are two ways:

    • You can directly SSH to SFR IP to gain the CLI access.
    • Using ASA CLI, you can access SFR console.

    Example: ASA 5508 SFR

    ASA 5508 SFR

    2. Firepower 7000 and 8000 Series and FMC CLI

    • You can directly SSH to device IP to gain the CLI access.

    Example: SSH into 7110 Firepower

    SSH into 7110 Firepower

    Example: SSH into FMCv 

    SSH into FMCv

    3. FTD CLI

    • You can directly SSH to device IP to gain the CLI access.

    Example: SSH into FTDv

    SSH into FTDv

    4. FXOS CLI

    Example: FPR 4120 running FTD

    FPR 4120 Running FTD

    Continue....

    Continuation of FPR 4120 Running FTD

    Revision History

    Revision Publish Date Comments
    1.0
    28-Sep-2023
    Initial Release
    TAC Authored

    Contributed by Cisco Engineers

    • Richa Rana
      Firepower Escalation Leader

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco

    This Document Applies to These Products