Factory Reset Firepower 4100 & 9300

I got my hands on some Cisco Firepower 4100 units and after playing around with them I wanted to reset them to factory settings, essentially erase the “startup-config” on the FXOS. The Firepower units act a little differently than your normal Cisco IOS or ASA and you can’t just erase startup-config and reload the device, that would be too easy. I was able to find that if you do a password recovery on the unit it erases the configuration  and that’s as close as I got for a factory reset.

You have to be physically at the device with a console cable, plug into the console port to begin:

  • Power off the system, and then power it back on
  • While the system is booting, you have go into ROMMON mode to do that press ESC or CTRL+L. You’ll see a message confirming that you are going to ROMMON
!!  Rommon image verified successfully  !! 

Cisco System ROMMON, Version 1.0.10, RELEASE SOFTWARE 

Copyright (c) 1994-2015  by Cisco Systems, Inc. 

Compiled Mon 11/30/2015 15:23:18.60 by builder 

Current image running: Boot ROM0 

Last reset cause: PowerCycleRequest 

DIMM Slot 0 : Present 

DIMM Slot 1 : Present 

No USB drive !! 

BIOS has been locked !! 

Platform FPR-4110-SUP with 8192 Mbytes of main memory
  • Make note of the kickstart and FXOS system image as you need these names to be able to boot to the correct image. In this example under ROMMON the following appeared on-screen
find the string ! boot bootflash:/installables/switch/fxos-k9-kickstart.5.0.3.N2.3.14.69.SPA bootflash:/installables/switch/fxos-k9-system.5.0.3.N2.3.14.69.SPA
  • Load the kickstart image
rommon 1 > boot bootflash:/installables/switch/fxos-k9-kickstart.5.0.3.N2.3.14.69.SPA 

  !!   Kickstart Image verified successfully   !! 
  • When kickstart loads you’ll be at the switch(boot)# prompt, enter configuration mode.
switch(boot)#
switch(boot)# config t
Enter configuration commands, one per line. End with CNTL/Z.
  • Under the configuration mode, type admin-password erase, this will erase everything and bring the system back to factory defaults.
switch(boot)(config)# admin-password erase
Your password and configuration will be erased!
Do you want to continue? (y/n)  [n] y
switch(boot)(config)# exit
  • Load the system image to startup the FXOS, once the image has been loaded you’ll be prompted to enter the setup wizard.
switch(boot)# load bootflash:/installables/switch/fxos-k9-system.5.0.3.N2.3.14.69.SPA
Uncompressing system image: bootflash:/installables/switch/fxos-k9-system.5.0.3.N2.3.14.69.SPA

You have chosen to setup a new Security Appliance. Continue? (y/n):

I hope this information is helpful, the information I was referencing is located here:

Password Recovery Procedure For Firepower 9300/4100 Series Appliances

Advertisements

2 thoughts on “Factory Reset Firepower 4100 & 9300

  1. Jimmy November 7, 2016 / 9:54 pm

    Hi :Ryan ,I got several devices like ASA 5525x with firepower mode ,i want to reinstall the whole system from ASA(firepower software ) to firepower system complete(called FTD system) ,Do you have similar experence ? Also i purchase (Protection,Control,Malware,URL Filtering) licence ,i find the the firepower mode didnt filter locker virus (like CryptoLocker,CBT locker),Can you give me some suggestion ?

    • Ryan November 9, 2016 / 9:24 pm

      Hey Jimmy,
      I have not had experience upgrading to the FTD image for the ASAs and from what I can tell you may have to upgrade/download several things. I found this on Cisco website which may be a good starting point: http://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/reimage/asa-ftd-reimage.html

      I have worked with the Firepower 4100 units which give you the option to use either ASA or an FTD image. I have been playing around with the FTD image and the ASA SFR module, they are different you really don’t manage the device directly, it all works through the Firepower Management Center. Its interesting you’re not having any luck with the filtering make sure if you are using the ASA image that you set up a service policy under the global policy to inspect all traffic with the SFR module and its not in monitor mode. You will also need to setup policies and rules in the FMC to block this type of traffic.

      Hope that helps 🙂
      Ryan

Leave a Reply...

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s