Onboard the Multi-Instance Chassis

You need to connect to the chassis FXOS CLI at the console port to enable multi-instance mode and perform initial setup. After you configure the chassis, you can add it to the cloud-delivered Firewall Management Center. The management center and the chassis share a separate management connection using the chassis MGMT interface.

Note

Although you can connect to SSH on the management port, we recommend using the console port to avoid multiple disconnections. If you use SSH before you switch to multi-instance mode, you connect to the threat defense CLI and need to connect to FXOS using connect fxos . This procedure covers the console port.

Use the cloud-delivered Firewall Management Center to configure all chassis settings as well as instances. The Secure Firewall chassis manager or configuration at the FXOS CLI is not supported.

Procedure

Step 1

Connect to the chassis console port.

The console port connects to the FXOS CLI.

Step 2

Log in with the username admin and the password Admin123.

The first time you log in to FXOS, you are prompted to change the password.

Note

If the password was already changed, and you do not know it, you must reimage the device to reset the password to the default. See the FXOS troubleshooting guide for the reimage procedure.

Example:


firepower login: admin
Password: Admin123
Successful login attempts for user 'admin' : 1

[...]

Hello admin. You must change your password.
Enter new password: ********
Confirm new password: ********
Your password was updated successfully.

[...]

firepower#

Step 3

Check your current mode, Native or Container. If the mode is Native, you can continue with this procedure to convert to multi-instance (Container) mode.

show system detail

Example:



firepower # show system detail

Systems:
    Name: firepower
    Mode: Stand Alone
    System IP Address: 172.16.0.50
    System IPv6 Address: ::
    System Owner:
    System Site:
    Deploy Mode: Native
    Description for System:
firepower #

Step 4

Enable multi-instance mode.

scope system

set deploymode container

You are prompted to reboot.

Example:


firepower# scope system
firepower /system # set deploymode container
All configuration and bootable images will be lost and system will reboot.
If there was out of band upgrade, it might reboot with the base version and need to re-image to get the expected running version.
Do you still want to change deploy mode? (yes/no):yes
firepower /system #

To change the mode back to appliance mode, enter set deploymode native .

Step 5

After the chassis finishes rebooting, set the Management IP address. You can use IPv4 and/or IPv6. The default address is 192.168.45.45/24 with a gateway of 192.168.45.1.

IPv4:

scope fabric-interconnect

set out-of-band static ip ip_address netmask network_mask gw gateway_ip_address

IPv6:

scope fabric-interconnect

scope ipv6-config

set out-of-band static ipv6 ipv6_address ipv6-prefix prefix_length ipv6-gw gateway_address

Example:

IPv4:


firepower-3110# scope fabric-interconnect
firepower-3110 /fabric-interconnect # set out-of-band static ip 10.5.23.8 netmask 255.255.255.0 gw 10.5.23.1

IPv6:


firepower-3110# scope fabric-interconnect
firepower-3110 / fabric-interconnect # scope ipv6-config
firepower-3110 / fabric-interconnect /ipv6-config # set out-of-band static ipv6 2001:DB8::34 ipv6-prefix 64 ipv6-gw 2001:DB8::1

Step 6

In the Security Cloud Control navigation pane, click Security Devices, then click the blue plus button (plus sign) to Onboard a device.

Step 7

Click the FTD Chassis tile to open the Add Chassis dialog box.

FTD Chassis Tile
FTD Chassis Tile
Add Chassis
Add Chassis

Step 8

Click Copy (copy icon) to copy the top generated command, then paste it at the FXOS CLI of your chassis.

Step 9

When prompted for the Registration Key at the FXOS CLI, click Copy (copy icon) on the Add Chassis dialog box for the generated registration key and paste it at the FXOS CLI.

You can disconnect from the FXOS CLI at this point.

Step 10

In the cloud-delivered Firewall Management Center Chassis Name field, enter a name for the chassis as you want it to display in the management center.

Step 11

(Optional) Add the chassis to a Device Group.

Step 12

Click Submit.

The chassis is added to the Device > Device Management page.

Step 13

To view and configure the chassis, click Manage in the Chassis column, or click Edit (edit icon) .

The Chassis Manager page opens for the chassis to the Summary page.

Chassis Summary
Chassis Summary