We all know the architecture of the (cd)FMC-managed FTD prevents you from making local device changes via the CLI – or does it?
Technically, yes, however where there is a will, there’s a way. This is one way I have used to consistently add configuration changes to the FTD via CLI. The basics rely on the fact that under the hood, FXOS is *nix, and includes VIM.
DISCLAIMER: This is, obviously, not supported by Cisco, not a published method, and can break the box if done irresponsibly. No warranties, your mileage may vary, etc.; use for emergencies and at your own risk.
From normal CLI mode ( “>” prompt)
- Enter expert mode
- Sudo to root elevation
- Change the working directory to /mnt/disk0
- Invoke VIM to a text file, called whatever you want really (except something meaningful like running-config for obvious reasons)
- Enter the lines of config you want to enter into the running configuration (press “I” to enter insert mode first (normal VIM operation))
- :wq! To save and quit (again normal VIM)
- Enter lina_cli to get back into the ASA engine diagnostic CLI
- Copy your text file to the running-config – it will append, not replace, so you don’t have to have your whole run config copied here
- Show run and validate the changes
- Wr mem
Example:
> expert
admin@ngfw-1:/$ sudo su
Password: <FTD Admin Password you set>
root@ngfw-1:/# cd /mnt/disk0
root@ngfw-1:/mnt/disk0# vim example.txt
!
!make changes in vim then save and quit to return to cli prompt
!
root@ngfw-1:/mnt/disk0# lina_cli
ngfw-1> en
Password: <enable password (none by default)>
ngfw-1# copy disk0:/example.txt system:running-config
Verification:
run whatever show run commands are needed to verify your changes took
copy run start will occur on next deploy from FMC or you can wr mem from here as well
CCIE #TBD 