Cisco Firepower Management Center 3500 Getting Started Manual - Page 24
Browse online or download pdf Getting Started Manual for Server Cisco Firepower Management Center 3500. Cisco Firepower Management Center 3500 42 pages. Firepower management center
Print Page
Traffic Flow During the Restore Process
To avoid disruptions in traffic flow on your network, Cisco recommends restoring your appliances during a
maintenance window or at a time when the interruption will have the least impact on your deployment.
Restoring a Firepower device that is deployed inline resets the device to a non-bypass (fail closed) configuration,
disrupting traffic on your network. Traffic is blocked until you configure bypass-enabled inline sets on the device.
For more information about editing your device configuration to configure bypass, see the Managing Devices
chapter of the Firepower Management Center Configuration Guide.
Understanding the Restore Process
To restore a Firepower device, you boot from the appliance's internal flash drive and use an interactive menu to
download and install the ISO image on the appliance. For your convenience, you can install system software and
intrusion rule updates as part of the restore process.
Only reimage your appliances during a maintenance window. Reimaging resets appliances in bypass mode to a
non-bypass configuration and disrupts traffic on your network until you reconfigure bypass mode. For more
information, see
Traffic Flow During the Restore Process, page
Note that you cannot restore an appliance using its web interface. To restore an appliance, you must connect to
it in one of the following ways:
Keyboard and Monitor/KVM
You can connect a USB keyboard and VGA monitor to the appliance, which is useful for rack-mounted
appliances connected to a KVM (keyboard, video, and mouse) switch. If you have a KVM that is
remote-accessible, you can restore appliances without having physical access.
Serial Connection/Laptop
You can use a rollover serial cable (also known as a NULL modem cable or a Cisco console cable) to connect
a computer to the appliance. See the hardware specifications for your appliance to locate the serial port. To
interact with the appliance, use terminal emulation software such as HyperTerminal or XModem.
Lights-Out Management Using Serial over LAN
You can perform a limited set of actions on Management Centers and Firepower devices using Lights-Out
Management (LOM) with a Serial over LAN (SOL) connection. If you do not have physical access to an
appliance, you can use LOM to perform the restore process. After you connect to an appliance using LOM,
you issue commands to the restore utility as if you were using a physical serial connection. Note that you can
use Lights-Out Management on the default (
Setting Up Lights-Out Management, page
Before You Begin
Obtain the restore ISO image for the appliance from the Support Site. See
Update Files, page
Reimaging a Firepower Management Center could cause an Out of Compliance (OOC) state with the Cisco
License Authority. As a best practice, when reimaging a Firepower Management Center, first deregister the
Firepower Management Center from the Cisco Smart Software Manager. Choose System > Licenses > Smart
Licenses and click the deregister icon.
To restore a Firepower device:
1.
Copy the image to an appropriate storage medium.
2.
Connect to the appliance.
Cisco Firepower Management Center Getting Started Guide
36.
25.
Restoring a Firepower Management Center to Factory Defaults
24.
) management interface only. For more information, see
eth0
Obtaining the Restore ISO and
24