8-2
Firepower 7000 and 8000 Series Installation Guide
Chapter 8 Restoring a Firepower System Appliance to Factory Defaults
Understanding the Restore Process
Restoring a Firepower device that is deployed inline resets the device to a non-bypass (fail closed)
configuration, disrupting traffic on your network. Traffic is blocked until you configure bypass-enabled
inline sets on the device. For more information about editing your device configuration to configure
bypass, see the Managing Devices chapter of the Firepower Management Center Configuration Guide.
Understanding the Restore Process
Access: Admin
To restore a Firepower device, you boot from the appliance’s internal flash drive and use an interactive
menu to download and install the ISO image on the appliance. For your convenience, you can install
system software and intrusion rule updates as part of the restore process.
Only reimage your appliances during a maintenance window. Reimaging resets appliances in bypass
mode to a non-bypass configuration and disrupts traffic on your network until you reconfigure bypass
mode. For more information, see Traffic Flow During the Restore Process, page 8-1.
Note that you cannot restore an appliance using its web interface. To restore an appliance, you must
connect to it in one of the following ways:
Keyboard and Monitor/KVM
You can connect a USB keyboard and VGA monitor to the appliance, which is useful for
rack-mounted appliances connected to a KVM (keyboard, video, and mouse) switch. If you have a
KVM that is remote-accessible, you can restore appliances without having physical access.
Serial Connection/Laptop
You can use a rollover serial cable (also known as a NULL modem cable or a Cisco console cable)
to connect a computer to the appliance. See the hardware specifications for your appliance to locate
the serial port. To interact with the appliance, use terminal emulation software such as
HyperTerminal or XModem. For more information, including a table of serial port connectors by
appliance, see Serial Connection/Laptop, page 4-20.
Lights-Out Management Using Serial over LAN
You can perform a limited set of actions on Management Centers and Firepower devices using
Lights-Out Management (LOM) with a Serial over LAN (SOL) connection. If you do not have
physical access to an appliance, you can use LOM to perform the restore process. After you connect
to an appliance using LOM, you issue commands to the restore utility as if you were using a physical
serial connection. Note that you can use Lights-Out Management on the default (
eth0) management
interface only. For more information, see Setting Up Lights-Out Management, page 8-15.
Before You Begin
• Obtain the restore ISO image for the appliance from the Support Site. See To obtain the restore ISO
and other update files:, page 8-3
To restore a Firepower device:
Step 1 Copy the image to an appropriate storage medium.
Step 2 Connect to the appliance.
Step 3 Reboot the appliance and invoke the restore utility.
To Next Page
Loading...
