<-- home

Limited FMC Shell Access

post by:

From the Firepower 6.3.0 Release Notes

An CLI for the FMC supports a small set of basic commands (change password, show version, reboot/restart, and so on). By default the FMC CLI is disabled, and logging into FMC using SSH accesses the Linux shell.

New/Modified Classic CLI commands: The system lockdown-sensor command has changed to system lockdown . This command now works for both devices and FMCs.

New/Modified screens: System > Configuration > Console Configuration > Enable CLI Access check box

Supported platforms: FMC, including FMCv

What does this feature mean?

This one can be fairly confusing. By default, when you log into a FMC you will have access to a linux shell. For environments that consider tihs to be fairly loose, you can lockdown the CLI. This feature is configurable from the User Intrface in the FMC. Once you lockdown the CLI you will be in a limited shell just like on the sensors in which there are very few options.

Is this feature backwards compatible?

No, you need to be on 6.3.0 or higher to enable this feature, it is FMC only.

Should I change this value?

Unless you need to perform some type of advanced administrative functions on the manager I would always recommend locking down the manager CLI.

How can I configure this?

Firepower Management Center: System -> Configuration -> Console Configuration -> Enable CLI Access.

Enable CLI Access

Below this is a screenshot of the new FMC Limited CLI Shell.

SSH Limited Shell

comments powered by Disqus

© . Moses Frost, All rights reserved. Please refer to our notices for terms.