About the Firepower 1000/2100, Secure Firewall 1200/3100/4200 Security Appliance CLI

This troubleshooting guide explains the Firepower eXstensible Operating System (FXOS) command line interface (CLI) for the Firepower 1000 , Firepower 2100, Secure Firewall 1200, Secure Firewall 3100, and Secure Firewall 4200 security appliance series.


Note

The CLI on the SSH client management port defaults to Secure Firewall Threat Defense. You can get to the FXOS CLI using the connect fxos command.

The CLI on the Firepower 1000/2100, Secure Firewall 1200, Secure Firewall 3100, or Secure Firewall 4200 console port defaults to the FXOS CLI prompt. You can get to the threat defense CLI using the connect ftd command.

Once logged into the FXOS CLI, you can use the commands described below to view and troubleshoot the FXOS platform for your Firepower 1000, Firepower 2100, Secure Firewall 1200, Secure Firewall 3100, or Secure Firewall 4200 series device.

If threat defense is installed on your Firepower 1000/2100, Secure Firewall 1200, Secure Firewall 3100 device, or Secure Firewall 4200, the FXOS CLI does not allow you to modify the configuration. If you attempt to perform any configuration changes with the FXOS CLI, the commit-buffer command returns an error.

For more information about the threat defense CLI, see the Command Reference for threat defense.

FXOS CLI Hierarchy

The FXOS CLI is organized into a hierarchy of command modes, with the EXEC mode being the highest-level mode of the hierarchy. Higher-level modes branch into lower-level modes. You use create , enter , and scope commands to move from higher-level modes to modes in the next lower level , and you use the exit command to move up one level in the mode hierarchy. You can also use the top command to move to the top level in the mode hierarchy.

Each mode contains a set of commands that can be entered in that mode. Most of the commands available in each mode pertain to the associated managed object.

The CLI prompt for each mode shows the full path down the mode hierarchy to the current mode. This helps you to determine where you are in the command mode hierarchy, and it can be an invaluable tool when you need to navigate through the hierarchy.

The following table lists the main command modes, the commands used to access each mode, and the CLI prompt associated with each mode.

Table 1. Main Command Modes and Prompts

Mode Name

Commands Used to Access

Mode Prompt

EXEC

top command from any mode

#

chassis

scope chassis command from EXEC mode

/chassis #

Ethernet uplink

scope eth-uplink command from EXEC mode

/eth-uplink #

fabric-interconnect

scope fabric-interconnect command from EXEC mode

/fabric-interconnect #

firmware

scope firmware command from EXEC mode

/firmware #

monitoring

scope monitoring command from EXEC mode

/monitoring #

organization

scope org command from EXEC mode

/org #

security

scope security command from EXEC mode

/security #

server

scope server command from EXEC mode

/server #

ssa

scope ssa command from EXEC mode

/ssa #

system

scope system command from EXEC mode

/system #

The following diagram outlines the commands that can be executed from the FXOS CLI top level to access the FXOS command shell, local management command shell, and Firepower Threat Defense CLI. Note that console access is required.

Figure 1. Firepower 1000/2100 and Secure Firewall 3100 FXOS CLI Connect Diagram

Online Help for the CLI

At any time, you can type the ? character to display the options available at the current state of the command syntax.

If you have not typed anything at the prompt, typing ? lists all available commands for the mode you are in. If you have partially typed a command, typing ? lists all available keywords and arguments available at your current position in the command syntax.