Firepower 9300 - Initial configuration

Configure for Firepower Management

Below steps are for booting up Firepower 9300 for the first time

- Connect to the Firepower 9300 CLI using and complete the system configuration as prompted

Enter the setup mode; setup newly or restore from backup. (setup/restore) ? setup
You have chosen to setup a new Security Appliance. Continue? (y/n): y
Enforce strong password? (y/n): n
Enter the password for “admin”: <new password>
Confirm the password for “admin”: <repeat password>
Enter the system name: 9300FPR1
Physical Switch Mgmt0 IP address :
Physical Switch Mgmt0 IPv4 netmask :
IPv4 address of default gateway :
Configure the DNS Server IP address? (yes/no) [n]: n
Configure the default domain name? (yes/no) [n]: n

Following configurations will be applied:
Switch Fabic=A
System Name=9300FPR1
Enforced Strong Password=no
Physical Switch Mgmt0 IP Address=
Physical Switch Mgmt0 IP Netmask=
Default Gateway=
Ipv6 value=0

Apply and save the configuration (select ‘n’ if you want to re-enter)? (yes/no): yes
Applying configuration. Please wait.

Launch the Firepower Chassis Manager Web Interface from browser using https://<chassis_mgmt_ip_address> [This is the IP address of the Firepower 9300 that you entered during initial configuration] and login

If you have more than one chassis configure it in the same way using different management IP address.

Factory Reset PaloAlto

Factory Reset PaloAlto


Connect to console port of PaloAlto device using Putty

Power on to reboot the device.
During the boot sequence, the screen should look like this:

Type maint to enter maintenance mode.

you will see a "CHOOSE PANOS" screen with the following options: PANOS (maint-other), PANOS (maint) or PANOS (sysroot0).
Please choose PANOS (maint). Press enter to continue.

Once in maintenance mode, the following is displayed, please press enter to Continue:

Arrow down to Factory Reset and press Enter to display the menu:

You will see the Image that will be used to perform the factory reset. Select Factory Reset and press Enter again:

Choose and select reboot when factory reset process is success.

NOTE: Please note that once reboot is complete you have to wait around 15 minutes login with default credentials in CLI .If you try immediately with default credentials it will be showing invalid please wait...

default username : admin
default password : admin

You can verify everything is set to default by logging to web portal using the default credentials


Firepower 9300 - Changing the Management IP Address of Firepower Chassis

Changing the Management IP Address

Step 1   Connect to the FXOS CLI using putty
Step 2   To configure an IPv4 management IP address:

Set the scope for fabric-interconnect a:

Firepower-chassis# scope fabric-interconnect a

To view the current management IP address, enter the following command:

Firepower-chassis /fabric-interconnect # show

Enter the following command to configure a new management IP address and gateway:

Firepower-chassis /fabric-interconnect # set out-of-band ip 10.x.x.x netmask gw 10.x.x.x

Commit the transaction to the system configuration:

Firepower-chassis /fabric-interconnect* # commit-buffer

Firepower 9300 - Setting the Date and Time on Firepower Chassis Manager

Setting the Date and Time using NTP server

Step 1   Choose Platform Settings > NTP.
Step 2   Under Set Time Source, click Use NTP Server and then enter the IP address or hostname of the NTP server you want to use in the NTP Server field.
Step 3   Click Save.

Setting the Date and Time Manually

Step 1   Choose Platform Settings > NTP.
Step 2   Under Set Time Source, click Set Time Manually.
Step 3   Click the Date/Hour/Time drop-down list and set the time
Step 4   Click Save.

You can click Get System Time to set the date and time to match what is configured on the computer you are using to connect to the Firepower Chassis Manager.

For both NTP and manual setting, If you modify the system time by more than 10 minutes, the system will log you out and you will need to log in to the Firepower Chassis Manager again.


Register and activate licenses in Palo Alto firewall

Register the Firewall

STEP 1 Log in to the web interface of the firewall (https://<IP address>)
STEP 2 copy serial number of device from the General Information section of the Dashboard screen

STEP 3 Go to
STEP 4 Register and verify the email 

Note : To register, you must provide your sales order number or customer ID, and the serial number of your firewall (which you can paste from your clipboard) or the authorization code you received with your order. You will also be prompted to set up a username and password for access to the Palo Alto Networks support community.
STEP 5 : Once email is verified,login to using the email address and password
STEP 6 : You will be prompted to choose two security questions and answers to use if you forget the password.
STEP 7 : Register new device by going to Asset tab > Devices > Register new device and fill the details needed

Activate Licenses and Subscriptions

STEP 1 : Locate the activation codes for the licenses you purchased from the registered email address you have provided while purchasing device.If you cannot locate this email, contact customer support to obtain your activation codes before you proceed.
STEP 2 : Launch the web interface and go to Device > Licenses
STEP 3 : Activate each license you purchased either by following method
Retrieve license keys from license server —Use this option if you activated your license on the support portal. 

Activate feature using authorization code —Use this option to enable purchased subscriptions using an authorization code for licenses that have not been previously activated on the support portal. When prompted, enter the Authorization Code and then click OK.

Manually upload license key —Use this option if your device does not connected to internet. In this case, you must download a license key file from the support site on an Internet connected computer and then upload to the device.
STEP 4 : Verify that the license was successfully activated from Device > Licenses .You can see the issue and expiry date of the licenses here once its activated
STEP 5 : (WildFire subscriptions only) Perform a commit to complete WildFire subscription activation.