CLI Access

Firepower devices include a Firepower CLI that runs on top of Linux. You can create internal users on devices using the CLI. You can establish external users on threat defense devices using the management center.

Caution

Users with CLI Config level access can access the Linux shell using the expert command, and obtain sudoers privileges in the Linux shell, which can present a security risk. For system security reasons, we strongly recommend:

Only use the Linux shell under TAC supervision or when explicitly instructed by Firepower user documentation.
Make sure that you restrict the list of users with CLI access appropriately.
When granting CLI access privileges, restrict the list of users with Config level access.
Do not add users directly in the Linux shell; only use the procedures in this chapter.
Do not access Firepower devices using CLI expert mode unless directed by Cisco TAC or by explicit instructions in the Firepower user documentation.