With Cisco Firepower, your configuration is done through a graphical interface on a day to day basis. Sometimes though, when troubleshooting, people revert to their old troubleshooting skills. This was the same for me as well. Sometimes I revert to my old ASA troubleshooting skills and just want to see the command line config. Then there are other times that I needed a VPN tunnel key for instance that was not updated in my documentation. And remember, there is no way to see keys in clear text in the GUI. Sometimes there are valuable needs to see a clear text command line config of your Firepower firewall. Luckily this is still an option and here’s how you do it.
Begin a SSH session to your firewall to get started.
At this point, you will need to enter the diagnostic cli mode with the following command:
> system support diagnostic-cli
From here, we can use an old command that some of you might remember once in privileged exec mode:
firepower> enable firepower# more system:running-config
This will give you a clear text “show run” of your firewall, just like on an old Cisco ASA. The advantage here is that you will also receive clear text keys as well, such as for your VPN tunnels. To be honest, that’s my most common reason for using this command. Nonetheless, it’s a good one to have in your arsenal for troubleshooting.