topic Re: FTD Firepower not working in Network Security

FTD Firepower not working

Salman.Baig — Fri, 21 Feb 2020 16:42:30 GMT

i installed cisco fmc and ftd on my esxi local fmc working fine but ftd not working not accessible i put manual ipv4 and gateway but ftd not acces what problem i add snapshot what is the problem please help thanks

Re: FTD Firepower not working

balaji.bandi — Sat, 26 Jan 2019 22:22:59 GMT

The screen shot not show what is the problem this is basic IPv4 config.

you need to check that, FMC managment interface and FTD management inerface in same subnet, and check the Esxi vswtich configuration.

Once these IP address are ok. try to add device in to FMC with manager credentials.

Re: FTD Firepower not working

Salman.Baig — Sat, 26 Jan 2019 22:29:40 GMT

@balaji.bandi both are same subnet

FMC ip 192.168.2.198 255.255.255.0 Gateway 192.168.2.1

FTD ip 192.168.2.197 255.255.255.0 Gateway 192.168.2.1

FMC working Fine its Ping able and acces gui web But

FTD not working i well post snapshot what problem is ?

Re: FTD Firepower not working

Marius Gunnerud — Sun, 27 Jan 2019 08:22:53 GMT

If FTD is also a VM then this could be an incorrectly assigned network in the VM configuration.

Re: FTD Firepower not working

balaji.bandi — Sun, 27 Jan 2019 10:03:54 GMT

Adding to other post, it is hard to see what is the issue based on the information you have pasted.

you need to explain more details how is your esxi side configuration done.make sure the interfaces are right interface group in vswitch.

post both the screen from vswitch side.

Re: FTD Firepower not working

Salman.Baig — Sun, 27 Jan 2019 15:27:45 GMT

@balaji.bandi look screen shot i will add manual ipv4 but when i >show interface ip brief they show no ip in management port look screen show what happened what is problem...

I just deployed a FTDV VM on a vSphere host. I assigned a static IP during the OVF deployment, and running show network from the CLI shows the IP address I assigned to it. Yet show interface ip brief does not, nor am I able to ping the assigned router, and looking at the running-config it has no ip address for the management0/0 interface. The CLI is dissimilar enough from IOS/ASA that I can't seem to figure out what I need to do to assign an IP as configure terminal doesnt exist and configure ?doesnt seem to have anything relevant beyond configure network ipv4 manual which will just change what shows up in show network but not in the actual running-config.

I've read the Quick Start guide and I dont think I skipped any steps. Does anyone know what I did wrong, and what you need to do to assign a IP to the management interface?

Re: FTD Firepower not working

Marvin Rhoads — Sun, 27 Jan 2019 20:04:52 GMT

@Salman.Baig ,

Both @Marius Gunnerud and @balaji.bandi mentioned your ESXi configuration as a very likely cause of the issue but you have ignored their request to show that bit. Please check the vSwitch and share screenshots of its configuration. Be sure to verify that promiscuous mode is enabled for the vSwitch interfaces assigned to the FTDv appliance.

Also note that when you ping from FTDv it will by default try to use the dataplane interface according to the routing table. to verify management plane connectivity use the "ping system" command. Also, your "show interface ip brief" will show the LINA (ASA code) section of the running configuration, not the interface that is assigned to the FTDv management interface.

Re: FTD Firepower not working

Salman.Baig — Sun, 27 Jan 2019 20:27:22 GMT

@Marvin Rhoadswooh finally i got ping and access FTDv.

in Vswitch before in Security
Allow promiscuous mode No
Allow forged transmits No
Allow MAC changes NO
after i well Change into Yes

Allow promiscuous mode Yes
Allow forged transmits Yes
Allow MAC changes Yes
Problem is fix thanks @Marvin Rhoads Have nice day