https://community.cisco.com/t5/network-security/fmc-validation-errors/m-p/3714548#M133218 <P>It seems that the device will show up as red if the service-policy is not applied on the ASA. This is due to packets not being sent to the Firepower virtual appliance. It is possible to successfully deploy to the device without the service-policy being applied.&nbsp; The device being in the FMC showing up as red can be confusing.</P> <P>&nbsp;</P> <P>Please rate helpful posts.&nbsp;</P> Thu, 27 Sep 2018 19:15:31 GMT Alex Pfeil 2018-09-27T19:15:31Z https://community.cisco.com/t5/network-security/fmc-validation-errors/m-p/3095774#M133216 <P>hi,</P> <P>i was able to add a ASA 5525-X sensor in FMC but i'm unable to add/tick licenses (grayed out) and saw this error:</P> <P><EM>Initial policy deployment not started due to validation errors. For details, redeploy manually</EM><EM></EM></P> <P><EM></EM></P> <P><EM>&gt; show managers&nbsp; <BR />Type&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : Manager<BR />Host&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : 172.20.x.x<BR /><SPAN style="color: #ff0000;">Registration&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : Completed</SPAN><BR /></EM></P> <P></P> <P>i got enough URL filtering, malware, etc licenses for this sensor but not sure why FMC doesn't let me add them and push the access policy. see attached photo.</P> <P>note this ASA 5525-X is not yet in production and only got 'management' interface and FP module both using same IP subnet and able they both able to ping/reach FMC. not sure if ASA needs to have other 'interfaces' working and operational.</P> <P>i also saw this and not sure if it's bug related.</P> <P><EM><A href="https://www.cisco.com/c/en/us/td/docs/security/firepower/60/relnote/firepower-system-release-notes-version-600.html" target="_blank">https://www.cisco.com/c/en/us/td/docs/security/firepower/60/relnote/firepower-system-release-notes-version-600.html</A></EM></P> <P><EM>In some cases, if you do not select the required licenses for a device prior to device </EM><BR /><EM>registration, the system generates an Initial policy deployment not started due to </EM><BR /><EM>validation errors. For details, redeploy manually message. For more information on the </EM><BR /><EM>correct licenses to select for your device, see the Licensing the FireSIGHT System chapter </EM><BR /><EM>of the Firepower Management Center Configuration Guide . <SPAN style="color: #ff0000;">(CSCuw85743)</SPAN></EM><BR /><BR /><BR /></P> <P>can someone advise if ASA sensor (specifically its 'interfaces) needs to be in production for it to be able to add/tick licenses and push access policies? do i need to reboot ASA or FP and see if it helps?</P> Tue, 12 Mar 2019 09:50:05 GMT https://community.cisco.com/t5/network-security/fmc-validation-errors/m-p/3095774#M133216 johnlloyd_13 2019-03-12T09:50:05Z https://community.cisco.com/t5/network-security/fmc-validation-errors/m-p/3714548#M133218 <P>It seems that the device will show up as red if the service-policy is not applied on the ASA. This is due to packets not being sent to the Firepower virtual appliance. It is possible to successfully deploy to the device without the service-policy being applied.&nbsp; The device being in the FMC showing up as red can be confusing.</P> <P>&nbsp;</P> <P>Please rate helpful posts.&nbsp;</P> Thu, 27 Sep 2018 19:15:31 GMT https://community.cisco.com/t5/network-security/fmc-validation-errors/m-p/3714548#M133218 Alex Pfeil 2018-09-27T19:15:31Z