topic Thanks for the quick reply in Network Security

Unable to register FTD to FMC

songwh911 — Tue, 12 Mar 2019 09:47:23 GMT

I'm having trouble adding FTD to FMC. Originally I was managing FTD locally with FDM, but lack of features got me moving to FMC.

I ssh'd to FTD, and issues the command configure manager add <FMC IP> <Reg Key> and now it says 'pending'

I went on to FMC and added my FTD device with IP address and same reg key but it times out with error message "could not establish a connection with sensor. Make sure the registration keys match, that the software versions are compatible, and that the network is not blocking the connection".

I know reg keys are the same, there is no block in the firewall (can ping each other) and versions are compatible; FMC 6.2.0, FTD 6.2.0

I'm using one of the inside interfaces on the FTD to register, and management port is empty at the moment. There is no NAT device in-between, so not sure what I'm doing wrong. Does anyone have any idea what might be the cause?

Thanks in advance!

You must configure and use

Marvin Rhoads — Tue, 08 Aug 2017 15:26:03 GMT

You must configure and use the management interface on your FTD sensor to register to the FMC.

Thanks for the quick reply

songwh911 — Tue, 08 Aug 2017 15:40:43 GMT

Thanks for the quick reply Marvin. so, I guess that was the reason..

To assign an IP on management port, should I just do it through FDM on Management1/1 (diagnostic) interface? I saw somewhere in the guide that says don't configure diagnostic interface.

It's the one known as "br1"

Marvin Rhoads — Tue, 08 Aug 2017 16:18:43 GMT

You're welcome.

Physically it's the management interface. Logically it's the one known as "br1" for FTD cli shell (clish).

A very detailed explanation can be found here:

https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/200868-Configuring-Firepower-Threat-Defense-FT.html

I'm still not sure what I

songwh911 — Wed, 09 Aug 2017 23:41:41 GMT

I'm still not sure what I should do in my scenario. I have 2 interfaces facing towards FMC server.

One is p2p interface which forwards all traffic to the other 'site', and the other is br1(management) interface that I just added in the same subnet.(diagram attached)

For br1 to communicate to FMC in the other subnet, should I create a static route from br1 interface to FMC server? (eg. configure network static-routes ipv4 add br1 10.5.225.75 255.255.255.255 192.168.100.1)

Nvm. called TAC and figured

songwh911 — Thu, 10 Aug 2017 18:45:30 GMT

Nvm. called TAC and figured it out.

Basically, br1 interface didn't have a static route to FMC.

Re: Unable to register FTD to FMC

abdul ilyas — Thu, 17 Oct 2024 03:48:31 GMT

You can run configure-network command from expert mode to configure management IP-address and gateway.
> expert
> sudo su
password:
#configure-network