After re-image FPR2110 from FTD to ASA9.8.2, the device mgmt interface UI become "Forbidden- you don't have permission to access / on this server"

fraserC — Fri, 21 Feb 2020 15:36:35 GMT

I'm not sure if this is by design. Anybody else run into this?

After re-image FPR2110 from FTD to ASA9.8.2, the chassis (FXOS) mgmt interface UI become "Forbidden- you don't have permission to access / on this server"

https://mgmt-ip

SSH into FXOS mgmt IP works. SSH & HTTPS to ASA mgmt IP also works. It's just HTTPS to FXOS chassis mgmt UI doesn't work.

~Fraser

Re: After re-image FPR2110 from FTD to ASA9.8.2, the device mgmt interface UI become "Forbidden- you don't have permission to access / on this server"

fraserC — Mon, 09 Apr 2018 15:58:53 GMT

Found errors logged on ASDM as following HTTPS access 403 forbidden error.

authz_core:error AH01630:client denied by server configuration:/isan/apache/

(70014)Enf of file found: AH01991:SSL input filter read failed.

...etc

I also verified on CLI firepower /system/services/ip-block, my origin IP is included and same setting for https and ssh.

I also tried to disable /system/services/https and re-enable. No diff.

Last choice, I upgrade it from 9.8.2 to 9.9.1.3

firepower /firmware/auto-install # install security-pack version 9.9.1.3

it took about 5 minutes to install and reboot. FDM came back OK without any other changes..

lesson learned: because FPR2100 image is FXOS+ASA bundle, it's better choose latest ASA version to keep FXOS up-to-date. I'm looking at 9.9.2 now.

topic Re: After re-image FPR2110 from FTD to ASA9.8.2, the device mgmt interface UI become "Forbidden- you don't have permission to access / on this server" in Network Security

After re-image FPR2110 from FTD to ASA9.8.2, the device mgmt interface UI become "Forbidden- you don't have permission to access / on this server"

Re: After re-image FPR2110 from FTD to ASA9.8.2, the device mgmt interface UI become "Forbidden- you don't have permission to access / on this server"