topic Re: errors in Firepower in Network Security

errors in Firepower

adamgibs7 — Fri, 21 Feb 2020 15:35:58 GMT

Dears,

I have three questions, Please answer

Please find the attached error.

whenever i navigate to edit the ACP , i get a pop-up as per the attached , also when i save after doing any changes i get an a attached pop-up error, hence it is a bug but i am on the latest still it is hitting me, ???why that so ?? the bug id is https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvd40583/?rfs=iqvred

Also I have a file policy as per the attached it is showing warning, i wanted to confirm this warning means the file policy is not configured properly or it is just an information, also i have selected any for the type of file and checking for malware for all types of file except executable and multimedia which i m blocking explicitly is it a good practice of design.

i was having a default action to pass i have changed it dropped all traffic, now my fmc pops up with the error: unable to communicate dynamic analysis cloud, i have allowed all protocols from firepower sensor IP address.

Re: errors in Firepower

yogdhanu — Thu, 05 Apr 2018 04:49:45 GMT

Hi Adam,

For the first question:

It could be that bug. Do you have the same conditions in that setup like the firmware version and FTD HA?

It could be some other issue as well. I would suggest to open TAC case for that so right issue can be isolated and fixed.

For the second question: Although the screenshot does not show what is the warning(you can hover mouse over the warning and it will show the message) but it could just be that some of the files which are dynamic analysis capable and local analysis capable are also executable and multimedia which are already blocked. So dynamic/local analysis for those files will not be done because they are blocked anyways. If that's the error, it can safely be ignored.

For the third question.

its not a good practice to let FMC traffic pass through FTD/FPR but if you are doing that,

panacea.threatgrid.com is explicitly allowed on firepower for port 443 and cloud-sa.amp.sourcefire.com

for netowork AMP.

Hope it helps,

Yogesh

Re: errors in Firepower

adamgibs7 — Thu, 05 Apr 2018 07:06:51 GMT

Dear

It could be that bug. Do you have the same conditions in that setup like the firmware version and FTD HA?

It could be some other issue as well. I would suggest to open TAC case for that so right issue can be isolated and fixed

Any hint you can give me so that i can check for it, it can be becz of policies for which i have a deny statement up and permit statement down then again i have a deny statement for the some application traffic , It can be for that ????

but it could just be that some of the files which are dynamic analysis capable and local analysis capable are also executable and multimedia which are already blocked. So dynamic/local analysis for those files will not be done because they are blocked anyways. If that's the error, it can safely be ignored.

yes exactly it is the error.

Third Question

panacea.threatgrid.com is explicitly allowed on firepower for port 443 and cloud-sa.amp.sourcefire.com

for netowork AMP.

from FMC & firepower, IP address i have allowed , 80,443, 53 are there any other ports that has to be allowed apart from these.

Thanks

Re: errors in Firepower

yogdhanu — Thu, 05 Apr 2018 11:27:48 GMT

There are no other ports to be allowed. Are you doing SSL decryption on Firepower? If yes, bypass FMC IP from that. Or create a trust rule for FMC IP.

The policy error cannot be because of the rule actions. They may or may not match and give warning about that but no error.

You can run pigtail on FMC CLI in root mode and then reproduce the error. Stop the pigtail (it would be huge output so you may want to log the putty output) and then check for that error and any related info (just before the error comes) which might help.

Hope it helps,

Yogesh

Re: errors in Firepower

adamgibs7 — Fri, 06 Apr 2018 05:11:53 GMT

Dear Yogdhanu

Are you doing SSL decryption on Firepower

not for the FMC subnet as it is management Vlan,

Create a trust rule for FMC IP

I will create and test, currently not in the office

Also I will try applying the above and will collect logs

Thanks for the reply

Re: errors in Firepower

adamgibs7 — Sat, 21 Apr 2018 00:17:28 GMT

Dears

Please find the warning snapshot,

my first rule is blocking all executables and multimedia and on the second rule malware lookups for types of file , Please confirm whether it is a best practice for configuring file policy.

The trust rule worked fine without any errors

if start the pigtail how I can stop it. ??

Thanks

Re: errors in Firepower

yogdhanu — Mon, 23 Apr 2018 04:43:17 GMT

Hello,

The rules is fine. As the warning just explains that because first rule is to block file itself, system will not do lookup for those files which it has to block anyways on extension.

You can use control+ c to stop the output.

Rate if helps,

Yogesh

Re: errors in Firepower

adamgibs7 — Wed, 25 Apr 2018 19:37:03 GMT

Thanks

Attached are the pigtails, i don't know how we can read them is it any cisco document or it is only for the TAC use.

the file policy which i have configured is it a best practice as per the cisco ,???

i m facing a issue with the download file ,,i try to download a exe file for a user who is allowed to download the exe, the file starts downloading but at the end when it is 4 % 3% or 2% left to finish it fails with network error , but the logs says it is allowed

thanks

Re: errors in Firepower

adamgibs7 — Mon, 30 Apr 2018 19:26:06 GMT

Dear Yogdhanu,

Can u investigate the logs attached and share your experience

thanks

Re: errors in Firepower

adamgibs7 — Tue, 22 May 2018 19:43:54 GMT

Dears,

Anybody can help me for the above query.

thanks

Re: errors in Firepower

qasim.saeed1 — Fri, 23 Aug 2019 05:07:07 GMT

I Have the same issue in my firepower and I don't know why, URL also not working. Please guide us

Re: errors in Firepower

qasim.saeed1 — Fri, 23 Aug 2019 05:09:28 GMT

Error is Successfully connected with the cloud

FMC: Unable to communicate with dynamic analysis cloud.

Re: errors in Firepower

sachin garg — Mon, 27 Mar 2023 21:51:40 GMT

I have the problem - ERROR DURING POLICY VALIDATION "Internal error..........."

I gt below steps from TAC

Action Taken:-

Raised TAC as this needs some scripts to be run,
TAC initiated – 695290717,
TAC confirmed the same bug,
TAC eng mentioned to raise BU collab, next eng to join in next 5 to 10 mins
Bug ID - https://bst.cisco.com/bugsearch/bug/CSCvd40583

Next plan of action:- TAC steps to run script

Take backup of the FMC DB before executing this script.
Copy the file InterfaceAndInterfaceObjectCleanUp.zip to the FMC under the location /volume/home/admin.
SSH into the FMC with admin user.
Run “sudo su”, and type in the password.
Extract the compressed file with the command “unzip InterfaceAndInterfaceObjectCleanUp.zip”
Run “cd InterfaceAndInterfaceObjectCleanUp”
Run “chmod 777 InterfaceGroupCleanUp.sh”
Trigger the “InterfaceGroupCleanUp.sh” script by running the command: ./InterfaceGroupCleanUp.sh
Script has been attached to the below folder.
Needs to be done under a maintenance window,
Interfaces may restart,
TAC eng was not aware , BU eng joined the webex and told us this.
Script files may be taen from TAC. Not able to attach them here.