- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-01-2014 05:10 AM
Dear community,
I´ve a problem on an ESA C170:
Warning <System> *******.local: amp The File Reputation service in the cloud is unreachable....
The Warning message is:
amp The File Reputation service in the cloud is unreachable.
Last message occurred 61 times between Mon Dec 1 12:43:36 2014 and Mon Dec 1 13:43:26 2014.
Version: 8.5.6-074
Serial Number: D48*******************
Timestamp: 01 Dec 2014 13:44:13 +0100
I´ve already edited the heratbeat interval to 900 seconds (15'), but the error still occures. The telnet command cloud-sa.amp.sourcefire.com 443 is also working fine.
Do you have any ideas?
Thanks a lot!
Solved! Go to Solution.
- Labels:
-
Email Security
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-02-2014 05:25 AM
What is the query timeout set to? From the CLI use ampconfig and advanced, or in the GUI, Security Services > File Reputation and Analysis > Edit Global Settings... > Advanced (drop down arrow)
[]> advanced
Enter cloud query timeout?
[15]>
Assure that this is set to 15 seconds (or higher)... up to 30 max.
-Robert
Robert Sherwin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-02-2014 05:25 AM
What is the query timeout set to? From the CLI use ampconfig and advanced, or in the GUI, Security Services > File Reputation and Analysis > Edit Global Settings... > Advanced (drop down arrow)
[]> advanced
Enter cloud query timeout?
[15]>
Assure that this is set to 15 seconds (or higher)... up to 30 max.
-Robert
Robert Sherwin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-16-2014 07:22 AM
I tried the above steps and it says 1-5 seconds is the only interval available. This is through cli or gui that it makes this statment.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-21-2014 12:48 PM
Hello,
probably you have to open TCP Port 32137 or activate communication over SSL and open SSL Port 443 for the Ironport Appliance. This information is also supplied in Appendix D in the User Guide.
BR,
Thomas
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-31-2015 08:01 AM
Hi,
Attempting to set up AMP but cam to find out that the IP range for the cloud portion is dynamic. Our firewalls only work with IP addresses at this time so I cannot enter the 'cloud-sa.amp.sourcefire.com.' entry. Was told by Cisco support to set up a firewall rule that would allow the ironports to go to any destination via 443, bidirectional. This is not best practice from what I researched. Any opinions or other solutions are appreciated.
Tim
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-31-2015 01:14 PM
We have an ENH request to get static IP/hostnames for this set:
https://tools.cisco.com/bugsearch/bug/CSCut69420
But - this has remained pretty consistent w/ the current IP/hostnames:
$ dig cloud-sa.amp.sourcefire.com +short
cloud-sa-589592150.us-east-1.elb.amazonaws.com.
184.73.197.18
23.21.99.40
54.225.89.105
23.21.199.158
With the cloud-sa resolving:
$ dig cloud-sa-589592150.us-east-1.elb.amazonaws.com +short
23.21.199.158
23.21.99.40
184.73.197.18
54.225.89.105
-Robert
Robert Sherwin

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-31-2015 06:07 PM
Just to further clarify on this as well.
On version 8.5 releases, AMP cloud timeout allows a maximum of 5 seconds.
On version 9.6 release, AMP cloud timeout for reputation allows up to 30 seconds for timeout.
Regards,
Matthew
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-06-2015 01:42 AM
Hi Robert,
thanks for your reply.
We´ve solved the issue: The FeatureKey S/N was built for the wrong ESA S/N.
Sorry for the silly mistake :/
