I tried the above steps and it says 1-5 seconds is the only interval available. This is through cli or gui that it makes this statment.

Hello,

probably you have to open TCP Port 32137 or activate communication over SSL and open SSL Port 443 for the Ironport Appliance. This information is also supplied in Appendix D in the User Guide.

BR,

Thomas

Hi,

Attempting to set up AMP but cam to find out that the IP range for the cloud portion is dynamic. Our firewalls only work with IP addresses at this time so I cannot enter the 'cloud-sa.amp.sourcefire.com.' entry. Was told by Cisco support to set up a firewall rule that would allow the ironports to go to any destination via 443, bidirectional. This is not best practice from what I researched. Any opinions or other solutions are appreciated.

Tim

We have an ENH request to get static IP/hostnames for this set:

https://tools.cisco.com/bugsearch/bug/CSCut69420

But - this has remained pretty consistent w/ the current IP/hostnames:

$ dig cloud-sa.amp.sourcefire.com +short

cloud-sa-589592150.us-east-1.elb.amazonaws.com.

184.73.197.18

23.21.99.40

54.225.89.105

23.21.199.158

With the cloud-sa resolving:

$ dig cloud-sa-589592150.us-east-1.elb.amazonaws.com +short

23.21.199.158

23.21.99.40

184.73.197.18

54.225.89.105

-Robert

Just to further clarify on this as well.

On version 8.5 releases, AMP cloud timeout allows a maximum of 5 seconds.
On version 9.6 release, AMP cloud timeout for reputation allows up to 30 seconds for timeout.

Regards,

Matthew

Hi Robert,

thanks for your reply.

We´ve solved the issue: The FeatureKey S/N was built for the wrong ESA S/N.

Sorry for the silly mistake :/