cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7314
Views
5
Helpful
7
Replies

Error on ESA C170: FIle Reputation Service is unreachable

vschuckmann
Level 1
Level 1

Dear community,

I´ve a problem on an ESA C170:

Warning <System> *******.local: amp The File Reputation service in the cloud is unreachable....

The Warning message is:

amp The File Reputation service in the cloud is unreachable.

Last message occurred 61 times between Mon Dec  1 12:43:36 2014 and Mon Dec  1 13:43:26 2014.

Version: 8.5.6-074

Serial Number: D48*******************

Timestamp: 01 Dec 2014 13:44:13 +0100

 

I´ve already edited the heratbeat interval to 900 seconds (15'), but the error still occures. The telnet command cloud-sa.amp.sourcefire.com 443 is also working fine.

Do you have any ideas?

Thanks a lot!

1 Accepted Solution

Accepted Solutions

Robert Sherwin
Cisco Employee
Cisco Employee

What is the query timeout set to?  From the CLI use ampconfig and advanced, or in the GUI, Security Services > File Reputation and Analysis > Edit Global Settings... > Advanced (drop down arrow)

[]> advanced

Enter cloud query timeout?

[15]> 

Assure that this is set to 15 seconds (or higher)... up to 30 max.

-Robert

View solution in original post

7 Replies 7

Robert Sherwin
Cisco Employee
Cisco Employee

What is the query timeout set to?  From the CLI use ampconfig and advanced, or in the GUI, Security Services > File Reputation and Analysis > Edit Global Settings... > Advanced (drop down arrow)

[]> advanced

Enter cloud query timeout?

[15]> 

Assure that this is set to 15 seconds (or higher)... up to 30 max.

-Robert

I tried the above steps and it says 1-5 seconds is the only interval available. This is through cli or gui that it makes this statment.

Hello,

probably you have to open TCP Port 32137 or activate communication over SSL and open SSL Port 443 for the Ironport Appliance. This information is also supplied in Appendix D in the User Guide.

 

BR,

Thomas

Hi,

 

Attempting to set up AMP but cam to find out that the IP range for the cloud portion is dynamic. Our firewalls only work with IP addresses at this time so I cannot enter the 'cloud-sa.amp.sourcefire.com.' entry. Was told by Cisco support to set up a firewall rule that would allow the ironports to go to any destination via 443, bidirectional. This is not best practice from what I researched. Any opinions or other solutions are appreciated.

 

Tim

We have an ENH request to get static IP/hostnames for this set:

https://tools.cisco.com/bugsearch/bug/CSCut69420

 

But - this has remained pretty consistent w/ the current IP/hostnames:

$ dig cloud-sa.amp.sourcefire.com +short

cloud-sa-589592150.us-east-1.elb.amazonaws.com.

184.73.197.18

23.21.99.40

54.225.89.105

23.21.199.158

 

With the cloud-sa resolving:

$ dig cloud-sa-589592150.us-east-1.elb.amazonaws.com +short

23.21.199.158

23.21.99.40

184.73.197.18

54.225.89.105

 

-Robert

Just to further clarify on this as well.

On version 8.5 releases, AMP cloud timeout allows a maximum of 5 seconds.
On version 9.6 release, AMP cloud timeout for reputation allows up to 30 seconds for timeout.

 

Regards,

Matthew

Hi Robert,

thanks for your reply.

We´ve solved the issue: The FeatureKey S/N was built for the wrong ESA S/N.

Sorry for the silly mistake :/