Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4928
Views
30
Helpful
7
Replies

Problems with new ESA console after upgrading to version 13.0.0-375 CISCO C190

elcanosistemas
Level 1
Level 1

‎01-13-2020 09:40 AM

Good day.

 

After upgrading the version of my ESAS i can´t access to the new interface giving me this error after waiting a while.

Apparently everything is correct in our firewall, indeed i am getting access to the new console of the SMA without problem.

this is the error:

504 Gateway Time-out

nginx

 

5 people had this problem
Labels:
7 Replies 7

marc.luescherFRE
Spotlight
Spotlight

‎01-13-2020 09:57 AM

Hi there,

 

instead of : https://mvxx.fmcna.com:4431/ng-login

 

try using

 

https://mvxx.fmcna.com/ng-login

 

replaced mvxx with your hostname

 

Kind regards

Marc

elcanosistemas
Level 1
Level 1
In response to marc.luescherFRE

‎01-13-2020 11:13 PM

Good day Marc.

 

Great, you were right. I don´t know why is redirecting to xxx:4431 when is not used.

Now I have a new error when I enter my credentials: either API server is not started or is unreachable.

 

1.- API HTTP and HTTPS port enabled--> DONE

2.-Post upgrade, trailblazerconfig is enabled by default--> I dont know what this means.

3.-The configured HTTPS port must be opened on the firewall --> DONE

4.-DNS server should resolve the hostname that you have specified for accessing the appliance. --> DONE

 

Thanks,

 

Andres D.A.

marc.luescherFRE
Spotlight
Spotlight
In response to elcanosistemas

‎01-14-2020 03:20 AM

Hi Andres,

 

trailblazer is a new "server task" in charge of the new GUI. For more details see here:

https://www.cisco.com/c/en/us/support/docs/security/content-security-management-appliance/214391-administrative-details-on-trailblazer.html

 

We have experienced this issue when during the beta phase when our firewalls (local and DMZ) would not allow port 4431 to pass between browser and ESA. I would start by looking if you can telnet your ESA on this port or simply ask your networking guys.

 

I hope that helps

 

=Marc

0 Helpful

hieutx91
Level 1
Level 1
In response to marc.luescherFRE

‎02-18-2020 11:47 PM - edited ‎02-18-2020 11:50 PM

I currently setting up C395 ESA running AsyncOS 13.0.0-392

I have configured trailblazer enable and open port required (80,443,4431,6080,6443 telnet ok) but got error "504 Gateway Time-out" when browsing "https://myhost:4431/ng-login".

If I try "https://myhost/ng-login" it working fine without any error.

Is there something I'm missing?

marc.luescherFRE
Spotlight
Spotlight
In response to hieutx91

‎02-21-2020 02:34 PM

You are all set, the redirect in the link is just wrongly coded. Even this issue was reported before Cisco seems a bit slow to fix it.

cryptochrome
Level 1
Level 1
In response to marc.luescherFRE

‎03-03-2020 12:32 PM

Does this mean we no longer need to open port 4431 on firewalls to be able to access the new GUI?

0 Helpful

Support Cisco
Level 1
Level 1
In response to cryptochrome

‎03-11-2020 07:45 AM

Hello,

 

It seems that this is a mistake with port 4431, i just use : https://@IP SMA/ng-login and it works after i enable in CLI trailblazerconfig enable

 

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents