Solved: Re: AMP Private Cloud Sanity Check Failling

peter.peng · ‎01-05-2019

Hi Sir:

My AMP Private Cloud has below error message and I can't update VDB and IOS. Could you help me to solve this issue ?

Marvin Rhoads · ‎01-07-2019

I believe it does require re-install for that change. It's pretty fundamental with respect to how the VM is built.

Marvin Rhoads · ‎01-05-2019

For an air-gap installation, you must install the amp-sync tool on an Internet-connected Linux PC and use it to download a protect-db snapshot. Then transfer and upload that snapshot to your AMP Private Cloud host as indicated in your third screenshot.

.

https://www.cisco.com/c/en/us/support/docs/security/sourcefire-fireamp-private-cloud-virtual-appliance/118336-configure-fireampprivatecloud-00.html#anc11

For details on using amp-sync, please refer to Appendix B in the FireAMP Private Cloud User Guide:

https://docs.amp.cisco.com/FireAMPPrivateCloudUserGuide-latest.pdf

peter.peng · ‎01-06-2019

Hi Marvin:

I had tried to setup it by user guide. It ask me to download it.But It will lost many packet. Does it impact any update AMP private cloud procedure ?

Select the following packages to install:

All -> Net -> curl

All -> Utils -> genisoimage

All -> Utils -> xmlstarlet

Marvin Rhoads · ‎01-06-2019

Yes it impacts the product operations. As I noted and is specified in the product documentation, "you must install the amp-sync tool on an Internet-connected Linux PC and use it to download a protect-db snapshot".

Only after you successfully complete that will you be able to properly operate your AMP Private cloud appliance in air gap mode.

peter.peng · ‎01-06-2019

Hi Marvin:

I had fixed this issue. But I have other question. After I download these files and make a ISO by below command. How to update it to AMP Private Cloud ?

./amp-sync package -o newfile.iso

PankajSharma1807 · ‎01-27-2020

Hi Peter,

Please do let me know how you fixed this issue.

peter.peng · ‎01-06-2019

Hi Marvin:

I had found the user guide. It told me:

Attach your ISO file to the device through the Cisco Integrated Management Controller (CIMC) on your appliance, then click Check Update ISO.

Could I attach the ISO file to the ESXi ? or just only by CIMC ?

peter.peng · ‎01-06-2019

Hi Marvin:

If I setup the Standalone Air Gap Mode. Could I change it to proxy mode? Dos it impact license or any others ?

Marvin Rhoads · ‎01-07-2019

Air Gap mode is used when the AMP private cloud server is not allowed (usually by policy or regulation) to have Internet connectivity. So you should setup the appliance according to your organization's policy and requirements.

If you use Cloud Proxy mode then the license is the same.

The setup is a bit simpler and ongoing maintenance is easier since you do not have to regularly download and update the server using the manual method via an external server the way you are struggling with now. Also, the resource requirements for the server are significantly less since much of the analysis functionality is handled in the cloud vs. on your on premise server.

peter.peng · ‎01-07-2019

Hi Marvin:

Thanks for your recommendation.

So... If I want to change the mode (From Air Gap mode to Proxy mode). The only way is re-install. Right ?

Marvin Rhoads · ‎01-07-2019

I believe it does require re-install for that change. It's pretty fundamental with respect to how the VM is built.

peter.peng · ‎01-07-2019

Hi Marvin:

Sorry!! Could I confirm one question ?

If I re-install AMP. Should I apply the new License key ?

Marvin Rhoads · ‎01-07-2019

Re-installation will require re-applying the license.

I'm not positive on whether or not you can use the same one - Cisco may have validated the first one and not automatically accept it being presented with what looks like a new server.

I'd suggesting contacting the TAC for that one (or you can email licensing@cisco.com).