Re: Firepower services, Blank Dashboard. Not reporting data.

jkrato · ‎02-01-2019

Set up firepower services. Followed various documentation. Once completed noticed the graphs weren't populating. Realized I didn't have licensing so I purchased that. Still doesn't work.

The firewall can ping the firepower module

When I run:
show service-policy sfr

I get:

Global policy:
Service-policy: global_policy
Class-map: SFR
SFR: card status Up, mode fail-open monitor-only
packet input 0, packet output 21152328, drop 0, reset-drop 0

Shouldn't the packet input match the packet output?

This probably means I have a mis-configuration somewhere.... But I am not sure where to start.

Thanks

Abheesh Kumar · ‎02-02-2019

Hi,
PLease share the access-list you configured on the class-map.

HTH
Abheesh

jkrato · ‎02-04-2019

How do you do that in command line? Are talking about in the firepower config?

Ashish Jhaldiyal · ‎02-04-2019

You need to issue the following commands on the firewall,

show run class-map SFR

make sure you have an ACL in the match access-list statement something like " match access-list SFR-ACL"

SFR-ACL should include traffic that you want to send to SFR Module.

Below is the output from my lab firewall.

access-list SFR_ACL extended permit ip any any

class-map SFR_ACL
match access-list SFR_ACL

policy-map global_policy

class SFR_ACL
sfr fail-open

jkrato · ‎02-05-2019

I must have done something wrong... Here is what I got

ciscoasa# show run class-map SFR
!
class-map SFR
match any
!
ciscoasa#

jkrato · ‎02-08-2019

Can you offer anymore help?

jkrato · ‎02-08-2019

class-map SFR
match any
class-map inspection_default
match default-inspection-traffic
!