07-29-2019 02:17 AM
Hello,
I have a client reporting that the FMC is connecting the last couple of days to some IP ( i.e. 34.246.67.169) through https and maybe it is downloading. It is strange because it is something new and the bandwidth is consumed, foe ten or so minutes.
He tracked the IP to Amazon Europe.
I would like to ask if there is any communication between the FMC and Amazon.
How could I track this connection that concerns only the FMC?
Regards,
Konstantinos
Solved! Go to Solution.
07-29-2019 04:38 AM
FMC download updates from Cisco update server, need to check is this hosted on Amazon
As per my knowledge the IP belong to **.brightcloud.com) this is for webroot updates i guess.
07-29-2019 05:05 AM
As @balaji.bandi noted, the Amazon address is one location where the Brightcloud server (database.brightcloud.com - source for FMC's URL updates) is hosted.
We can see this in the following screen taken from Cisco Umbrella Investigate:
07-29-2019 04:38 AM
FMC download updates from Cisco update server, need to check is this hosted on Amazon
As per my knowledge the IP belong to **.brightcloud.com) this is for webroot updates i guess.
07-29-2019 04:47 AM
Hello Balaji,
Yes, I agree that this traffic could be updates from Cisco, but why they take up all the bandwidth?
I saw too about brightcloud, but how could I check if cisco is hosted in amazon?
Also, this is the DR where the IPS does not work yet.
Regards,
Konstantinos
07-29-2019 05:05 AM
As @balaji.bandi noted, the Amazon address is one location where the Brightcloud server (database.brightcloud.com - source for FMC's URL updates) is hosted.
We can see this in the following screen taken from Cisco Umbrella Investigate:
07-29-2019 05:21 AM
Hello Marvin,
Ok so the FMC tries to download updates for its URL database.
Why do you think it consumes all the bandwidth?
Regards,
Konstantinos
07-29-2019 06:23 AM
what kind of bandwidth consumption we are talking ? its general incremental updates it will pull from that servers.
until you have initiated other software upgrades.
07-29-2019 06:28 AM
It is taking up all the line.
Well it must be a provider issue, as it seems. There were problems so it timed out, that's why it kept retrying to download.
Thank you for your help
Regards,
Konstantinos
07-29-2019 08:11 AM
Hope you sorted the issue with provider by now. (on the side note more interested all line speed ? what speed it is ?)
if this is resolved marked as resolved so others can refer this as solution.
07-29-2019 10:13 PM
Hello,
It was about 14 Mbps
Regards,
Konstantinos
07-30-2019 12:10 AM
14MBps is small amount for internet in this era, if that is the case you an shedule for non-peak hours to get updates.(this is not recommended, since you miss real time any zero attack scenarios)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide