Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2057
Views
10
Helpful
9
Replies

FMC connecting to amazon

Go to solution
kostasthedelegate
Level 4
Level 4

‎07-29-2019 02:17 AM

Hello, 

 

I have a client reporting that the FMC is connecting the last couple of days to some IP ( i.e. 34.246.67.169)  through https and maybe it is downloading. It is strange because it is something new and the bandwidth is consumed, foe ten or so minutes.

He tracked the IP to Amazon Europe. 

 

I would like to ask if there is any communication between the FMC and Amazon. 

How could I track this connection that concerns only the FMC?

 

Regards, 

Konstantinos

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎07-29-2019 04:38 AM

FMC download updates from Cisco update server, need to check is this hosted on Amazon

As per my knowledge the IP belong to **.brightcloud.com)  this is for webroot updates i guess.

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎07-29-2019 05:05 AM

As @balaji.bandi noted, the Amazon address is one location where the Brightcloud server (database.brightcloud.com - source for FMC's URL updates) is hosted.

We can see this in the following screen taken from Cisco Umbrella Investigate:

Umbrella Lookup.PNG

View solution in original post

9 Replies 9

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎07-29-2019 04:38 AM

FMC download updates from Cisco update server, need to check is this hosted on Amazon

As per my knowledge the IP belong to **.brightcloud.com)  this is for webroot updates i guess.

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
kostasthedelegate
Level 4
Level 4
In response to balaji.bandi

‎07-29-2019 04:47 AM

Hello Balaji, 

 

Yes, I agree that this traffic could be updates from Cisco, but why they take up all the bandwidth?

 

I saw too about brightcloud, but how could I check if cisco is hosted in amazon?

 

Also, this is the DR where the IPS does not work yet.

 

Regards, 

Konstantinos

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎07-29-2019 05:05 AM

As @balaji.bandi noted, the Amazon address is one location where the Brightcloud server (database.brightcloud.com - source for FMC's URL updates) is hosted.

We can see this in the following screen taken from Cisco Umbrella Investigate:

Umbrella Lookup.PNG

Go to solution
kostasthedelegate
Level 4
Level 4
In response to Marvin Rhoads

‎07-29-2019 05:21 AM

Hello Marvin, 

 

Ok so the FMC tries to download updates for its URL database. 

Why do you think it consumes all the bandwidth?

 

Regards, 

Konstantinos

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to kostasthedelegate

‎07-29-2019 06:23 AM

what kind of bandwidth consumption we are talking ? its general incremental updates it will pull from that servers.

 

until you have initiated other software upgrades.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
kostasthedelegate
Level 4
Level 4
In response to balaji.bandi

‎07-29-2019 06:28 AM

It is taking up all the line. 

Well it must be a provider issue, as it seems. There were problems so it timed out, that's why it kept retrying to download. 

 

Thank you for your help

 

Regards, 

Konstantinos

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to kostasthedelegate

‎07-29-2019 08:11 AM

Hope you sorted the issue with provider by now. (on the side note  more interested all line speed ? what speed it is ?)

 

if this is resolved marked as resolved so others can refer this as solution.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
kostasthedelegate
Level 4
Level 4
In response to balaji.bandi

‎07-29-2019 10:13 PM

Hello, 

 

It was about 14 Mbps

 

Regards, 

Konstantinos

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to kostasthedelegate

‎07-30-2019 12:10 AM

14MBps is small amount for internet in this era, if that is the case you an shedule for non-peak hours to get updates.(this is not recommended, since you miss real time any zero attack scenarios)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card