Solved: Ftd osp/bgp

Dkiptoo · ‎11-07-2025

Hello, am abit new to Firepower configuration.. We have two ftd instances, one as campus and another as perimeter, both managed from fmc. The the two instances share routes via ospf peering, and bgp retribution also configured.The problem am facing is that campus instance is not sharing sharing route with perimeter instance. When check ospf neighbour, nothing on both instances. I suspect is the main issue but now wondering how to go about it. What should I check on the two instances. Interestingly, the perimeter can ping campus, but vise versa fails.

Aref Alsouqi · ‎11-10-2025

Could you please share your OSPF sanitized configurations on both ends for review? it could be a mismatch value between the two ends that is causing the neighborship to fail.

View solution in original post

pieterh · ‎11-07-2025

important questions here are:
- has it worked before ?
- what has changed ?
a firewall (as it is a firewall) may be configured to NOT reply to icm-echo packets
-> check the policies if icmp-echo (and reply) are allowed.

managed by fmc ? -> does fmc throw any warnings ? like out of sync ?
-> if so there have been modifications to the FTD manually (not using FMC) => compare FMC policies and running FTD.
if necessary resync.

balaji.bandi · ‎11-07-2025

A bit confused here. Is the OSPF neighbour up? Post the show ospf neigh out here,

BB

=====Preenayamo Vasudevam=====

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Dkiptoo · ‎11-07-2025

No neighbour adjacency between the two neighbours

balaji.bandi · ‎11-08-2025

then we need more information and check in the patch what is Blocking, any Firewalls ?

troubleshooting guide in general

https://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/13699-29.html

BB

=====Preenayamo Vasudevam=====

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Aref Alsouqi · ‎11-10-2025

Could you please share your OSPF sanitized configurations on both ends for review? it could be a mismatch value between the two ends that is causing the neighborship to fail.

Dkiptoo · ‎11-10-2025

Actually I restored an FMC back up that had all configurations after realising that it was a misconfig on one of the instance. Now the new back up unfortunately is not registered to smart license account and therfore cannot deploy the configs to the ftd instance. The current management network, which I believe is also supposed to be the gateway to Cisco smart licensing server currently doesn't have Internet access due to next hops routing issues. How do I reconfigure the management network gateway to allow the instance to access smart licensing server for registration? The only routes present on the ftd are local, with one to the the ISP router, therefore can ping ISP public IP

Aref Alsouqi · ‎11-11-2025

Could you please share a draft topology of your network for review?

pieterh · ‎11-11-2025

there is still the possibility to activate the license using a file
it requires multiple steps, create request/ transfer to license server, generate file, transfer to FTD and activate
search smart-licensing for air-gap deployment