Solved: Secure firewall 3120 not registering on fmc virtual

wanumet · ‎08-16-2025

Hello team.

We procured 2 secure firewall 3120 devices and virtual fmc

When we try to add the firewalls to the fmc it fails.

The process shows success in the firewall fdm but on the side of the fmc it shows fail, saying that we have to check connection. But when we ping the firewall from the fmc, it is successful and vice versa.

We have gone through all the available methods for both firewalls but no success.

Where could the problem be.

Enes Simnica · ‎08-16-2025

gDay to u @wanumet First, u need to make sure the firewalls are in FMC-managed mode (not FDM). Registration requires more than ping, cause FMC must reach the firewall on TCP 8305 and 443. And on the firewall, run configure manager delete to clear old attempts, then configure manager add <FMC IP> <key>, and use the same key in fmc. For the end, also check show managers to confirm status. Cause usualy most failures are due to port 8305 being blocked or a mismatch in the registration key/management IP.

hope it helps,

-Enes

more Cisco?!
more Gym?!

If this post solved your problem, kindly mark it as Accepted Solution. Much appreciated!

View solution in original post

MHM Cisco World · ‎08-19-2025

Share output of command above

Also are yoh sure you use mgmt access in data interface of FTD

Check this video

https://video.cisco.com/detail/video/6330251906112

MHM

View solution in original post

Enes Simnica · ‎08-16-2025

gDay to u @wanumet First, u need to make sure the firewalls are in FMC-managed mode (not FDM). Registration requires more than ping, cause FMC must reach the firewall on TCP 8305 and 443. And on the firewall, run configure manager delete to clear old attempts, then configure manager add <FMC IP> <key>, and use the same key in fmc. For the end, also check show managers to confirm status. Cause usualy most failures are due to port 8305 being blocked or a mismatch in the registration key/management IP.

hope it helps,

-Enes

more Cisco?!
more Gym?!

If this post solved your problem, kindly mark it as Accepted Solution. Much appreciated!

MHM Cisco World · ‎08-16-2025

1- if ftd connect to fdm it will not connect to fmc, fdm use local mgmt

2-are you use mgmt interface to connect to fmc or data interface

3-are ftd behind NAT?

4- share show management form ftd

MHM

wanumet · ‎08-16-2025

@MHM Cisco World wrote:
1- if ftd connect to fdm it will not connect to fmc, fdm use local mgmt

By fdm, I mean me logging into the firewall GUI using its IP address on port 2 (192.168.95.1)

@MHM Cisco World wrote:

2-are you use mgmt interface to connect to fmc or data interface

I don't seem to find a dedicated management interface on the 3120; it has eth 1-8 plus other fibre ports, but it comes with eth2 preconfigured with 192.168.95.1, so that is what I use to manage it

@MHM Cisco World wrote:

3-are ftd behind NAT?

Yes, I use eth1 as the outside interface with a static IP. I use this very interface to connect with FMC because it is on the same network as FMC

MHM Cisco World · ‎08-18-2025

Sorry for late reply I was so busy

> show managers

Abd

> capture traffic

Then select 0

Options: -n host <FMC IP>

Share the output of both commands

MHM

wanumet · ‎08-19-2025

Every thing looks fine. I can tenet fmc using 8305 from ftd, both fmc and ftd can ping each other, I deleted local manager on ftd and now shows no managers but when I try to check port 8305 from fmc, it remains romantic, no result. This port is not blocked anywhere. So what is the problem

MHM Cisco World · ‎08-19-2025

Share output of command above

Also are yoh sure you use mgmt access in data interface of FTD

Check this video

https://video.cisco.com/detail/video/6330251906112

MHM