02-20-2017 02:37 PM - edited 02-21-2020 06:01 AM
Hi all,
I have configured a virtual FTD on a 4110 and trying to register the device to the FMC. The 4110 is running FXOS 1.1(4) and the FTD is running 6.0.1 image. I have upgraded the FMC to 6.0.1. I have been trying to register the FTD device to the FMC but no success.
1. does FTD need any license on the FMC rather than regular device license?
2. Does the 4110 need any license on box.
Please suggest if there is anything that I can try.
Really appreciate your help.
Regards,
Solved! Go to Solution.
02-22-2017 06:41 PM
Since the device is brand new, could you try upgrading the FX-OS to the current release 2.1.1 and reimaging the FTD logical device to 6.2?
I don't see any documented bugID that describes what you are seeing but you are woirking with the very first software release for the FTD image. Think of it as "1.0".
02-22-2017 08:17 PM
Yes - FMC 6.2 (or higher) is required to manage FTD 6.2 devices.
02-20-2017 07:24 PM
Your 4110 and FMC both need to register with the Cisco Smart Licensing server.
You should then be able to register the FTD virtual device with Smart Licensing and assign the mimimum license level (Threat license) required to apply a policy.
Even without the above, you should still be able to register the device to FMC.
Reference: http://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/fp4100/ftd-4100-qsg.html#pgfId-180997
02-21-2017 08:46 PM
Hi Marvin,
Thank you for your reply.
Is there any prerequisite for the FTD to register to FMC.
Does not matter whatever we try the 4110 FTD logical device would not register with the FMC.
Regards,
02-21-2017 09:44 PM
Have you assigned the FTD management interface in the 4100 FirePOWER Chassis Manager and then done the initial cli setup on the FTD logical device?
if that is done and the FMC and FTD can reach other on tcp/8305 (if I recall correctly) and the FMC version is greater than or equal to that of the FTD logical device then registration should work.
If there's any NAT in between then it's a bit more complicated.
If you've done all of the above without success then please share the error message you receive.
02-22-2017 12:22 AM
Hi Marvin,
Thank you for your reply. What is the initial config on the FTD logical device fron cli.
I have not done any config on the FTD from cli.
Regards,
02-22-2017 03:39 AM
Sorry - I should have said GUI for FTD on 4100 series. Only the FX-OS initial setup is cli-based.
Can you confirm that you have assigned an interface for management to the FTD device? Have you then done the GUI-based configuration of the FirePOWER Threat Defense Image? (General Information, Settings and Agreement tabs).
After having done that does the logical device status indicate it is online? You should also see under Security Device hardware state "up", service state "online", power "on" and application "Cisco FirePOWER Threat Defense".
Finally, check from the FX-OS cli that the FTD device is ready to be managed by FMC. (ssh to your chassis, then "connect ftd" and then "show managers")
02-22-2017 03:39 AM
From the FPR chassis manager FXOS, every time I connect to the FTD it loops me to enter the admin password.
02-22-2017 03:46 AM
Did you complete the GUI-based setup steps I mentioned?
02-22-2017 04:02 AM
Yes, given the management Interface, IP, FMC IP, Reg key etc. Save and that reloads the FTD Logical Device and everything goes green, up and online.
02-22-2017 08:09 AM
In your cli session excerpt when you typed the "?", it gave show commands as an option. Does it not allow you to enter them?
02-22-2017 01:55 PM
I can see the following options after "show" command.
Firepower-module1>
Firepower-module1>?
show => Display system information. Enter show ? for options
config => Configure the system. Enter config ? for options
terminalLength => Terminal settings. Enter terminal ? for options
ping => Ping a host to check reachability
nslookup => Look up an IP address or host name with the DNS servers
traceroute => Trace the route to a remote host
connect => Connect to specific csp console (asa, etc)
support => System file operations
debug => debug commands
testcrashinfo => Test crashinfo support
help => Get help on command syntax
Firepower-module1>show ?
diskusage => Display current disk space usage
time => Display current system date and time
memoryusage => Display the system Memory usage
cpuinfo => Display the system CPU Information
users => Display who is logged on and user operations
uptime => Display system up time
slot => Display the slot number of SSP to which this blade is connected
processes => Display all system processes
hosts => Show hosts
route => Show configured routes
interfaces => Show currently configured interfaces
version => Display product version
netstat => Show network connections
vnicmap => Display VNICs with Ethernet interfaces
platform => Display platform information
memory => Display the memory monitor configuration
disk => Display the disk monitor configuration
cpu => Display the CPU monitor configuration
ntp => Show NTP time sync information
coredump => Show coredump configuration
maxRestart => Show maxRestart
services => Display status of the services
process => Show process details
tech-support => Generate system information report for troubleshooting purposes
Firepower-module1>
02-22-2017 06:41 PM
Since the device is brand new, could you try upgrading the FX-OS to the current release 2.1.1 and reimaging the FTD logical device to 6.2?
I don't see any documented bugID that describes what you are seeing but you are woirking with the very first software release for the FTD image. Think of it as "1.0".
02-22-2017 07:56 PM
HI Marvin,
Thank you for the suggestion.
I have upgraded the FX-OS to 2.0.1 and that is a prerequisite of 2.1.1.
My FMC is currently running 6.0.1, do I need to upgrade the FMC to 6.2 as the FTD will be running 6.2 code.
Regards
02-22-2017 08:17 PM
Yes - FMC 6.2 (or higher) is required to manage FTD 6.2 devices.
03-12-2017 05:03 PM
Hi Marvin,
Sorry forgot to Thank you for all the inputs.
Once I upgraded FXOS, FTD and FMC to the latest versions, the issue was resolved.
Regards,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide