01-16-2023 09:38 AM
Hello ,
I have a problem .
I have FMC 4600 and i want to add two FPR 4112 to FMC but i can't !!!
i have two switch layer 3 have a protcole HSRP and with configuration :
we are VLAN 254 and
interface Vlan254
Edge-To-LAN#
ip address 192.168.254.251 255.255.255.0
standby 254 ip 192.168.254.250==============> as a gatwey in FPR 4112
standby 254 preempt
so I try more time to add FPR4112 to FMC and show me error :
so you will find Error in the picture ..thanks to check
please i wait a reply and a help from expert security to resolve problem
Thanks in adv
Solved! Go to Solution.
01-16-2023 09:40 AM - edited 01-16-2023 09:43 AM
@Dhikra Marghli well according to the screenshot, either the time is out of sync - you just need to ensure the FMC and FTD time is sync'd, ideally use the same NTP server for both.
Or the FTD and FMC cannot communicate with each other, can you ping the FMC from the FTD and vice versa?
If you login to the FMC via CLI, go to expert mode you can run tcpdump and filter on 8305 - you can then determine whether the FTD is attempting to establish the sftunnel.
01-17-2023 01:40 AM
@Dhikra Marghli if the FTD cannot ping the FMC then that is your problem. Check the routing, can the FTD ping the next hop (switch)?
From the FTD when using the mgmt interface you need to use "ping system x.x.x.x" - the ping is then sent from the mgmt interface.
01-16-2023 09:40 AM - edited 01-16-2023 09:43 AM
@Dhikra Marghli well according to the screenshot, either the time is out of sync - you just need to ensure the FMC and FTD time is sync'd, ideally use the same NTP server for both.
Or the FTD and FMC cannot communicate with each other, can you ping the FMC from the FTD and vice versa?
If you login to the FMC via CLI, go to expert mode you can run tcpdump and filter on 8305 - you can then determine whether the FTD is attempting to establish the sftunnel.
01-17-2023 01:36 AM
i try that FMC and FTD have the same time either manual or with ntp server ...it show me same error
also from FTD cant' ping FMC but from switch layer 3 can ping FMC
please how i can resolve this problem !!
urgent and customer wait thisproblem reolve
thanks
01-17-2023 01:40 AM
@Dhikra Marghli if the FTD cannot ping the FMC then that is your problem. Check the routing, can the FTD ping the next hop (switch)?
From the FTD when using the mgmt interface you need to use "ping system x.x.x.x" - the ping is then sent from the mgmt interface.
01-16-2023 09:44 AM - edited 01-16-2023 09:45 AM
if they are in same VLAN and have access - as suggested NTP is major cause of the issue.
if they are able to reach each other its very simple to register manager :
01-19-2023 03:44 AM
01-19-2023 03:57 AM
So FMC and FTD management are on different subnets and traffic would be routed through the FTD? So, @Rob Ingram 's solution is the correct solution. Please select it as the answer.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide