Solved: Re: add FPR4112 to FMC and show me error

Dhikra Marghli · ‎01-16-2023

Hello ,

I have a problem .

I have FMC 4600 and i want to add two FPR 4112 to FMC but i can't !!!

i have two switch layer 3 have a protcole HSRP and with configuration :

we are VLAN 254 and

interface Vlan254
Edge-To-LAN#
ip address 192.168.254.251 255.255.255.0
standby 254 ip 192.168.254.250==============> as a gatwey in FPR 4112
standby 254 preempt

so I try more time to add FPR4112 to FMC and show me error :

so you will find Error in the picture ..thanks to check

please i wait a reply and a help from expert security to resolve problem

Thanks in adv

Rob Ingram · ‎01-16-2023

@Dhikra Marghli well according to the screenshot, either the time is out of sync - you just need to ensure the FMC and FTD time is sync'd, ideally use the same NTP server for both.

Or the FTD and FMC cannot communicate with each other, can you ping the FMC from the FTD and vice versa?

If you login to the FMC via CLI, go to expert mode you can run tcpdump and filter on 8305 - you can then determine whether the FTD is attempting to establish the sftunnel.

View solution in original post

Rob Ingram · ‎01-17-2023

@Dhikra Marghli if the FTD cannot ping the FMC then that is your problem. Check the routing, can the FTD ping the next hop (switch)?

From the FTD when using the mgmt interface you need to use "ping system x.x.x.x" - the ping is then sent from the mgmt interface.

View solution in original post

Rob Ingram · ‎01-16-2023

@Dhikra Marghli well according to the screenshot, either the time is out of sync - you just need to ensure the FMC and FTD time is sync'd, ideally use the same NTP server for both.

Or the FTD and FMC cannot communicate with each other, can you ping the FMC from the FTD and vice versa?

If you login to the FMC via CLI, go to expert mode you can run tcpdump and filter on 8305 - you can then determine whether the FTD is attempting to establish the sftunnel.

Dhikra Marghli · ‎01-17-2023

i try that FMC and FTD have the same time either manual or with ntp server ...it show me same error

also from FTD cant' ping FMC but from switch layer 3 can ping FMC

please how i can resolve this problem !!

urgent and customer wait thisproblem reolve

thanks

Rob Ingram · ‎01-17-2023

@Dhikra Marghli if the FTD cannot ping the FMC then that is your problem. Check the routing, can the FTD ping the next hop (switch)?

From the FTD when using the mgmt interface you need to use "ping system x.x.x.x" - the ping is then sent from the mgmt interface.

balaji.bandi · ‎01-16-2023

if they are in same VLAN and have access - as suggested NTP is major cause of the issue.

if they are able to reach each other its very simple to register manager :

https://www.balajibandi.com/?p=310

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Dhikra Marghli · ‎01-19-2023

thanks to reply me ...

the problem is reloved .because the solution require to configure two @ip : for chassis and @ip for FTD .

my problem ..i configure just one @ip for chassiss !!! that why i can't ping from ftd to fmc ..

ans also ..date is different

thanks all expert security cisco

Marius Gunnerud · ‎01-19-2023

So FMC and FTD management are on different subnets and traffic would be routed through the FTD? So, @Rob Ingram 's solution is the correct solution. Please select it as the answer.

--
Please remember to select a correct answer and rate helpful posts