12-15-2016 03:55 PM - edited 03-12-2019 06:13 AM
Product Updates, Rule Updates and Geolocation Updates do not work on ASA 5506-X with FirePOWER services 5.4.1
Whenever I update the FirePOWER software and the rules from ASDM (Configuration > ASA FirePOWER Configuration > Updates and when I click “Download Updates” I'm getting the following error:
For “Product Updates” the error I’m getting is: Error Download updates failed: Unable to connect to update server
For “Rule Updates” the error I’m getting is: Error Connectivity problems. Unable to download rules
For “Geolocation Updates” the error I’m getting is: Error Failed to fetch the latest Geolocation Update from the Support Site
I’ve got all necessary licenses and connection to the internet. Default Policy is set to trust all traffic and I can ping 8.8.8.8 from the Sourcefire.
Did Cisco change update servers ips or am I forgetting to setup something?
Solved! Go to Solution.
12-23-2016 11:51 AM
Hmm, you definitely had in interesting issue going :) If I had to guess, #4 is what fixed it for you. If your resolv.conf was missing DNS entries then that will definitely cause issues for you.
Nonetheless, good job on solving your own problem! Also, thank you for taking the time to come back and update the thread! (+5 from me)
Now, since your issue is resolved, you should mark the thread as "answered" :)
12-22-2016 12:04 PM
It looks like something is blocking the connection from your device to Cisco's resources. Do you have any other devices between your ASA and the Internet? (Another Firewall, Proxy, etc)?
Also, have you seen these docs from Cisco:
I hope this helps!
Thank you for rating helpful posts!
12-22-2016 12:47 PM
My problem with this ASA update occurs whenever I’m re-imaging the ASA with FirePOWER 5.4.1. I don’t know what I have done but right now the FirePOWER updates are working. Below is the list of things I have done and probably one of those tasks allowed the FirePOWER (on-box) to update.
So based on the above I have no idea what made the ASA FirePOWER (on-box) to update.
12-23-2016 11:51 AM
Hmm, you definitely had in interesting issue going :) If I had to guess, #4 is what fixed it for you. If your resolv.conf was missing DNS entries then that will definitely cause issues for you.
Nonetheless, good job on solving your own problem! Also, thank you for taking the time to come back and update the thread! (+5 from me)
Now, since your issue is resolved, you should mark the thread as "answered" :)
02-23-2017 04:35 AM
Hi,
I had the same issue messages like "Error Download updates failed: Unable to connect to update server"
I did the activation through wizard asdm and that way it did not send dns information for SourceFire module (Not requested either). Also NTP server was not updating neither (using default ntp: sourcefire.pool.ntp.org), checking on Configuration > ASA FirePOWER Configuration > Local > Configuration > Time.
I had to do the following command:
configure network dns servers 8.8.8.8,8.8.4.4
But it still did not work.
The solution was reloading the ASA 5506-X and the issue was resolved.
Another workaround could be restarting the nscd service through expert commands, but I did not have a chance to test it.
ASA-5506-X# session sfr console
Opening console session with module sfr.
Connected to module sfr. Escape character sequence is 'CTRL-^X'.
> expert
admin@SourceFire3d:~$ sudo /etc/rc.d/init.d/nscd restart
Password:{Enter Your Password}
Stopping nscd... [ OK ]
Starting nscd... [ OK ]
admin@SourceFire3d:~$
> system support ping google.com
PING google.com (216.58.222.206) 56(84) bytes of data.
64 bytes from bog02s05-in-f14.1e100.net (216.58.222.206): icmp_req=1 ttl=57 time=26.0 ms
64 bytes from bog02s05-in-f14.1e100.net (216.58.222.206): icmp_req=2 ttl=57 time=21.6 ms
64 bytes from bog02s05-in-f14.1e100.net (216.58.222.206): icmp_req=3 ttl=57 time=21.5 ms
64 bytes from bog02s05-in-f14.1e100.net (216.58.222.206): icmp_req=4 ttl=57 time=21.4 ms
64 bytes from bog02s05-in-f14.1e100.net (216.58.222.206): icmp_req=5 ttl=57 time=21.2 ms
64 bytes from bog02s05-in-f14.1e100.net (216.58.222.206): icmp_req=6 ttl=57 time=20.8 ms
When I tried to update, I couldn't access to Firepower for a while through ASDM (a few hours), downloading information from 54.221.211.1:443. It downloaded almost 3GB.
05-06-2018 12:54 AM
I tried updating dns and below and DNS reolution started working.
admin@SourceFire3d:~$ sudo /etc/rc.d/init.d/nscd restart
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide