Re: ASA/Firepower interfaces not coming up

sobin peter · ‎12-12-2018

Hi

I am in middle of an implementation of FTD and FMC

I am facing an issue with the interfaces in FTD. We have 2x2140 devices which is added to FMC with the management interface. Connected a 10G port to core switch and it came up but rest all ports are not coming up. Can somebody help me in this case.

Rob Ingram · ‎12-12-2018

Hi,

Have you configured the interfaces of the device in the FMC and deployed the policy? The interfaces will only come up once you've done that.

HTH

sobin peter · ‎12-12-2018

Hi Thanks for the response.

I have enabled the interfaces on both firewalls from FMC but no policies are configured yet. Unless configuring any policy, there is one interface which came up.

One thing to be mentioned is that, the one interface which is up now, is connected before adding the devices to FMC. After adding to FMC there was license sync error seen and contacted cisco licensing team to resolve it.

sobin peter · ‎12-12-2018

Hi Thanks for the response.

I have enabled the interfaces on both firewalls from FMC but no policies are configured yet. Unless configuring any policy, there is one interface which came up.

One thing to be mentioned is that, the one interface which is up now, is connected before adding the devices to FMC. After adding to FMC there was license sync error seen and contacted cisco licensing team to resolve it.

Rob Ingram · ‎12-12-2018

If you've configured and enabled the interfaces but not deployed a policy then the FTD will not yet know that the interfaces should be enabled. When enabling/configuring the interfaces, these changes are not dynamic and the configuration needs to be deployed.

HTH

Abheesh Kumar · ‎12-12-2018

Hi,
Go to FMC Devices > edit > Interfaces
check weather did you enable the interfaces.

Hope This Helps
Abheesh

sobin peter · ‎12-12-2018

Hi
I did that. enabled the interfaces but its still shows disabled and down.

Abheesh Kumar · ‎12-12-2018

To which device is the FTD is connecting. Is your FTD in HA...???

I mean is it in VSS or VPC or Etherchanel..?

sobin peter · ‎12-12-2018

To cisco 9300 switch with 10G. Still not done HA.

Abheesh Kumar · ‎12-12-2018

So both are individual firewalls, Can you check the speed of interfaces in both the side.
Can you share a screen shot from FMC for interface configuration and the other side switch interface configurations.

sobin peter · ‎12-12-2018

Yes both are now individual. I will share it tomorrow. One port in the FTD is up. I connected all other fiber cables from the switch side connected to the working port and it is coming up so switch side seems to be ok. Then the working cable connected to other FTD ports and does not come up.

Abheesh Kumar · ‎12-12-2018

Is it a portchannel or normal interface

sobin peter · ‎12-12-2018

Normal interface. Just started the implementation. No HA, portchannel, policies routing configured yet.

hcssupport · ‎12-27-2019

Hi All,

It is old forum but i like to give my answer as someone will get benefited.

once you have enabled the interface, you must give "commit-buffer" command which will bring up your interfaces.

Forward · ‎08-19-2024

commit-buffer where