Re: ASA FirePOWER URL filtering not working - could not download Database

lsladmin · ‎03-06-2018

Connection to service.brightcloud.com and database.brightcloud.com with telnet works finde.
But a database download should not work.

SF-IMS[4407]: [4432] CloudAgent:CloudAgent [WARN] DownloadURLDBFilesOnDC: URL Database update: Malformed message received. Status: -102
SF-IMS[4407]: [4432] CloudAgent:CloudAgent [INFO] Returning until retry: 0 equals NUMBER_OF_RETRIES = 2
SF-IMS[4407]: [4432] CloudAgent:CloudAgent [WARN] DownloadURLDBFilesOnDC: URL Database update: Malformed message received. Status: -102
SF-IMS[4407]: [4432] CloudAgent:CloudAgent [INFO] Returning until retry: 0 equals NUMBER_OF_RETRIES = 2
SF-IMS[4407]: [4432] CloudAgent:CloudAgent [WARN] DownloadURLDBFilesOnDC: URL Database update: Malformed message received. Status: -102
SF-IMS[4407]: [4432] CloudAgent:CloudAgent [INFO] Returning until retry: 1 equals NUMBER_OF_RETRIES = 2
SF-IMS[4407]: [4432] CloudAgent:CloudAgent [WARN] DownloadURLDBFilesOnDC: URL Database update: Malformed message received. Status: -102
SF-IMS[4407]: [4432] CloudAgent:CloudAgent [INFO] Returning until retry: 1 equals NUMBER_OF_RETRIES = 2
SF-IMS[4407]: [4432] CloudAgent:CloudAgent [WARN] DownloadURLDBFilesOnDC: URL Database update: Malformed message received. Status: -102
SF-IMS[4407]: [4432] CloudAgent:CloudAgent [INFO] Set failure_time to:'1520326105'
SF-IMS[4407]: [4432] CloudAgent:CloudAgent [WARN] DownloadURLDBFilesOnDC: URL Database update: Malformed message received. Status: -102
SF-IMS[4407]: [4432] CloudAgent:CloudAgent [INFO] Set failure_time to:'1520326105'

Marvin Rhoads · ‎03-06-2018

There are some documented bugs you may be hitting.

What is your platform and version number? Has it ever worked?

lsladmin · ‎03-06-2018

Hi thanks for your quick answer.
FirePower is running in Version 6.2.1 at our ASA5516.

System Output in FirePower WebUI says:
Model Cisco Firepower Management Center for VMWare
Serial Number None
Software Version 6.2.1 (build 342)
OS Cisco Fire Linux OS 6.2.1 (build6)
Snort Version 2.9.11 GRE (Build 101)
Rule Update Version 2018-02-28-001-vrt
Rulepack Version 2035
Module Pack Version 2313
Geolocation Update Version 2018-02-26-002
VDB Version build 294 ( 2018-02-09 01:06:55 )

Marvin Rhoads · ‎03-06-2018

Cisco recommends moving off of 6.2.1 and on to 6.2.2. (6.2.2.2 is the latest patch.)

There is at least one bug similar to what you are seeing that should be fixed with 6.2.2:

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCve08525

lsladmin · ‎03-06-2018

After updating, still the same problem here.

Model	Cisco Firepower Management Center for VMWare
Serial Number	None
Software Version	6.2.2.2 (build 109)
OS	Cisco Fire Linux OS 6.2.2 (build11)
Snort Version	2.9.11 GRE (Build 273)
Rule Update Version	2018-03-05-001-vrt
Rulepack Version	2036
Module Pack Version	2314
Geolocation Update Version	2018-02-26-002
VDB Version	build 294 ( 2018-02-09 01:06:55 )

SF-IMS[4863]: [4886] CloudAgent:CloudAgent [WARN] DownloadURLDBFilesOnDC: URL Database update: Malformed message received. Status: -102
SF-IMS[4863]: [4886] CloudAgent:CloudAgent [INFO] Returning until retry: 0 equals NUMBER_OF_RETRIES = 2
SF-IMS[4863]: [4886] CloudAgent:CloudAgent [WARN] DownloadURLDBFilesOnDC: URL Database update: Malformed message received. Status: -102
SF-IMS[4863]: [4886] CloudAgent:CloudAgent [INFO] Returning until retry: 0 equals NUMBER_OF_RETRIES = 2
SF-IMS[4863]: [4886] CloudAgent:CloudAgent [WARN] DownloadURLDBFilesOnDC: URL Database update: Malformed message received. Status: -102
SF-IMS[4863]: [4886] CloudAgent:CloudAgent [INFO] Returning until retry: 1 equals NUMBER_OF_RETRIES = 2
SF-IMS[4863]: [4886] CloudAgent:CloudAgent [WARN] DownloadURLDBFilesOnDC: URL Database update: Malformed message received. Status: -102
SF-IMS[4863]: [4886] CloudAgent:CloudAgent [INFO] Returning until retry: 1 equals NUMBER_OF_RETRIES = 2
SF-IMS[4863]: [4886] CloudAgent:CloudAgent [WARN] DownloadURLDBFilesOnDC: URL Database update: Malformed message received. Status: -102
SF-IMS[4863]: [4886] CloudAgent:CloudAgent [INFO] Set failure_time to:'1520404241'
SF-IMS[4863]: [4886] CloudAgent:CloudAgent [WARN] DownloadURLDBFilesOnDC: URL Database update: Malformed message received. Status: -102
SF-IMS[4863]: [4886] CloudAgent:CloudAgent [INFO] Set failure_time to:'1520404241'

Marvin Rhoads · ‎03-06-2018

It looks like you're either hitting a new bug or you have a corrupted URL database.

I'd recommend opening a TAC case to investigate in real time.

Please let us know what they say.

lsladmin · ‎03-06-2018

Is there a way to reset the database?

I'am very sure that a corrupt database is the problem.

Jetsy Mathew · ‎03-07-2018

Hello Isladmin

I don't think there is way to reset only the URL database. This error happens only for the URL db download .The error code -102 means its a malformed or corrupted message from the server. We have to check pcaps at points along the path from the server and see where the message is being corrupted. I would recommend a TAC case to investigate it further.

Regards
Jetsy

lsladmin · ‎03-12-2018

We could fix the problem.

For anyone who also struggles with this problem.

Firepower Management Center has a proxy option under Configuration --> Management Interfaces.
Our Proxy has blocked the Connection to Brightcloud.

Marvin Rhoads · ‎03-12-2018

Oh - blocked by your web proxy.

I incorrectly assumed it worked in the past.

Thanks for letting us know the resolution.