Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3937
Views
4
Helpful
19
Replies

Can not see incoming connection events in FMC

zmutlu
Level 1
Level 1

‎06-09-2023 01:56 AM

Hello, 

I` am using FMC 7.0.5, connected Firepower 1120.

Test PC connected to Inside port of Firepower IPS, Outside port watching to the Internet, policy (logging configured) and routing configured. I can connect from the Internet to Test PC which is inside network, but I can not see any incoming connections In Analysis-Connections-Events and when I' am trying to ping 8.8.8.8 From Test PC which is inside this information is available in Connection Events and Intrusion Events menu.

Could you please navigate me, what do I have to check to see incoming events?

Thank you. 

19 Replies 19

Rob Ingram
VIP
VIP

‎06-09-2023 02:00 AM - edited ‎06-09-2023 02:21 AM

@zmutlu I assume you've enabled logging on all the rules you've configured?

From the CLI of the FTD run the command, system support firewall-engine-debug filter on your test PC IP address, generate traffic to confirm traffic is routed through the FTD and which rule the traffic matched.

0 Helpful

MHM Cisco World
VIP
VIP

‎06-09-2023 02:28 AM

did you success register the FTD into FMC ?

0 Helpful

zmutlu
Level 1
Level 1
In response to MHM Cisco World

‎06-09-2023 02:31 AM

FTD registered in FMC successfully.

MHM Cisco World
VIP
VIP
In response to zmutlu

‎06-09-2023 02:35 AM 

> sftunnel-status

can you share this  

0 Helpful

zmutlu
Level 1
Level 1
In response to MHM Cisco World

‎06-09-2023 02:39 AM

You need all of the info or exact info, for example PEER INFO, RUN STATUS?

0 Helpful

MHM Cisco World
VIP
VIP
In response to zmutlu

‎06-09-2023 03:06 AM

only peer INFO 

0 Helpful

zmutlu
Level 1
Level 1
In response to MHM Cisco World

‎06-09-2023 02:51 AM

Here is info in attached file.

Preview file
7 KB
0 Helpful

MHM Cisco World
VIP
VIP
In response to zmutlu

‎06-09-2023 03:09 AM 

sw_version 7.0.5
	sw_build 72
	Management Interfaces: 1
	eth0 (control events) 00.00.00.00,
	Peer channel Channel-A is valid  type (CONTROL), using 'managemen', connected to '00.00.00.00' via '00.00.00.00'
	Peer channel Channel-B is valid  type (EVENT), using 'managemen', connected to '00.00.00.00' via '00.00.00.00'

You are not register this FW to FMC 
the IP is not appear!!! 

0 Helpful

zmutlu
Level 1
Level 1
In response to MHM Cisco World

‎06-09-2023 03:13 AM

I removed original IP with 00.00.00.00

MHM Cisco World
VIP
VIP
In response to zmutlu

‎06-09-2023 03:24 AM

OK I get it 
now show time in FTD and check the time in FMC are both same ?

0 Helpful

zmutlu
Level 1
Level 1
In response to MHM Cisco World

‎06-09-2023 03:31 AM

Yes, time is the same on both.

0 Helpful

MHM Cisco World
VIP
VIP
In response to zmutlu

‎06-09-2023 03:49 AM

security intelligence event <<- can check this see if traffic is BLK by any security policy 

0 Helpful

zmutlu
Level 1
Level 1
In response to MHM Cisco World

‎06-09-2023 03:52 AM

There are no records at all.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card