03-04-2016 05:33 AM - edited 03-12-2019 05:55 AM
I've got, two 5515-X firewalls (in Active/Standby) and two remote sites with ASA5506-X firewalls (connected via site to site IPSEC VPN).
I've deployed the FirePOWER Management Appliance (VMware) version 6.0.0.1 Build 26, I've updated the SFR modules in all the firewalls to 6.0.0.1 build 26, I've tried to register them with and without a NAT ID, (the management appliance is on the same LAN at the 5515-X pair).
This Is all I get
Could not establish connection with sensor. Make sure the registration keys match, that the software versions are compatible, and that the network is not blocking the connection.
They keys match I've tried with simple passwords complex passwords and 1234
The software version is the same
Comms is OK, i.e from the network the Management appliance is on, I can browse to https for all the SFR modules.
It would seen that the problem is on the Management Center but as all the licences are tied to its MAC address I don't want to blow it away and rebuild it?
Anyone have a clue?
Pete
03-06-2016 06:56 AM
No one ever answers my questions?
Update :
Built a fresh FMC, then re-imaged one of the SFR modules (versions 6.0.0-1005)
Same problem
Downloading version 5.4 now.................
03-09-2016 03:19 AM
To me it seems like a networking problem. But if they are on the same LAN it cannot be it.
Please make updates on your progress. :)
08-31-2016 12:09 AM
09-07-2016 04:39 AM
Hi ,
First thing there should be reachability from Firesight to Firepower and vice a versa. Check the default g/w of each device and try to ping the g/w from the respective devices , if that is fine ,try to ping the Firesight Manager from the Firepower . If ping works then try to telnet on Firepower ip from Firesight manager on 8305 , it should be allowed . Once all this is fine then the reachability is fine and we can check further on this.
Regards,
Aastha Bhardwaj
Rate if that helps!!!
03-09-2016 06:27 AM
Hi ,
Can you try to telnet from the FMC to the sensor on port 8305 and see if that works.
You can check /var/log/messages and grep for sftunnel and see messages on both FMC and Sensor and see what error you get when you try to register ?
Regards,
Aastha Bhardwaj
Rate if that helps!!!
08-23-2016 07:13 AM
I forgot I still had this open, here is how I fixed it (scroll down to problems)
08-23-2016 08:10 PM
Thanks for the update Pete.
I have one I'm working on now with similar error message. I will give that a try to see if it helps.
FWIW I can telnet on tcp 8305 from FMC to sfr module but not vice versa. So tcp 3-way handshake is working fine.
I have checked, verified and restarted sftunnel process on the FMC.
10-29-2019 07:54 AM
Hi Marvin,
I have similar problem that you have. What is the command to telnet from FMC to sensor on tcp por 8305?
Thanks,
William
10-29-2019 09:48 AM
They appear to have locked down the telnet server in later versions - it doesn't work on my FMC / FTD 6.5 lab systems.
In general though, you simply go into expert mode cli and type:
telnet <destination host address> 8305
You can check for established sessions by using:
netstat -a | grep 8305
...also from the expert cli.
08-24-2016 07:50 AM
Update - rebooting the FirePOWER Management Center fixed the issue for me. Once I did that, registration succeeded without any issue.
08-24-2016 08:07 AM
Cheers Marvin, I had two 5506's on remote sites and a pair of 5515's on the main site, none of them would register, despite being able to ping each other and the management console.
Static routes fixed it for me - I re-imaged them as well, so they got restarted a lot.
Glad you got it working bud :)
Regards,
Pete
08-31-2016 12:05 AM
Hi
i have problem like peter but i don't know what can i do to solve this problem ?
Thanks in advance
08-31-2016 12:13 AM
Did you follow the link above, can you give us some more information on the setup and layout of your network?
08-31-2016 12:25 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide