Hi

Peter Long · ‎03-04-2016

I've got, two 5515-X firewalls (in Active/Standby) and two remote sites with ASA5506-X firewalls (connected via site to site IPSEC VPN).

I've deployed the FirePOWER Management Appliance (VMware) version 6.0.0.1 Build 26, I've updated the SFR modules in all the firewalls to 6.0.0.1 build 26, I've tried to register them with and without a NAT ID, (the management appliance is on the same LAN at the 5515-X pair).

This Is all I get

Could not establish connection with sensor. Make sure the registration keys match, that the software versions are compatible, and that the network is not blocking the connection.

They keys match I've tried with simple passwords complex passwords and 1234

The software version is the same

Comms is OK, i.e from the network the Management appliance is on, I can browse to https for all the SFR modules.

It would seen that the problem is on the Management Center but as all the licences are tied to its MAC address I don't want to blow it away and rebuild it?

Anyone have a clue?

Pete

Peter Long · ‎03-06-2016

No one ever answers my questions?

Update :

Built a fresh FMC, then re-imaged one of the SFR modules (versions 6.0.0-1005)

Same problem

Downloading version 5.4 now.................

Dennis Perto · ‎03-09-2016

To me it seems like a networking problem. But if they are on the same LAN it cannot be it.

Please make updates on your progress. :)

Ali Abbaszadeh · ‎08-31-2016

Hi

i have a problem like peter but i don't know what can i do to solve this problem ?

Thanks in advance

Aastha Bhardwaj · ‎09-07-2016

Hi ,

First thing there should be reachability from Firesight to Firepower and vice a versa. Check the default g/w of each device and try to ping the g/w from the respective devices , if that is fine ,try to ping the Firesight Manager from the Firepower . If ping works then try to telnet on Firepower ip from Firesight manager on 8305 , it should be allowed . Once all this is fine then the reachability is fine and we can check further on this.

Regards,

Aastha Bhardwaj

Rate if that helps!!!

Aastha Bhardwaj · ‎03-09-2016

Hi ,

Can you try to telnet from the FMC to the sensor on port 8305 and see if that works.

You can check /var/log/messages and grep for sftunnel and see messages on both FMC and Sensor and see what error you get when you try to register ?

Regards,

Aastha Bhardwaj

Rate if that helps!!!

Peter Long · ‎08-23-2016

I forgot I still had this open, here is how I fixed it (scroll down to problems)

Cisco Add FirePOWER Module to FirePOWER Management Center

Pete

Marvin Rhoads · ‎08-23-2016

Thanks for the update Pete.

I have one I'm working on now with similar error message. I will give that a try to see if it helps.

FWIW I can telnet on tcp 8305 from FMC to sfr module but not vice versa. So tcp 3-way handshake is working fine.

I have checked, verified and restarted sftunnel process on the FMC.

WilliamBarrera14921 · ‎10-29-2019

Hi Marvin,

I have similar problem that you have. What is the command to telnet from FMC to sensor on tcp por 8305?

Thanks,

William

Marvin Rhoads · ‎10-29-2019

They appear to have locked down the telnet server in later versions - it doesn't work on my FMC / FTD 6.5 lab systems.

In general though, you simply go into expert mode cli and type:

telnet <destination host address> 8305

You can check for established sessions by using:

netstat -a | grep 8305

...also from the expert cli.

Marvin Rhoads · ‎08-24-2016

Update - rebooting the FirePOWER Management Center fixed the issue for me. Once I did that, registration succeeded without any issue.

Peter Long · ‎08-24-2016

Cheers Marvin, I had two 5506's on remote sites and a pair of 5515's on the main site, none of them would register, despite being able to ping each other and the management console.

Static routes fixed it for me - I re-imaged them as well, so they got restarted a lot.

Glad you got it working bud :)

Regards,

Pete

Ali Abbaszadeh · ‎08-31-2016

Hi

i have problem like peter but i don't know what can i do to solve this problem ?

Thanks in advance

Peter Long · ‎08-31-2016

Did you follow the link above, can you give us some more information on the setup and layout of your network?

Ali Abbaszadeh · ‎08-31-2016

Peter i said my configuration is like you for example FirePOWER Management version is 6.0.0.1 and Both are same key but the result is under photo

The second problem is that how can ping firepower from firesight? there is any option in firesight for do it?

Thanks mate

Cannot Register any SFR Modules in the FirePOWER Management Console