03-04-2016 05:33 AM - edited 03-12-2019 05:55 AM
I've got, two 5515-X firewalls (in Active/Standby) and two remote sites with ASA5506-X firewalls (connected via site to site IPSEC VPN).
I've deployed the FirePOWER Management Appliance (VMware) version 6.0.0.1 Build 26, I've updated the SFR modules in all the firewalls to 6.0.0.1 build 26, I've tried to register them with and without a NAT ID, (the management appliance is on the same LAN at the 5515-X pair).
This Is all I get
Could not establish connection with sensor. Make sure the registration keys match, that the software versions are compatible, and that the network is not blocking the connection.
They keys match I've tried with simple passwords complex passwords and 1234
The software version is the same
Comms is OK, i.e from the network the Management appliance is on, I can browse to https for all the SFR modules.
It would seen that the problem is on the Management Center but as all the licences are tied to its MAC address I don't want to blow it away and rebuild it?
Anyone have a clue?
Pete
08-31-2016 12:35 AM
Firesight is a Linux distribution log onto the CONSOLE
SFR is also a Linux distribution log onto the SESSION
09-06-2016 02:24 AM
Hi Peter
Please do not make other people change the access permissions for any files.
Not recommended:
sudo chmod u+s /bin/ping
Instead elevate your rights like this:
sudo su -
[ENTER PASSWORD]
Then you can ping, as intended.
09-06-2016 02:13 AM
Hi
Still I have that error when I want to add firepower in firesight and firepower ip is 10.4.30.240 and firesight ip is 192.168.30.105. it means they are not at same network. I want to know they should be in same network or not??
09-06-2016 02:26 AM
It should work, if you have the routing setup correctly.
09-06-2016 02:40 AM
Okay . they can ping each other but I can not add ?? What's your opinion?
09-06-2016 05:10 AM
Make sure that each can reach the other on tcp/8305.
If they cannot, verify each is listening on that port.
If either is not, it's usually easiest to open a TAC case to investigate the cause of the process (sftunnel) that is responsible for the communications between sensor and management center.
You can check on the process with the instructions in this thread:
https://supportforums.cisco.com/discussion/13009051/firesight-process-status-stunnel
I have found a restart of FirePOWER Management Center can sometimes restart the sftunnel process.
09-06-2016 10:59 PM
Thanks Marvin
i checked them and both of them work with tcp\5305. but still i have that problem.
Could not establish connection with sensor. Make sure the registration keys match, that the software versions are compatible, and that the network is not blocking the connection.
ping is okay/ firepower of version is okay but they are not at same network and routing is okay .
I'm sick no one knows what's problem ?
Thanks
09-06-2016 11:10 PM
I'd have TAC check your sftunnel.
I don't remember the exact syntax but I had one where the registration was mis-entered on the sensor. That was causing the manager to not register.
Once the TAC was looking at in in real time we had it figured out in 10 minutes. The team who handle the FirePOWER issues are quite good.
09-06-2016 11:57 PM
i'm waiting
.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide