I've got, two 5515-X firewalls (in Active/Standby) and two remote sites with ASA5506-X firewalls (connected via site to site IPSEC VPN).
I've deployed the FirePOWER Management Appliance (VMware) version 22.214.171.124 Build 26, I've updated the SFR modules in all the firewalls to 126.96.36.199 build 26, I've tried to register them with and without a NAT ID, (the management appliance is on the same LAN at the 5515-X pair).
This Is all I get
Could not establish connection with sensor. Make sure the registration keys match, that the software versions are compatible, and that the network is not blocking the connection.
They keys match I've tried with simple passwords complex passwords and 1234
The software version is the same
Comms is OK, i.e from the network the Management appliance is on, I can browse to https for all the SFR modules.
It would seen that the problem is on the Management Center but as all the licences are tied to its MAC address I don't want to blow it away and rebuild it?
Anyone have a clue?
No one ever answers my questions?
Built a fresh FMC, then re-imaged one of the SFR modules (versions 6.0.0-1005)
Downloading version 5.4 now.................
First thing there should be reachability from Firesight to Firepower and vice a versa. Check the default g/w of each device and try to ping the g/w from the respective devices , if that is fine ,try to ping the Firesight Manager from the Firepower . If ping works then try to telnet on Firepower ip from Firesight manager on 8305 , it should be allowed . Once all this is fine then the reachability is fine and we can check further on this.
Rate if that helps!!!
Can you try to telnet from the FMC to the sensor on port 8305 and see if that works.
You can check /var/log/messages and grep for sftunnel and see messages on both FMC and Sensor and see what error you get when you try to register ?
Rate if that helps!!!
I forgot I still had this open, here is how I fixed it (scroll down to problems)
Thanks for the update Pete.
I have one I'm working on now with similar error message. I will give that a try to see if it helps.
FWIW I can telnet on tcp 8305 from FMC to sfr module but not vice versa. So tcp 3-way handshake is working fine.
I have checked, verified and restarted sftunnel process on the FMC.
I have similar problem that you have. What is the command to telnet from FMC to sensor on tcp por 8305?
They appear to have locked down the telnet server in later versions - it doesn't work on my FMC / FTD 6.5 lab systems.
In general though, you simply go into expert mode cli and type:
telnet <destination host address> 8305
You can check for established sessions by using:
netstat -a | grep 8305
...also from the expert cli.
Update - rebooting the FirePOWER Management Center fixed the issue for me. Once I did that, registration succeeded without any issue.
Cheers Marvin, I had two 5506's on remote sites and a pair of 5515's on the main site, none of them would register, despite being able to ping each other and the management console.
Static routes fixed it for me - I re-imaged them as well, so they got restarted a lot.
Glad you got it working bud :)