Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2566
Views
3
Helpful
3
Replies

Cisco Cloud Configuration - Unable to reach Cisco Cloud

at@ps
Level 1
Level 1

‎10-14-2024 12:01 AM

Hey Folks,

Recently I updated FTDs and FMC to 7.2.8. After the upgrade, I noticed unusual behavior on "Cisco Cloud Configuration". 

On all FTDs, I got the below error after upgrading, even though it was not raised before the upgrade:

Threat Data Updates on Devices [Cisco Cloud Configuration - Unable to reach Cisco Cloud from the device Please check the network connection]

I've been reading about the issue and I found it's related to the connection with SSE, but I can't decide if this feature needs to be disabled or not - as Cisco mentioned it is enabled by default in this version.

Has anyone had this issue and can help?

2 people had this problem
0 Helpful
3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

‎10-14-2024 12:17 AM

What was the version before upgrade ?

some of the features related to Umbrella added 7.2.X.

The Error does not give us full clue what is failing - depends on what enabled.-  we do see sometime these errors (but they eventually get fixed automatically)

Try  :

> ping system tools.cisco.com

https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/release-notes/threat-defense/720/threat-defense-release-notes-72.html#new-features-fmc-728

check some troubleshooting tips for cloud updates :

https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/217616-troubleshoot-cisco-cloud-configuration.html

https://www.cisco.com/c/en/us/support/docs/security/firepower-management-center/215838-fmc-and-ftd-smart-license-registration-a.html

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Marius Gunnerud
VIP
VIP

‎10-14-2024 02:17 AM

I also have seen this after upgrading to 7.2.x.  The issue is that the FTD needs to connect to Cisco cloud for downloading security updates for IPS, security intelligence, URL, and any other service you might be using.  If you are only using the firewall as a firewall, i.e. no IPS or any other special feature, then this does not need to be enabled.

Otherwise, you will need to allow access from the management interface to tools.cisco.com.

If access to the internet or Cisco cloud is already enabled:  I have come across an issue where I had enabled management via data interface and after upgrade connection to the cloud stopped working.  This was due to incorrect routing in the Linux shell (go into expert mode and enter "route") where the default route was pointing to the wrong interface.  Updating that route in the Linux shell sorted the issue.

--
Please remember to select a correct answer and rate helpful posts

at@ps
Level 1
Level 1
In response to Marius Gunnerud

‎10-14-2024 02:32 AM

what I did is that I checked the connection to SSE by running the command: `curl -v -k https://api-sse.cisco.com` and I noticed that this domain is not reachable. So my customer didn't need access to SSE before the upgrade and doesn't need it now !!

so, I have to make sure that this feature is disabled, so, when I try to go to System > Integration > Cloud Services to disable it, I noticed it is grayed out and I have to access it via Securex !!

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card