Cisco CSSM IP address for FTD

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-08-2022 01:59 AM
Hi friends
I have deployed several FTDs in the network, but there is a problem with registering these FTDs through the internal network. Routing information and firewall ACL need to be configured. What is the IP address of the relevant CSSM registration?
Thanks a lot in advance
Yuan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-08-2022 03:35 AM
What is the IP address of the relevant CSSM registration?
if this is on-prem CSSM you can find the IP with your Infra team, since this is VM.
example config as below
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-08-2022 09:53 AM - edited 08-08-2022 09:57 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-08-2022 09:55 AM
Hi Balaji
We are trying to connect onto Cisco.com directly for registration.
Does this domain(tools.cisco.com, correct me if I'm wrong) for registration have a set of IP addresses by different regions?
Based on the documents from this link, example configured as below: ip host tools.cisco.com ip-address
Example:
Device(config)# ip host tools.cisco.com 209.165.201.30
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-08-2022 10:03 AM
If possible, allow access to the FQDN tools.cisco.com. It normally resolves worldwide to:
Name: tools.cisco.com
Addresses: 2001:420:1201:5::a
72.163.4.38
...but that is subject to change.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-08-2022 10:24 AM
Thanks a lot. I will keep it in mind regarding changes.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-11-2022 03:16 AM
Hi Marvin
Whitelisted the IP and got the following results:
> ping 173.37.145.8
Sending 5, 100-byte ICMP Echos to 173.37.145.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 110/118/120 ms
But registration is still failed. any more suggestions?
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-11-2022 03:43 AM
Do you have any Firewall in the path, it requied 443 also to be open, (not just ping).
Follow below troubleshooting guide:
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-11-2022 05:48 AM
It might casued by the default syncro gateway of management, which has been set via data interface but not working, cannt receive any register packet from FW in the path.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-11-2022 06:34 AM
try using that source interface to connect to tools.cisco.com
if that is not showing FW, that means may be need to look what path it taking to go out, setup that as source interface for the devices to connect to License Servers.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-16-2022 12:38 AM
Thank you very much for help.
It works now, but it is strange that only the primary FTDs of the HA pairs are synchronized with CSSM, based on the instance displayed in smart accounts.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-07-2022 03:03 AM
Is it https based traffic? tcp 443? We need to minimize external threats from the internet.
We can register FTD to CSSM as an instance, but VBD update is interrupted. Any information regarding FQDN or IP address need to be whitelisted?
thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-07-2022 03:28 AM
The required URL is tools.cisco.com (via https)
Please see this article for many more details:
