Cisco FMC 6.6.0 SFTunnelApi Error Upon Execution of "commands" API Call

udid · ‎05-05-2021

Hello.
I'm working with Cisco FMC 6.6.0, and I'm trying to execute the following API call using the API explorer:

/api/fmc_config/v1/domain/{domainUUID}/devices/devicerecords/{containerUUID}/operational/commands

FMC API reference for this call:

https://www.cisco.com/c/en/us/td/docs/security/firepower/660/api/REST/firepower_management_center_rest_api_quick_start_guide_660/Objects_In_The_REST_API.html#Cisco_Reference.dita_5df30202-496d-47b4-9c8f-dd0aa8b6437a

However, I get 500 internal server error:

{
  "error": {
    "category": "OTHER",
    "messages": [
      {
        "description": "External proxy invoked SFTunnelApi sendShowCommandsForDevice method and ran into an unexpected error com.cisco.nm.vms.sftunnel.SFTunnelException: TUNNEL NOT SUPPORTED."
      }
    ],
    "severity": "ERROR"
  }
}

You can also see the attached screenshot "fmc_6.6_commands_api.png" to see the full configuration I used in the API explorer to execute the API call.

I'm using the admin user to execute the call.

Any idea what might be the root cause?

Thanks.

udid · ‎05-05-2021

I'm sorry, the FTD on which I tried executing the command using this API call, was down.

I now tried it on an FTD that is up, and I get another error:

{
	"error": {
		"category": "OTHER",
		"messages": [{
				"description": "External proxy invoked SFTunnelApi sendShowCommandsForDevice method and ran into an unexpected error com.cisco.nm.vms.sftunnel.SFTunnelException: Unable to establish connection to device."
			}
		],
		"severity": "ERROR"
	}
}

I tested SSH from the FMC CLI to the FTD in question, which worked.

Any idea how this API call works internally? Does the FMC connect to the FTD using SSH?

Also see the attached screenshot "fmc_7.0_commands_api_error.png" (this time I'm using FMC 7.0).

Thanks.