cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1846
Views
7
Helpful
11
Replies

Cisco FTDv on ESXI8

Alexey Leshko
Level 1
Level 1

Hello!

I instlled FTDv (7.3.1-19) on ESXI 8.

All interfaces down, instead Managemet. On ESXI it configured as VMXNET3.

On ESXI side its attach and connected, but on FTDv side its in DOWN status!

ESXiESXiFTDvFTDv

 

 

> show interface ip brief
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 192.168.10.114 YES CONFIG down down
GigabitEthernet0/1 unassigned YES DHCP down down
GigabitEthernet0/2 unassigned YES unset administratively down down
GigabitEthernet0/3 unassigned YES unset administratively down down
GigabitEthernet0/4 unassigned YES unset administratively down down
GigabitEthernet0/5 unassigned YES unset administratively down down
GigabitEthernet0/6 unassigned YES unset administratively down down
GigabitEthernet0/7 unassigned YES unset administratively down down
Internal-Control0/0 127.0.1.1 YES unset up up
Internal-Control0/1 unassigned YES unset up up
Internal-Data0/0 unassigned YES unset down down
Internal-Data0/0 unassigned YES unset up up
Internal-Data0/1 169.254.1.1 YES unset up up
Internal-Data0/2 unassigned YES unset up up
Management0/0 unassigned YES unset down down

Does anybody solve this promlem?

11 Replies 11

@Alexey Leshko I assume you deployed the policy to the FTD once you enabled the data interfaces?

The release notes for FTD 7.3 only states that VMware vSphere/VMware ESXi 6.5, 6.7, or 7.0 is supported. I would imagine ESX 8.0 is not currently supported, perhaps log a call with TAC.

https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/release-notes/threat-defense/730/threat-defense-release-notes-73/requirements.html

 

 

Hi! Thank you for reply!

I known about what ESXI8 is unsupported and search for solution this case. 

As @Rob Ingram noted, ESXi 8 is not currently supported (even with the upcoming FTD 7.4). Not only is it not supported (= not tested and verified), but it also does not work - same symptoms as you observed.

I have verified with TAC and raised an enhancement (ENH) bug for this feature. CSCwe44306 applies (not currently publicly viewable).

I was able to get it to work in my lab by building a nested ESXi 7 hypervisor on my ESXi 8 server.

Thank you!

Thanks for Clarification - Just installed ESXi 8 and I was hit by this. Guess stick to ESXi 7 for now. 

There is workaround:

After you deploy the OVA, remove all 10 network interfaces from the VM configuration and recreate them as 10 x E1000 interfaces. This will make the interfaces work on ESXI 8. The problem seems to be related to the vmxnet3 drivers.

@OliverFueckert46911 thanks for the tip! I confirmed that worked for me in my lab.

I just had to make sure I accounted for the different mapping of FTDv interfaces when using E1000 vs. vmxnet3 type.

https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/consolidated_ftdv_gsg/ftdv-gsg/m-ftdv-vmware-gsg.html#id_107352

After recreating new interfaces with E1000, I believe you might have faced this error during deployment. How did you resolved?

Himanshu_Dwivedi_0-1702301571455.png

 

You can re-read the interfaces from the devices page. I don't have an instance running right now, so can't show you a screenshot.

best regards,

Oliver.

FoW
Level 1
Level 1

It shouldn't be outside of the vendor's coverage, but it works well in my environment. Working normally on vSphere 8.

스크린샷 2024-01-03 14.22.51.png스크린샷 2024-01-03 12.32.13.png스크린샷 2024-01-03 12.35.09.png

tyshawn76
Level 1
Level 1

I just wanted to add a data point on this topic. I had an FTDv/FMCv that was on 7.2.4 with ESXi 8 U2. Like everyone else the ports were in a down state. I tried deleting all 10 NICs and recreating them as E1000 NICs but that placed all the NICs including the management port into a downstate. After reverting to the latest snapshot and rebooting the FTDv I gained control of the device again. Just for kicks, I updated the FMC and FTD to 7.4.1 and the NICs came back in an upstate with the vmxnet3 type.

I am not saying this is the magic bullet, but the latest release worked for me.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: