Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2353
Views
7
Helpful
11
Replies

Cisco FTDv on ESXI8

Alexey Leshko
Level 1
Level 1

‎05-05-2023 01:39 AM

Hello!

I instlled FTDv (7.3.1-19) on ESXI 8.

All interfaces down, instead Managemet. On ESXI it configured as VMXNET3.

On ESXI side its attach and connected, but on FTDv side its in DOWN status!

ESXiESXiFTDvFTDv

 

 

> show interface ip brief
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 192.168.10.114 YES CONFIG down down
GigabitEthernet0/1 unassigned YES DHCP down down
GigabitEthernet0/2 unassigned YES unset administratively down down
GigabitEthernet0/3 unassigned YES unset administratively down down
GigabitEthernet0/4 unassigned YES unset administratively down down
GigabitEthernet0/5 unassigned YES unset administratively down down
GigabitEthernet0/6 unassigned YES unset administratively down down
GigabitEthernet0/7 unassigned YES unset administratively down down
Internal-Control0/0 127.0.1.1 YES unset up up
Internal-Control0/1 unassigned YES unset up up
Internal-Data0/0 unassigned YES unset down down
Internal-Data0/0 unassigned YES unset up up
Internal-Data0/1 169.254.1.1 YES unset up up
Internal-Data0/2 unassigned YES unset up up
Management0/0 unassigned YES unset down down

Does anybody solve this promlem?

3 people had this problem
11 Replies 11

Rob Ingram
VIP
VIP

‎05-05-2023 02:15 AM

@Alexey Leshko I assume you deployed the policy to the FTD once you enabled the data interfaces?

The release notes for FTD 7.3 only states that VMware vSphere/VMware ESXi 6.5, 6.7, or 7.0 is supported. I would imagine ESX 8.0 is not currently supported, perhaps log a call with TAC.

https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/release-notes/threat-defense/730/threat-defense-release-notes-73/requirements.html

 

 

Alexey Leshko
Level 1
Level 1
In response to Rob Ingram

‎05-05-2023 02:29 AM

Hi! Thank you for reply!

I known about what ESXI8 is unsupported and search for solution this case. 

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Alexey Leshko

‎05-05-2023 06:31 AM

As @Rob Ingram noted, ESXi 8 is not currently supported (even with the upcoming FTD 7.4). Not only is it not supported (= not tested and verified), but it also does not work - same symptoms as you observed.

I have verified with TAC and raised an enhancement (ENH) bug for this feature. CSCwe44306 applies (not currently publicly viewable).

I was able to get it to work in my lab by building a nested ESXi 7 hypervisor on my ESXi 8 server.

Alexey Leshko
Level 1
Level 1
In response to Marvin Rhoads

‎05-05-2023 07:08 AM

Thank you!

0 Helpful

takiadeen
Level 1
Level 1
In response to Marvin Rhoads

‎07-29-2023 03:42 AM

Thanks for Clarification - Just installed ESXi 8 and I was hit by this. Guess stick to ESXi 7 for now. 

0 Helpful

OliverFueckert46911
Level 1
Level 1

‎08-28-2023 12:56 PM

There is workaround:

After you deploy the OVA, remove all 10 network interfaces from the VM configuration and recreate them as 10 x E1000 interfaces. This will make the interfaces work on ESXI 8. The problem seems to be related to the vmxnet3 drivers.

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to OliverFueckert46911

‎08-29-2023 06:56 AM

@OliverFueckert46911 thanks for the tip! I confirmed that worked for me in my lab.

I just had to make sure I accounted for the different mapping of FTDv interfaces when using E1000 vs. vmxnet3 type.

https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/consolidated_ftdv_gsg/ftdv-gsg/m-ftdv-vmware-gsg.html#id_107352

0 Helpful

Himanshu_Dwivedi
Level 1
Level 1
In response to OliverFueckert46911

‎12-11-2023 05:33 AM - edited ‎12-11-2023 05:34 AM

After recreating new interfaces with E1000, I believe you might have faced this error during deployment. How did you resolved?

Himanshu_Dwivedi_0-1702301571455.png

 

0 Helpful

OliverFueckert46911
Level 1
Level 1
In response to Himanshu_Dwivedi

‎12-11-2023 12:41 PM

You can re-read the interfaces from the devices page. I don't have an instance running right now, so can't show you a screenshot.

best regards,

Oliver.

0 Helpful

FoW
Level 1
Level 1

‎01-02-2024 09:25 PM

It shouldn't be outside of the vendor's coverage, but it works well in my environment. Working normally on vSphere 8.

스크린샷 2024-01-03 14.22.51.png스크린샷 2024-01-03 12.32.13.png스크린샷 2024-01-03 12.35.09.png

0 Helpful

tyshawn76
Level 1
Level 1

‎02-24-2024 05:02 AM

I just wanted to add a data point on this topic. I had an FTDv/FMCv that was on 7.2.4 with ESXi 8 U2. Like everyone else the ports were in a down state. I tried deleting all 10 NICs and recreating them as E1000 NICs but that placed all the NICs including the management port into a downstate. After reverting to the latest snapshot and rebooting the FTDv I gained control of the device again. Just for kicks, I updated the FMC and FTD to 7.4.1 and the NICs came back in an upstate with the vmxnet3 type.

I am not saying this is the magic bullet, but the latest release worked for me.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card