Crazy error with Management Interface

Derek1993 · ‎06-30-2023

Hello evryone! Need Help!

I have already configured my FP 1120 via Firepower Device Manager - all is Ok. But after some times I receive error: On mai window of ftd my ISP icon is grey and NTP Service doesn't work - also grey! I know that there is an error with Management Interface, BUT I cann't uderstandt what configuration is correct. So for now my Management Interface Configuration is:
Use Unique Gateways for the Management Interface with Fallback to Data Interfaces

output of command show network:

DNS Servers               : 1.1.1.1
                            1.0.0.1
DNS from router           : disabled
Management port           : 8305
IPv4 Default route
  Gateway                 : data-interfaces

==================[ management0 ]===================
Admin State               : enabled
Admin Speed               : 1gbps
Operation Speed           : indeterminate
Link                      : link-down
Channels                  : Management & Events
Mode                      : Non-Autonegotiation
MDI/MDIX                  : Auto/MDIX
MTU                       : 1500
MAC Address               : 40:06:D5:85:FF:80
----------------------[ IPv4 ]----------------------
Configuration             : DHCP
----------------------[ IPv6 ]----------------------
Configuration             : Disabled

===============[ Proxy Information ]================
State                     : Disabled
Authentication            : Disabled

I have tried also using static route for my FP 1120 - Did work!
Plz Help !

Aref Alsouqi · ‎06-30-2023

It does seem your management interface status is showing link-down.

Derek1993 · ‎06-30-2023

Yes I saw, maybe it means that some problem with ISP ?

or How I can enable interface ??

Kasun Bandara · ‎06-30-2023

@Derek1993 to where you connected your management port? directly to ISP? normally management port connected to internal network and it should separate from other traffic. check the cable and try plugin port to another switch port and try to isolate problem

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB

Derek1993 · ‎06-30-2023

No, My Management Interface doesn't conncet directly to ISP! I use data interface as gateway for Management Interface!

MHM Cisco World · ‎06-30-2023

This your second post'

I ask you in your other post did you connect mgmt to INside and from there to internet and fmc ? It seem to Yes'

I.e. this traffic is effect by policy you config in FTD' so try bypass traffic from inspect by snort.

Derek1993 · ‎07-01-2023

Yes, it is the second (I will delete the previous post).
The Management interface connects like this: Use Unique Gateways for the Management Interface with Fallback to Data Interfaces. Does it mean that Management is related to Inside Interface?
P.S.
Sorry for long responce

Aref Alsouqi · ‎06-30-2023

That seems to be an issue with the connectivity to the management interface, and wouldn't be related to any routing or traffic flow issue. Where the management interface is connected? directly to a data interface on the firewall or does it go to a switch?

Derek1993 · ‎07-01-2023

Hi
Yes, the Management interface connects to the data interface, without any switch!

Aref Alsouqi · ‎07-01-2023

I would check the status of that data interface, it might also be a cable issue or something physical that is causing the management port to show in down state.

Derek1993 · ‎07-01-2023

The Data Interface all is Good - I have Internet via FP 1120. Maybe it's some configuration on the Firewall of FP 1120??
and What do you mean check the status of the data interface? What information Do I must to provide for you?

Aref Alsouqi · ‎07-01-2023

If the management interface is connected to a data interface on the firewall, say for example the management interface is connected to interface ethernet1/3 on the firewall, then I would check the cable and the status of the interface ethernet1/3 because if the cable connecting the management interface to interface ethernet1/3 is faulty or not plugged properly, or if ethernet1/3 interface is administratively down then the management port would show in down state. We need to rule out any physical issue first imo, maybe you can just check the LED lights on the data interface and see if they are on.

Derek1993 · ‎07-02-2023

So, Sorry for the stupid question, how I can check where my Management interface is Connected to FP 1120 because now there is not any cable connected to the Management interface? How I can recheck this info ?

Aref Alsouqi · ‎07-02-2023

If there is no cable connected to the management interface then that explains the link down state shown in the output you shared. Could you please share the screenshots of the issues you are experiencing as I feel we are not on the same page.

Derek1993 · ‎06-30-2023

Yes, But Why? Why cann't use Management Interface vi Data interface ??