Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
322
Views
3
Helpful
6
Replies

FDM UI/SSH timing out time to time

dil2
Level 1
Level 1

‎07-27-2024 04:28 AM

Hi, we are running two firepower 2100 boxes in HA. we are not using FMC. we are having an issue of losing FDM access time to time and web access is coming back after few minutes. this is very intermittent and we dont know at what point we are loosing FDM access  during this time, we can ping to management IP and production traffic is not affected. when we SSH during this time, credentials are prompted but firepower prompt with > not coming. we are running 7.2.5.2-4. we have reached TAC but they could not resolve this issue. I just want to know if anyone having this experience or knowing how to resolve this. 

0 Helpful
6 Replies 6

balaji.bandi
Hall of Fame
Hall of Fame

‎07-27-2024 04:37 AM

how is the deployment, is the FTD Failing over by any chance, check the Logs and failover status.

check do you have any connectivity issue between these 2 nodes.

Capture the Logs - if this happening frequently connect console and get logs when this occurs again.

TAC is the best option to followup again, they are matter of experts and seen many cases as eample like you. (my suggestion to make sure we understand why this causing the issue ?)

For sometime can you Break the HA and see if the connectivity is stable ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

dil2
Level 1
Level 1
In response to balaji.bandi

‎07-27-2024 04:40 AM

Actually FTDs are not failing over during this time. TAC suggested us to break HA and reimage boxes. but still we have the issue. finally we got new replacement FTDs and configured them manually rather importing old config. still we are having the issue on new FTDs.  

0 Helpful

luizsil
Cisco Employee
Cisco Employee
In response to dil2

‎07-27-2024 04:50 AM

Hello @dil2 

Not having troubleshooted this myself, from the looks of it, I would say you have a duplicated IP on your network, re-using your FDM Management IP.
I would go to another device (ideally the Gateway for your Management network) on the same layer 2 and start tracking the ARP entry for your management IP. Check the MAC Address while it is working, and when is not working.
Depending on the device you are using to monitor this you may need to clear the arp table and try to ping/connect to the management IP again.

 

 

dil2
Level 1
Level 1
In response to luizsil

‎07-27-2024 05:08 AM

thanks Luizil, thats a good point. i will check this. 

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to dil2

‎07-27-2024 05:09 AM

My suggestion was Break the HA and run only single node and test for some days.

Also good point other post check the ARP and MAC tables on the switch connection do you have any Duplicate address

Also check any random routing issues around.

You need to provide more information about your network. If you have same VLAN and same subnet is that works ?

Check on the console logs ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

dil2
Level 1
Level 1
In response to balaji.bandi

‎07-27-2024 05:15 AM

thanks BB, appreciate your reply. i will do some checks based on this now.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card