07-27-2024 04:28 AM
Hi, we are running two firepower 2100 boxes in HA. we are not using FMC. we are having an issue of losing FDM access time to time and web access is coming back after few minutes. this is very intermittent and we dont know at what point we are loosing FDM access during this time, we can ping to management IP and production traffic is not affected. when we SSH during this time, credentials are prompted but firepower prompt with > not coming. we are running 7.2.5.2-4. we have reached TAC but they could not resolve this issue. I just want to know if anyone having this experience or knowing how to resolve this.
07-27-2024 04:37 AM
how is the deployment, is the FTD Failing over by any chance, check the Logs and failover status.
check do you have any connectivity issue between these 2 nodes.
Capture the Logs - if this happening frequently connect console and get logs when this occurs again.
TAC is the best option to followup again, they are matter of experts and seen many cases as eample like you. (my suggestion to make sure we understand why this causing the issue ?)
For sometime can you Break the HA and see if the connectivity is stable ?
07-27-2024 04:40 AM
Actually FTDs are not failing over during this time. TAC suggested us to break HA and reimage boxes. but still we have the issue. finally we got new replacement FTDs and configured them manually rather importing old config. still we are having the issue on new FTDs.
07-27-2024 04:50 AM
Hello @dil2
Not having troubleshooted this myself, from the looks of it, I would say you have a duplicated IP on your network, re-using your FDM Management IP.
I would go to another device (ideally the Gateway for your Management network) on the same layer 2 and start tracking the ARP entry for your management IP. Check the MAC Address while it is working, and when is not working.
Depending on the device you are using to monitor this you may need to clear the arp table and try to ping/connect to the management IP again.
07-27-2024 05:08 AM
thanks Luizil, thats a good point. i will check this.
07-27-2024 05:09 AM
My suggestion was Break the HA and run only single node and test for some days.
Also good point other post check the ARP and MAC tables on the switch connection do you have any Duplicate address
Also check any random routing issues around.
You need to provide more information about your network. If you have same VLAN and same subnet is that works ?
Check on the console logs ?
07-27-2024 05:15 AM
thanks BB, appreciate your reply. i will do some checks based on this now.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide