03-08-2021 01:35 AM
I have a strange issue on a fresh installed Firepower 1010 box.
The firewall has a normal internet connection configured, and is registered with it's smartnet contract.
It is able to get the hourly Security intelligence feeds, but fails the geo, intrusion and vdb updates.
I can install them manually by downloading from cisco and uploading to the device, but i prefer the daily automatic updates offcourse.
The error in FMC says: Connectivity problems. Unable to download the rule update. Please try again later.
Any clue on this?
I was thinking MTU issues because i use a PPPoE connection, but after lowering MTU on the outside interface to 1448, i still have the issue. (I cannot find a setting for MSS-clamping)
Solved! Go to Solution.
03-08-2021 02:11 AM
I did some digging into TCP MSS, and created a flexconfig policy with MTU 1448: (1448 by my ISP advice)
sysopt connection tcpmss 1448
With that setting applied, i can connect to the SSL port, and i can retrieve the updates.
03-08-2021 01:37 AM
before we look MTU Settings, make sure device has reachability to cisco sites :
03-08-2021 01:44 AM
Thanks for your fast reply!
It seems like there is something with the connection; the hostname does resolve, but the SSL connection doesn't work as expected, there is no certifcate coming up:
admin@FP-1010:~$ dig support.sourcefire.com
; <<>> DiG 9.10.2-P4 <<>> support.sourcefire.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36052
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;support.sourcefire.com. IN A
;; ANSWER SECTION:
support.sourcefire.com. 3600 IN A 50.16.210.129
support.sourcefire.com. 3600 IN A 50.19.123.95
support.sourcefire.com. 3600 IN A 54.221.210.248
;; Query time: 84 msec
;; SERVER: 208.67.222.222#53(208.67.222.222)
;; WHEN: Mon Mar 08 09:42:06 UTC 2021
;; MSG SIZE rcvd: 99
admin@FP-1010:~$ sudo openssl s_client -connect support.sourcefire.com:443
CONNECTED(00000003)
03-08-2021 01:51 AM
have you registered the device with a smart license? is this a first-time setup or a working one broken?
if this is the first time, the device needs to register to the smart License to get updates.
03-08-2021 02:02 AM
The unit has been freshly installed (6.6.1) and registered with a smartcontract.
According to the firewall, all connections are fine:
The weird thing is that the hourly Security Intelligence Feeds are being downloaded.
03-08-2021 02:11 AM
I did some digging into TCP MSS, and created a flexconfig policy with MTU 1448: (1448 by my ISP advice)
sysopt connection tcpmss 1448
With that setting applied, i can connect to the SSL port, and i can retrieve the updates.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide