Firepower FMC not applying policy to FTD

alexandru-luca · ‎01-09-2025

Hello,

I have a major problem with our Firepower infrastructure comprised of an FMC (7.6) and 2 FTD's in HA. No matter what, after I create an initial policy and apply it to the FTDs, when modifying a rule, say from Allow to Block, and fdeploy, the configuration does not change on the running-config of the FTDs. I tried everything, FTDs are at 7.6 version also and licensed together with the FMC.

And a second problem is that FMC cannot connect to the Cisco Cloud or Talos to get updates, although the default gateway for the platform is set correctly and our network is not filtering anything.

Can you help?

MHM Cisco World · ‎01-09-2025

Start from FTD HA' are HA is healthy?

MHM

Jonatan Jonasson · ‎01-09-2025

Is the deployment successful?

What process are you using to determine that the policy wasn't changed on the FTD?

Regarding cloud updates, aside from the network, is DNS configured correctly?
And have you verified that the FMC can successfully connect to internet resources?

---
Please mark helpful answers & solutions
---

alexandru-luca · ‎01-09-2025

Hello,

HA is healthy. FMC deployments terminate successfully. I run show running-config on the FTD to check the change.

DNS is correctly set up, I tried with Cisco DNS's and now I set up the Google ones.

Marvin Rhoads · ‎01-09-2025

I have never seen a deployment not result in an updated configuration on the managed device(s).

To check cloud connectivity, on your FMC, go to expert mode and sudo su -. Then:

curl -vvk https://smartreceiver.cisco.com

Reference: https://www.cisco.com/c/en/us/support/docs/security/firepower-management-center/215838-fmc-and-ftd-smart-license-registration-a.html