Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1314
Views
0
Helpful
7
Replies

Firepower integrated with public cloud

peter.peng
Level 1
Level 1

‎12-13-2018 06:14 PM - edited ‎03-12-2019 07:10 AM

Hi Sir:

    When I want to integrated with public cloud. I can't link to public cloud. I had tried to ping below server. But I just can ping to one server. I had confimed with FW. The policy from inside to outside is permit all. Could you help to find the root cause ? Thanks

螢幕快照 2018-12-14 上午10.00.53.png螢幕快照 2018-12-14 上午9.54.40.png

Labels:
0 Helpful
7 Replies 7

Francesco Molino
VIP Alumni
VIP Alumni

‎12-13-2018 08:32 PM

Hi

The Cloud server fqdn is cloud-ec.amp.cisco.com

Take a look on this documentation:
https://www.cisco.com/c/en/us/support/docs/security/sourcefire-amp-appliances/118121-technote-sourcefire-00.html

Your firewall should let passes tcp-443 towards AMP Cloud servers.
You can validate it doing the following command on your firewall:
packet-tracer input inside tcp a.b.c.d 12345 e.f.g.h 443 detail
- a.b.c.d is your fmc ip
- e.f.g.h is public ip of AMP Cloud server
- inside is your zone where fmc sits in (LAN)

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

peter.peng
Level 1
Level 1
In response to Francesco Molino

‎12-13-2018 09:45 PM

Hi Sir:

   I can't find this command. You can refer to below information. I can't type any IP address after https.

螢幕快照 2018-12-14 下午1.31.27.png 

I had confirmed the FTD policy rule. From inside to outside, we permit any to any. 

So I think we should not confirm the traffic from inside to Cisco cloud. 

 

0 Helpful

Abheesh Kumar
VIP Alumni
VIP Alumni
In response to peter.peng

‎12-13-2018 10:59 PM - edited ‎12-13-2018 11:00 PM

Hi,
enter below commads
system support diagnostic-cli
enable
Then enter, type the packet tracer command

Packet-tracer input INSIDE_INTERFACE tcp 192.168.0.120 443 8.8.8.8 443

 

below is the cli commad reference guide for FTD

https://www.cisco.com/c/en/us/td/docs/security/firepower/command_ref/b_Command_Reference_for_Firepower_Threat_Defense/dr.html

 

Hope This Helps

Abheesh

 

0 Helpful

Francesco Molino
VIP Alumni
VIP Alumni
In response to peter.peng

‎12-14-2018 05:47 AM

On your command you forgot the end as I gave you in my previous post: e.f.g.h 443

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

peter.peng
Level 1
Level 1
In response to Francesco Molino

‎12-14-2018 07:31 AM

Hi Sir:

    I had found the root cause and fixed it. But I had tried to type the command that you suggested. But I can't type it. You can refer to below photo.

I can't type the destination IP address,it just can type the MAC address.

螢幕快照 2018-12-14 下午10.50.33.png

 

0 Helpful

Francesco Molino
VIP Alumni
VIP Alumni
In response to peter.peng

‎12-14-2018 09:55 PM

Your interface is really need inside_interface?

Anyways, what was your issue?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

peter.peng
Level 1
Level 1
In response to Francesco Molino

‎12-15-2018 08:34 PM

Hi Sir:

   Root Cause:

          When I setup the public cloud. I choose the "Use for AMP for Firepower"

   

   螢幕快照 2018-12-16 下午12.32.31.png

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card