Several of my FirePOWER sensors (7020 and 7030's running 22.214.171.124) are alerting for time sync. The FireSIGHT is syncing fine with the assigned NTP server, but the FirePOWER sensors do not sync. I have gone through this document Troubleshoot Issues with Network Time Protocol (NTP) on FireSIGHT Systems and everything seems fine. Could something be wrong with the Management Virtual Network passing the time sync?
>Show ntp on the FirePOWER reads:
NTP server :127.0.0.2 (Cannot Resolve)
Status : Unknown
Offset : -8.800
Last Update: 12d (Seconds)
$ ntpq -pn
remote refid st t when poll reach delay offset jitter
Ideally you should sync the Firesight Management Center from either the Sourcefire global NTP or your local NTP server. Then the Firepower should be synced with Firesight.Here in the output it looks like the NTP server is not ye configured. Verify the connectivity (use ping commands and confirm the network connectivity ) between the NTP and Firesight. If you configured the NTP details in the Firesight , you should be able to see the same after the system policy reapply.
We’re excited to announce new capabilities with Secure Endpoint that allow you to simplify your security and maximize your security operations: Unify your security stack and reduce agent fatigue with Cisco Secure Client; harness integrated risk-based vuln...
Listen: https://smarturl.it/CCRS8E47 Follow us: twitter.com/CiscoChampion
Ransomware, fileless malware, and zero-day attacks continue to target organizations around the world. In response, organizations have resorted to deploying a variety of di...
This is a general information page for Cisco Threat Centric (TC-NAC) with ISE
Threat Centric Network Access Control (TC-NAC) feature enables you to create authorization policies based on the threat and vulnerability attributes received from the th...
The 2021 IT Blog Awards, hosted by Cisco, is now open for submissions. Submit your blog, vlog or podcast today. For more information, including category details, the process, past winners and FAQs, check out: https://www.cisco.com/c/en/us/t...
Cisco Secure Endpoint (formerly AMP for Endpoints) will decommission legacy cloud servers, which results in Legacy Windows Connector Versions 3.x/4.x and Mac Connector Version 1.0.x ceasing to ...