Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5622
Views
10
Helpful
7
Replies

Firepower User Agent can not connect with Firepower Management Center

Go to solution
lupingyao
Level 1
Level 1

‎03-29-2016 02:14 PM - edited ‎02-21-2020 05:46 AM

Hi Cisco Support,

I have Problem with Firepower User Agent, when I want to add a Firepower Management Center in Agent, then I will get the Error"can not connect to the Firepower Management Center". you can find the Error in Attachment! I have already added the User Agent in FMC.

My Firepower Management Center Version is 6.0.0.1

and my User Agent 2.3(10)

5 people had this problem
Preview file
9 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
yogdhanu
Cisco Employee
Cisco Employee
In response to lupingyao

‎03-30-2016 07:01 AM

Hi

You don't need to manually open it. if you have added the agent in FMC , then it should be open by default. What I meant was to make sure there is no intermediate firewall between FMC and agent. 

You can do packet capture on FMC cli and check if traffic is reaching there.

>tcpdump -i eth0 port 3306

View solution in original post

7 Replies 7

Go to solution
yogdhanu
Cisco Employee
Cisco Employee

‎03-30-2016 03:22 AM

Hi

Please confirm if the port 3306 is open between your firepower management center and the PC where you have user agent installed. It could be that endpoint security software on your PC might also block this.

Also , please make sure user agent IP is added in FMC>system>integration>identity sources

Thanks

Yogesh

0 Helpful

Go to solution
lupingyao
Level 1
Level 1
In response to yogdhanu

‎03-30-2016 04:37 AM

Hi yogdhanu,

could you tell me how can I open the tcp 3306 in FMC? The user agent ip is added in FMC...

0 Helpful

Go to solution
yogdhanu
Cisco Employee
Cisco Employee
In response to lupingyao

‎03-30-2016 07:01 AM

Hi

You don't need to manually open it. if you have added the agent in FMC , then it should be open by default. What I meant was to make sure there is no intermediate firewall between FMC and agent. 

You can do packet capture on FMC cli and check if traffic is reaching there.

>tcpdump -i eth0 port 3306

Go to solution
johnsonrm@zoominternet.net
Level 1
Level 1
In response to yogdhanu

‎06-23-2016 12:33 PM

Removed.

0 Helpful

Go to solution
dszendol
Level 1
Level 1
In response to yogdhanu

‎07-06-2016 10:37 AM

Hi

I need root password do run this command.

Do You know the SU password for FMC?

regards

0 Helpful

Go to solution
Pujita Patni
Cisco Employee
Cisco Employee
In response to dszendol

‎07-06-2016 10:57 AM

Hi,

The root password is the same as the login password you use to login to the CLI of the device.

Thanks,

Pujita

Rate if it helps !

0 Helpful

Go to solution
Gabrielm1
Level 1
Level 1
In response to yogdhanu

‎04-30-2019 04:16 PM

port 3306 is open between user agent and FMC.

 

23:15:10.477360 IP srv-it-kenn.corp.cbha.org.50128 > firepower.corp.cbha.org.3306: Flags [.], ack 1, win 513, length 0
23:15:10.477632 IP firepower.corp.cbha.org.3306 > srv-it-kenn.corp.cbha.org.50128: Flags [P.], seq 1:83, ack 1, win 229, length 82
23:15:10.517646 IP srv-it-kenn.corp.cbha.org.49938 > firepower.corp.cbha.org.3306: Flags [.], ack 231, win 509, length 0
23:15:10.533297 IP srv-it-kenn.corp.cbha.org.50128 > firepower.corp.cbha.org.3306: Flags [.], ack 83, win 512, length 0
23:15:20.485468 IP firepower.corp.cbha.org.3306 > srv-it-kenn.corp.cbha.org.50128: Flags [F.], seq 83, ack 1, win 229, length 0
23:15:20.485797 IP srv-it-kenn.corp.cbha.org.50128 > firepower.corp.cbha.org.3306: Flags [.], ack 84, win 512, length 0

 

 

Now what?  Still shows unavailable in user agent

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card