Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1147
Views
15
Helpful
5
Replies

FireSIGHT low bandwidth high latency to remote sensor.

Rellish83
Level 1
Level 1

‎09-16-2016 03:57 PM - edited ‎03-10-2019 06:41 AM

All,

I'm having an issue pushing an Access and Intrusion Policy to a remote sensor over a Satellite link with high latency and low bandwidth.  Latency is about ~700ms and bandwidth is about 116k, I know state of the art right.  It is experiencing RPC timeouts when pushing the policy updates.  I know the DC is trying to push this policy as ng_apply_pack.tgz which is about 19mb.  I can run this command on the DC “time sfmgr –c “PUTFILE /var/tmp/testfile500k /var/tmp/testfile500k” –u (UUID of sensor)” and will be successful, if i try and make it any bigger it fails.  When adding the -t option for the RPC even at 2000sec it will still fail at a 1mb file.  Any ideas or suggestions would be greatly appreciated it.  Running DC 5.4.1.7 and Senor 5.4.0.8.

Thanks 

Labels:
0 Helpful
5 Replies 5

Dennis Perto
Level 5
Level 5

‎11-16-2016 12:25 AM

Hi

If you have tried to edit the RPC settings on the Management Center and it did not work, then I would recommend that you upgrade to Firepower 6.X. 

Instead of pushing the config form the MC, the sensor will pull.

Dennis Perto
Level 5
Level 5
In response to Dennis Perto

‎11-16-2016 12:27 AM

If you want to play with RPC timeouts, you can try this.
If it fails, you are on your own.

Step 1: Create the file /etc/sf/rpc_timeout.conf on the DC:

admin@DC:~$ sudo touch /etc/sf/rpc_timeout.conf

Step 2: Edit the file to include the following lines with the default values:

rpc_timeout 120;
command_timeout 240;
wait_timeout 600;

Step 4: Increase or decrease the timeout values as needed. For example:

rpc_timeout 128;
command_timeout 785;
wait_timeout 842;

Changing these values overrides the default timeouts.

rpc_timeout = Overrides the default of 120 seconds for RPC (Remote Procedure Calls)
command_timeout = Overrides the default of 240 seconds for file copy operations
wait_timeout = Overrides the default of 600 seconds for distributed calls and Policy applies from a Master Defense Center.

Rellish83
Level 1
Level 1
In response to Dennis Perto

‎11-16-2016 10:33 AM

Thanks for the response.  I have tried to adjust those RPC timeouts and I am still unsuccessful in transferring the policies.  I will not be able to upgrade to 6.X until I upgrade the memory on the Defense Centers.

0 Helpful

Dennis Perto
Level 5
Level 5
In response to Rellish83

‎11-17-2016 01:13 AM

If you have a FS/DC750, DC1500 or DC3500 you can order a free memory upgrade here:
http://www.cisco.com/c/en/us/support/docs/field-notices/640/fn64077.html

Rellish83
Level 1
Level 1
In response to Dennis Perto

‎11-17-2016 08:34 AM

Wow thank you for the help I did not know this was a free option.  Really appreciate the support I will see if this can fix the issue.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card