cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6604
Views
0
Helpful
11
Replies

FireSight unable to manage sensor

arthur.lo1
Level 1
Level 1

Hi, 

I'm upgrading the sensor from 5.4.0 to 5.4.0.2. 

During the upgrade, the FireSight is unable to manage sensor back. I have checked the sensor version is 5.4.0.1 now.

 

When I try to add sensor from FireSight, it pop-up a dialogue box "Could not establish a connection with sensor. Make sure the registration keys match, that the software versions are compatible, and that the network is not blocking the connection."

I have double checked the connection and registration keys. FireSight is able to ping the sensor and the registration keys are match. 

 

The FireSight version is 5.4.1.1

I would like to know how FireSight able to manage the sensor and continue the upgrade. Or any way to fallback the sensor version?

 

Appreciate if anyone can help me to solve this problem. I'm URGENT to fix it. Thanks so much!!

 

Best regards,

Arthur

11 Replies 11

peterfaber
Level 1
Level 1

Hi,

I have the same problem (with a new install, not upgrade) cannot add devices. same error code.

FireSight version 5.4.1.1

sensor versions:

Sourcefire Linux OS v5.4.0 (build 127)
Sourcefire ASA5515 v5.4.0 (build 764)

 

is the software not compatible ???

Hi, 

It should be compatible. I have another FireSight with sensor and it's work. I don't know why one of the sensor cannot be managed by FireSight during upgrade. 

 

Hardware appliances which are not work:

Cisco FireSIGHT Management Center 750

Cisco FirePOWER 7125

 

Hardware appliances which are working properly:

Cisco FireSIGHT Management Center 1500

Cisco FirePOWER 8150 

 

Regards,

Arthur

The issue has been solved. It is caused by interrupt the upgrade manually. Cisco's engineer help me to resume the upgrade. After the upgrade finished, the FireSight is able to manage the sensor again.

 

Regards,

Arthur

Can you explain how you allowed it to resume the upgrade?

I had the same error. My solution was to reinstall the FirePOWER module in the ASA completely from Recover mode.

Cisco engineer use WebEx to remote my computer for check the sensor and resume the upgrade. He checked the upgrade status and resume the upgrade from the stopped point of last upgrade.

I have a similar problem
Product Model Virtual Defense Center 64bit
Software Version 5.4.1.7
Operating System Sourcefire Linux OS
Operating System Version 5.4.0
Cisco Network Sensor Patch 5.4.0.8-23

Hello Etsoy,

Do you want to resume the upgrade or are yo facing issues while adding the Firepower ?

Regards 

Jetsy

I too have a similar problem on  between a firepower manager (version 6.0.0 build 1005) on the core network and Sourcefire module  version 6.00 on an ASA in the dmz.

Communications between the two devices are bi-directiona on tcp/8305 and you can see those occurring on the inside firewall. 

NAT is involved, so the manager add command is on the SFR is : manager add <nat ip>  cisco4321 firewpower.  

From the firepower manager adding the device by the IP address and by entering the first registration key, cisco4321, starts the communication flowing, but the firepower fails to add the device saying check communications & keys.

Anyone got any clues ?

Thanks in advance

Hello Team,

This sensor registration issue can be due to network connectivity or existing peer entry in database. You need to open a TAC case to rectify the issue. Make sure that your deployment setup is proper before that.

http://www.cisco.com/c/en/us/support/docs/security/ips-sensor-software-version-71/113690-ips-config-mod-00.html

Please verify the above link and let me know which is your scenario. If the deployment is not right then you will not be able to add the Firepower device.

Rate if this post helps you.

Regards

Jetsy 

Thanks... Two issues found.

1. I had missed a hidden drop down NAT box at the bottom of the Add Device windows..

2. Licenses installed initially using ASADM could not then be transferred to the Firepower manager without involving licencing 

Many thanks for your reply though

Best wishes

marcio.tormente
Level 4
Level 4

Hello,

 

I have the same problem:

Defense Center running software version: 5.4.0

No updates available 

Cisco Linux OS v5.4.1 (build 12)
Cisco ASA5506 v5.4.1 (build 211)

The ASA have a new version, but if there is no updades available to DC, how can I add a new device?

 

Thanks 

Review Cisco Networking for a $25 gift card