Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2265
Views
0
Helpful
2
Replies

Firesigth DC 750 Management Interface - Sourcefire Cloud updates

michalis1234
Level 1
Level 1

‎01-12-2017 01:38 PM - edited ‎02-21-2020 05:59 AM

Dear all,

I have an DC 750 Firesigth Appliance that manages 3 ASA 5515X Firepower modules. Last week I have upgraded the appliance and the modules to version 6.1.0.1. Since then i have an issue obtaining updates and generally connecting to the sourcefire cloud.

I used only eth0 interface of the appliance for management purposes-event traffic and also have configured a proxy on the management interface configuration.

I believe after the upgrade to version 6.1.0.1  I can no longer connect to the sourcefire cloud behind a proxy.

I decided to connect interface eth1 directly to another internet connection in order to perform the updates and use the amp capabilities of sourcefire.

I have configured the ip address and the required static routes, but unfortunately i get the error cannot connect to update server.

After some troubleshooting the nslookup is working fine for support.sourcefire.com but the sudo openssl s_client -connect support.sourcefire.com:443 command does not. But if i replace the support.sourcefire.com with -> 54.221.210.248. it works fine.

Hence the issue is that the first request is exiting eth0 because of the default route while the second is exiting eth1 because i have a static route to host 54.221.210.248. Is there a way to change the default route from eth0 to eth1. How can i point the requests for urls to eth1 ?

0 Helpful
2 Replies 2

Rahul Govindan
VIP Alumni
VIP Alumni

‎01-15-2017 07:29 PM

"support.sourcefire.com" may point to different ip addresses, so having just a single ip address may not help. You would need to have all the ip addresses route to eth1 if you need to achieve a static capability. Most of the ip addresses are given here in this doc:

http://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118791-technote-firesight-00.html

Domain: support.sourcefire.com
URL: https://support.sourcefire.com
Port: 443/tcp (bidirectional)
IP Address: 50.19.123.95, 50.16.210.129
Additional IP Addresses that are also used by the support.sourcefire.com (in round robin method) are:
54.221.210.248
54.221.211.1
54.221.212.60
54.221.212.170
54.221.212.241
54.221.213.96
54.221.213.209
54.221.214.25
54.221.214.81

Another option is to change the default route completely to Eth1 to avoid proxy issues. But beware of any implications that it may have to your access to the Manager itself. You may have to change this via console during a downtime and re-register the devices again.

0 Helpful

michalis1234
Level 1
Level 1
In response to Rahul Govindan

‎01-16-2017 08:35 AM

Hi Rahul, 

Thanks for the answer!

I have spent a couple of hours today looking at this issue! I did have all the routes for support.sourcefire.com but still the same. Your recommendation to make the eth1 interface the default one i think is the most robust solution.

Today i have setup a test proxy using http digest authentication as recommended by the guides. I have disabled eth1. Updates worked fine. Amp connection not at all!! I then setup a dns server on the same server acting as proxy in order to provide dns resolution as well as web proxy functionality to my dc750. I can correctly resolve api.amp.sourcefire.com but i cannot select and register to any cloud!! 

As it seems the amp cloud needs the dc to be connected in an internet facing subnet!

Can you comment on that, is this a prerequisite ? 

Your previous recommendation makes more sense to me! But i need to verify that any interface configuration change does not cause any damage for example license invaludation,etc...

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card