Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3577
Views
0
Helpful
2
Replies

FMC - FTD Registration Fails due to Discovery Failure

osama.mehtab.ga
Level 1
Level 1

‎05-15-2019 10:54 PM - edited ‎02-21-2020 09:08 AM

Hello Fire-Jumper Community,

I'm have a FMC in which I have added 1x Firepower 4120 FTD Instance and 8x ASA5508-X FTDs. I am currently unable to get my FMC to register another Firepower 4120 FTD which is in the same network.


Connectivity Checks:

1. FTD is able to communicate with FMC (ping success, telnet port 8305 success)

2. FTD & FMC are in same network :)


Steps to connect:

1. Add manager in the FTD with the Key

2. Add the FTD in the FMC with the same key


Output in FMC:

1. Registration shows the "Green Tick - Register".
Communication with <Firewall Name> established, discovery in progress

2. Then appears a "Red Error Message - Discovery"
<Firewall Name> - Discovery failed due to internal error. If problem persists, contact Cisco TAC.

3. Then FMC starts the "Unregistration".
Unregistration completed. <Firewall Name> - Unable to get status message

 

2019-05-16_15h38_16.png

 

I was able to find in the bug search tool the bug "CSCvg62301" that can be the cause of this problem.

Conditions of bug CSCvg62301 :
The can happen with a slow link between the FMC and the device. During discovery, policies are synced between FMC and device, and those can timeout.

Logs in action queue would show RPC timeouts during discovery phase


What I fail to understand is that both devices are on same network and there is not much latency involved then what can be cause of this problem and how to fix it?

10 people had this problem
Labels:
0 Helpful
2 Replies 2

mateens
Level 1
Level 1

‎08-09-2021 02:46 AM

was it solved ? have same issue

0 Helpful

msc_
Level 1
Level 1

‎02-23-2024 03:59 AM

I had this too, conditions pretty much matched CSCvt08514(https://quickview.cloudapps.cisco.com/quickview/bug/CSCvt08514)

My device was ISA-3000 on code 7.0.1.

Also, I wasn't able to start FDM to manage the device locally, so what I did was an upgrade with the procedure in below article (FTD -> FTD section). I went from 7.0.1 to 7.2.5.
Cisco Secure Firewall ASA and Secure Firewall Threat Defense Reimage Guide - Cisco

Hope this helps someone in the future

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card