Solved: FMC is not responding

timothy_MTS · ‎11-24-2024

Hello everyone,

Recently my Cisco Firepower Management Center VMWare is having some issues. I used to access to the vFMC through the webGUI. But during the last few days, when I access it, it prompts 500 Internal Server Error.

I then tried to access through the SSH, but not succeed, saying Port 22: Connection Refused

I then have a check on the VMware, I found this VM seems not happy and it shows some errors could be related to the hard drive.

I am planning to restart the VM itself through the VMWare console. Currently the machine is not accessible but the FW is still running. VPN also working.

I tried to see what if it stuck during the restart or it will never be able to start up again, will I get more worse than as of now.

PS. I have the Firewall with two contexts system in our environment. I tried to access them through the SSH as well as the Cisco ASDM. They all working fine at the moment.

Thanks in advance. Regards,

Timothy

Kasun Bandara · ‎11-24-2024

@timothy_MTS hi, seems like disk issue as you observed, and it looks like FMC service is not properly running now.

normally it's not recommend using snapshots for FMC VMs, as it may break the DB may corrupt. if you have previous config backup form FMC you can use that as a restoration method in case if VM got any issue.

If you have cisco support, try with TAC to find the solution. if not, only option is shutdown the VM and start again. but as disc showing errors, you can start VM in healthy disk.

Also as another option you can create new FMC and try move the working firewalls to new FMC with licenses.

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB

View solution in original post

balaji.bandi · ‎11-24-2024

FMC is a management and orchestration tool, so it does not impact the operation level. However, you can not manage the policy and monitor FTD Firewalls.

According to the information, there is an issue with FMC virtual. Do you happen to have a backup? or snapshot of the VM of the last time working condition

if so you can re-build another one and restore backup.

PS. I have the Firewall with two contexts system in our environment. I tried to access them through the SSH as well as the Cisco ASDM. They all working fine at the moment.

I am confused here. How can you manage using ASDM? Is this ASA Code running, or FTD code running?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

Kasun Bandara · ‎11-24-2024

@timothy_MTS hi, seems like disk issue as you observed, and it looks like FMC service is not properly running now.

normally it's not recommend using snapshots for FMC VMs, as it may break the DB may corrupt. if you have previous config backup form FMC you can use that as a restoration method in case if VM got any issue.

If you have cisco support, try with TAC to find the solution. if not, only option is shutdown the VM and start again. but as disc showing errors, you can start VM in healthy disk.

Also as another option you can create new FMC and try move the working firewalls to new FMC with licenses.

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB

balaji.bandi · ‎11-24-2024

FMC is a management and orchestration tool, so it does not impact the operation level. However, you can not manage the policy and monitor FTD Firewalls.

According to the information, there is an issue with FMC virtual. Do you happen to have a backup? or snapshot of the VM of the last time working condition

if so you can re-build another one and restore backup.

PS. I have the Firewall with two contexts system in our environment. I tried to access them through the SSH as well as the Cisco ASDM. They all working fine at the moment.

I am confused here. How can you manage using ASDM? Is this ASA Code running, or FTD code running?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

timothy_MTS · ‎11-26-2024

Thanks for your reply.

This machine was setup ages ago. I just pickup and didn't realize there is any backup nor snapshot from VMware.

Please correct me if I am wrong about the understanding on this vFMC.

- I can restart this VM (vFMC) to see if this can resume to normal.

- During restart, it will not affect my normal operation like, it will not block or disable any traffic.

- if the VM still not picking up, I will need to deploy another image of vFMC.

@balaji.bandiregarding your question, can you tell me how to confirm which one is running? ASA / FTD code.

Appreciate your help.

Timothy

Kasun Bandara · ‎11-26-2024

@timothy_MTS hi, correct. for line 2. there will be no operational impact for FMC restart. for point 3 yes you can. you can install new VM and keep ready as it takes few hours to complete the setup.

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB

balaji.bandi · ‎11-26-2024

I have handled all issues at the top of my post regarding the FMC reboot and build.

Can you tell me how to confirm which one is running? ASA / FTD code.

The show version gives you all the information about the code on the device.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

timothy_MTS · ‎11-27-2024

The vFMC was restarted. I noticed the system rebooted a few times. It looks like it automatically fixes itself. Can now login to the WebGUI. Everything looks fine now.

Also performed the snapshot through the VMWare.

Appreciate for the assistance.

FMC is not responding

Secure Firewall (FMC/FTD): はじめての AI アシスタント

PMTool 소개 (FMC/FTD)

Firewall: FMC GUI のパスワードリカバリーと FMC CLI のパスワード変更について

Thanks Karsten for responding

Migrate an FTD from One FMC to another FMC