Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2045
Views
20
Helpful
7
Replies

FMC Warnings

Go to solution
benolyndav
Level 4
Level 4

‎05-13-2022 01:36 AM

HI

Cab anyone tell me whats causing the below please and possible fix . also below warnings are some tests I ran which were succesful

Thanks

 

 

May 13 07:29:36 CFMC-01 SF-IMS[12342]: [12363] CloudAgent:IPReputation [INFO] The curl option for ip  verify_peer=1  verifyhost=0

May 13 07:29:36 CFMC-01 SF-IMS[12342]: [12363] CloudAgent:IPReputation [INFO] List 8527413e-6167-11e1-a8bf-e99ce99bfdf1 being updated up_freq: 0 need_update: 0

May 13 07:29:36 CFMC-01 SF-IMS[12342]: [12363] CloudAgent:IPReputation [INFO] SF List Sourcefire_Intelligence_Feed being updated

May 13 07:29:36 CFMC-01 SF-IMS[12342]: [12363] CloudAgent:IPReputation [WARN] DownloadFile: Download failure. Retries remaining:  2

May 13 07:29:37 CFMC-01 SF-IMS[12342]: [12363] CloudAgent:IPReputation [WARN] DownloadFile: Download failure. Retries remaining:  1

May 13 07:29:38 CFMC-01 SF-IMS[12342]: [12363] CloudAgent:IPReputation [WARN] Download unsucessful: SSL peer certificate or SSH remote key was not OK

May 13 07:29:38 CFMC-01 SF-IMS[12342]: [12363] CloudAgent:IPReputation [WARN] Cannot download 8527413e-6167-11e1-a8bf-e99ce99bfdf1

May 13 07:29:38 CFMC-01 SF-IMS[12342]: [12363] CloudAgent:IPReputation [INFO] The curl option for dns verifypeer=1    verifyhost=0

May 13 07:29:38 CFMC-01 SF-IMS[12342]: [12363] CloudAgent:URLDNS [INFO] List 43d5bee1-bd7d-4fe3-a1dd-1101181aed48 being updated up_freq: 0 need_update: 0

May 13 07:29:38 CFMC-01 SF-IMS[12342]: [12363] CloudAgent:URLDNS [INFO] SF URL/DNS List Cisco_DNS_Intelligence_Feed being updated

May 13 07:29:39 CFMC-01 SF-IMS[12342]: [12363] CloudAgent:IPReputation [WARN] DownloadFile: Download failure. Retries remaining:  2

May 13 07:29:40 CFMC-01 SF-IMS[12342]: [12363] CloudAgent:IPReputation [WARN] DownloadFile: Download failure. Retries remaining:  1

May 13 07:29:41 CFMC-01 SF-IMS[12342]: [12363] CloudAgent:IPReputation [WARN] Download unsucessful: SSL peer certificate or SSH remote key was not OK

May 13 07:29:41 CFMC-01 SF-IMS[12342]: [12363] CloudAgent:IPReputation [WARN] Cannot download 43d5bee1-bd7d-4fe3-a1dd-1101181aed48

 

---------------------------------------------------------------------------------------------------

admin@CFMC-01:~$ sudo ping intelligence.sourcefire.com

PING intelligence.sourcefire.com (198.148.79.58) 56(84) bytes of data.

64 bytes from intelligence.sourcefire.com (198.148.79.58): icmp_req=1 ttl=47 time=99.1 ms

64 bytes from intelligence.sourcefire.com (198.148.79.58): icmp_req=2 ttl=47 time=98.6 ms

64 bytes from intelligence.sourcefire.com (198.148.79.58): icmp_req=3 ttl=47 time=100 ms

64 bytes from intelligence.sourcefire.com (198.148.79.58): icmp_req=4 ttl=47 time=98.5 ms

64 bytes from intelligence.sourcefire.com (198.148.79.58): icmp_req=5 ttl=47 time=98.9 ms

64 bytes from intelligence.sourcefire.com (198.148.79.58): icmp_req=6 ttl=47 time=99.5 ms

64 bytes from intelligence.sourcefire.com (198.148.79.58): icmp_req=7 ttl=47 time=98.0 ms

^C

--- intelligence.sourcefire.com ping statistics ---

7 packets transmitted, 7 received, 0% packet loss, time 6000ms

rtt min/avg/max/mdev = 98.099/99.087/100.598/0.794 ms

 

---------------------------------------------------------------------------------------------------------------------------

 

admin@CFMC-01:~$ sudo telnet intelligence.sourcefire.com 443

Trying 198.148.79.58...

Connected to intelligence.sourcefire.com.

Escape character is '^]'.

 

--------------------------------------------------------------------------------------------------------------------------------

 

 

admin@CFMC-01:~$ sudo nslookup intelligence.sourcefire.com

 

Non-authoritative answer:

Name:   intelligence.sourcefire.com

Address: 198.148.79.58

Name:   intelligence.sourcefire.com

Address: 2620:28:c000:0:aba:ca:daba:58

 

0 Helpful
1 Accepted Solution

Accepted Solutions
7 Replies 7

Go to solution
Rob Ingram
VIP
VIP

‎05-13-2022 01:42 AM

@benolyndav does your FMC trust the root certificate in use?

Are you decrypting the SSL traffic?

 

Go to solution
benolyndav
Level 4
Level 4
In response to Rob Ingram

‎05-13-2022 02:15 AM

Hi 

 

 

@benolyndav does your FMC trust the root certificate in use?

Trust what Root Cert ? which one do I look for ??

 

Are you decrypting the SSL traffic?

Default SSL policy do not decrypt

 

 

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to benolyndav

‎05-13-2022 04:15 AM

@benolyndav the root certificates of intelligence.sourcefire.com. You can open that URL in a browser to determine the root certificates and then check the FMC to determine if you have the certificates.

 

What version of FMC/FTD are you running?

 

Has this ever worked or a new issue?

Go to solution
benolyndav
Level 4
Level 4
In response to Rob Ingram

‎05-13-2022 04:49 AM

Hi Rob

Version 6.6.5

and yes I started noticing the warning message a while ago but was advised it was a bug, now im not sure

 

I do see the identTrust certs in Cisco trusted ca groups although I dont see the HydrantID cert which I see in the chain when i browse to the site.??

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-13-2022 09:21 AM

In addition to what @Rob Ingram correctly noted, there's also a Field Notice advising customers on this issue:

https://www.cisco.com/c/en/us/support/docs/field-notices/723/fn72332.html

Go to solution
benolyndav
Level 4
Level 4
In response to Marvin Rhoads

‎05-17-2022 04:17 AM

Thanks Marvin

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card