09-26-2023 07:48 PM
Hello everyone,
This time, the license registration of the FDM OS running on the FPR 2110 device was canceled, so an attempt to register it with SSM failed.
The problem is that two 2110 devices are operating as FDM, but the license of one device is maintained normally.
Equipment maintained: Office FW
License communication failure equipment: Fac FW
Both are set up to use the management interface for license communication and database updates.
The bands set in the management interface are the same for both. (192.168.255.0/24)
The top firewall allows 192.168.255.0/24 -> tools.cisco.com:443.
1. Is license registration/DB update actually done through the management interface?
2. Exactly what IP and port does the management interface need to communicate with to register and maintain a license?
3. Office FW maintains license communication, but DB update fails. What IP and port should I communicate with to update the DB?
The connection configuration is as follows.
Top-level firewall > Backbone > Distribution switch > Office FW and Fac FW
thank you
Solved! Go to Solution.
09-27-2023 07:28 AM
Check your NAT rules, both management IP should be covered by the translating rule.
1. Is license registration/DB update actually done through the management interface?
Yes. (Unless you set you Management Interface to Use the Data Interfaces as the Gateway)
2. Exactly what IP and port does the management interface need to communicate with to register and maintain a license?
smartreceiver.cisco.com:443 (146.112.59.81 and others)
I have recorded multiple communicating IP addresses, maybe used for VDB update.
72.163.15.137
52.70.61.174
52.21.117.50
146.112.255.69
Do not test with ping tcp in firewall CLI, it does not work. Check your management IP and gateway and the connection log in the other firewall.
09-27-2023 07:28 AM
Check your NAT rules, both management IP should be covered by the translating rule.
1. Is license registration/DB update actually done through the management interface?
Yes. (Unless you set you Management Interface to Use the Data Interfaces as the Gateway)
2. Exactly what IP and port does the management interface need to communicate with to register and maintain a license?
smartreceiver.cisco.com:443 (146.112.59.81 and others)
I have recorded multiple communicating IP addresses, maybe used for VDB update.
72.163.15.137
52.70.61.174
52.21.117.50
146.112.255.69
Do not test with ping tcp in firewall CLI, it does not work. Check your management IP and gateway and the connection log in the other firewall.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide