cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
338
Views
2
Helpful
1
Replies

FPR2110 FDM license communication failed.

Hello everyone,
This time, the license registration of the FDM OS running on the FPR 2110 device was canceled, so an attempt to register it with SSM failed.

The problem is that two 2110 devices are operating as FDM, but the license of one device is maintained normally.

Equipment maintained: Office FW
License communication failure equipment: Fac FW

Both are set up to use the management interface for license communication and database updates.
The bands set in the management interface are the same for both. (192.168.255.0/24)

The top firewall allows 192.168.255.0/24 -> tools.cisco.com:443.

1. Is license registration/DB update actually done through the management interface?
2. Exactly what IP and port does the management interface need to communicate with to register and maintain a license?
3. Office FW maintains license communication, but DB update fails. What IP and port should I communicate with to update the DB?

The connection configuration is as follows.

Top-level firewall > Backbone > Distribution switch > Office FW and Fac FW
thank you

1 Accepted Solution

Accepted Solutions

Peter Koltl
Rising star
Rising star

Check your NAT rules, both management IP should be covered by the translating rule.

1. Is license registration/DB update actually done through the management interface?

Yes. (Unless you set you Management Interface to Use the Data Interfaces as the Gateway

 

2. Exactly what IP and port does the management interface need to communicate with to register and maintain a license?

smartreceiver.cisco.com:443  (146.112.59.81 and others)

I have recorded multiple communicating IP addresses, maybe used for VDB update.

72.163.15.137

52.70.61.174

52.21.117.50

146.112.255.69

 

 

Do not test with ping tcp in firewall CLI, it does not work. Check your management IP and gateway and the connection log in the other firewall.

View solution in original post

1 Reply 1

Peter Koltl
Rising star
Rising star

Check your NAT rules, both management IP should be covered by the translating rule.

1. Is license registration/DB update actually done through the management interface?

Yes. (Unless you set you Management Interface to Use the Data Interfaces as the Gateway

 

2. Exactly what IP and port does the management interface need to communicate with to register and maintain a license?

smartreceiver.cisco.com:443  (146.112.59.81 and others)

I have recorded multiple communicating IP addresses, maybe used for VDB update.

72.163.15.137

52.70.61.174

52.21.117.50

146.112.255.69

 

 

Do not test with ping tcp in firewall CLI, it does not work. Check your management IP and gateway and the connection log in the other firewall.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: