Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
804
Views
3
Helpful
4
Replies

FTD: Again - Unable to reach Cisco Cloud from the device

swscco001
Level 3
Level 3

‎04-17-2024 01:11 AM

Hello everybody,

our customer is using the FMCv rel. 7.2.5.1 and many FTDs.

After de-register/re-register the FMC in the Smart Software Manger
because another error message four devices (7.0.1 & 7.0.5) four
devices show the error:

Threat Data Updates on Devices
Apr 17, 2024 9:46 AM
Cisco Support Diagnostics Configuration - failure. Cisco Cloud Configuration - Unable to reach Cisco Cloud from the device. Please check the network connection. see less
Data Update Status
Data Type	Status
Cisco Support Diagnostics Configuration	failure
SI DNS Lists and Feeds	Success
Threat Configuration	Success
SI Network Lists and Feeds	Success
AMP Dynamic Analysis	Success
URL Category and Reputation	Success
SI SHA Lists (from TID)	Success
SI URL Lists and Feeds	Success
Local Malware Analysis Signatures	Success
Cisco Cloud Configuration	Unable to reach Cisco Cloud from the device. Please check the network connection.
URL Category and Reputation Metadata	Success
URL Category and Reputation	Success

I went to the CLI of an effected device and can ping tools.cisco.com
from the management and data interface:

> ping system tools.cisco.com
PING tools.cisco.com (173.37.145.8) 56(84) bytes of data.
64 bytes from tools2.cisco.com (173.37.145.8): icmp_seq=1 ttl=238 time=111 ms
64 bytes from tools2.cisco.com (173.37.145.8): icmp_seq=2 ttl=238 time=129 ms
64 bytes from tools2.cisco.com (173.37.145.8): icmp_seq=3 ttl=238 time=112 ms
64 bytes from tools2.cisco.com (173.37.145.8): icmp_seq=4 ttl=238 time=111 ms
64 bytes from tools2.cisco.com (173.37.145.8): icmp_seq=5 ttl=238 time=113 ms
64 bytes from tools2.cisco.com (173.37.145.8): icmp_seq=6 ttl=238 time=111 ms
^C
--- tools.cisco.com ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 8ms
rtt min/avg/max/mdev = 111.407/114.636/128.736/6.330 ms

> ping tools.cisco.com
Please use 'CTRL+C' to cancel/abort...
Sending 5, 100-byte ICMP Echos to 72.163.4.38, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 110/110/110 ms

The DNS servers coming from the platform settings are ok in my eyes:

> show network
===============[ System Information ]===============
Hostname                  : FTD-BOL-01
Domains                   : pfaudler.com
DNS Servers               : 208.67.222.222
                            208.67.220.220
                            2620:119:35::35
DNS from router           : enabled
Management port           : 8305
IPv4 Default route
  Gateway                 : 10.50.50.1
  Netmask                 : 0.0.0.0


==================[ management0 ]===================
State                     : Enabled
Link                      : Up
Channels                  : Management & Events
Mode                      : Non-Autonegotiation
MDI/MDIX                  : Auto/MDIX
MTU                       : 1500
MAC Address               : CC:ED:4D:74:2B:80
----------------------[ IPv4 ]----------------------
Configuration             : Manual
Address                   : 10.50.50.3
Netmask                   : 255.255.255.248
Gateway                   : 10.50.50.1
----------------------[ IPv6 ]----------------------
Configuration             : Disabled

===============[ Proxy Information ]================
State                     : Disabled
Authentication            : Disabled

Other devices with the same DNS-Servers do not show this error message.

What can I still do to get rid of this error message?

Thanks a lot for every hint!




Bye
R.

0 Helpful
4 Replies 4

marce1000
VIP
VIP

‎04-17-2024 02:19 AM

 

                - Does the device have full https reachability to tools.cisco.com too ?

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

swscco001
Level 3
Level 3
In response to marce1000

‎04-18-2024 07:17 AM

Hi marce1000,

thanks for this!

Can I test the https reachability to tools.cisco.com from the firewall's CLI ?

Thanks a lot!



Bye
R.

0 Helpful

marce1000
VIP
VIP
In response to swscco001

‎04-18-2024 07:25 AM

 

   - Depends what shell features are available on the FTD , on more standard linux you have for instance wget and nmap

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card