Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2543
Views
0
Helpful
3
Replies

FTD can´t be added to FMC

Go to solution
marcio.tormente
Level 4
Level 4

‎09-22-2020 04:15 PM

Hello Folks!

I converted an ASA to FTD and now I can´t add to FMC.

I can ping the FMC by ping system, the FMC can ping the FTD, at some point appear as completed in the show managers, but a few seconds later disappear and the device didn´t appear in the devices list on the FMC.

 

My FMC is running: Cisco Firepower Management Center 4000 v6.4.0.4

FTD is running 6.4 and I have another ASA5525 with the same version working fine.

 

I appreciate any help

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
marcio.tormente
Level 4
Level 4

‎09-23-2020 06:12 PM

After many hours I found the issue, there was an issue with the policy that is working with a similar device, but for some reason that I have no idea, was not taken another device.

I had to create a new policy to add the new device and after that migrate to the correct policy.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎09-22-2020 08:30 PM

Hi

Is the time correct on both devices (FTD and FMC)?
Is there a firewall between these 2 devices?
Have you checked the mtu end to end (make sure no fragmentation happens on your sftunnel?
Can you connect to FTD cli expert mode, enter sudo su, type in password and then run the command: (it'll show you live all logs)

tail -f /ngfw/var/log/messages

 
Try the registration again and share this log file.

While you're in expert mode on FTD, can you run the following command and share it please:

ip route get x.x.x.x where x.x.x.x represents the FMC IP.

 


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

Go to solution
marcio.tormente
Level 4
Level 4
In response to Francesco Molino

‎09-23-2020 09:23 AM

Hello Francesco,

 

thanks for your support.

 

The FTD is new, there is no firewall between the FTD and FMC

 

root@BR238-INT-FTD02:/home/admin# ip route get 10.252.253.220
10.252.253.220 via 10.166.250.1 dev br1 src 10.166.250.111
cache

 

Attached is the log about tail -f /ngfw/var/log/messages

Preview file
79 KB
0 Helpful

Go to solution
marcio.tormente
Level 4
Level 4

‎09-23-2020 06:12 PM

After many hours I found the issue, there was an issue with the policy that is working with a similar device, but for some reason that I have no idea, was not taken another device.

I had to create a new policy to add the new device and after that migrate to the correct policy.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card