cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
309
Views
6
Helpful
6
Replies

FTD: Unable to reach FQDNs in the Internet

swscco001
Level 3
Level 3

Hello everybody,

our customer has 1 cluster of two Firepower 1120 running rel. 7.4.2.1
managed by the FMCv running rel. 7.4.2.1 too.

The Health Monitor shows the error message:
Cisco Cloud Configuration - Unable to reach Cisco Cloud from the device. Please check the network connection..
for both devices.

The firewalls can resolve FQDNs in th Internet:

admin@firepower:~$ nslookup api-sse.cisco.com
Server:         192.168.100.25
Address:        192.168.100.25#53

Non-authoritative answer:
api-sse.cisco.com       canonical name = api-sse.cisco.com.akadns.net.
Name:   api-sse.cisco.com.akadns.net
Address: 54.166.161.63
Name:   api-sse.cisco.com.akadns.net
Address: 3.82.76.181
Name:   api-sse.cisco.com.akadns.net
Address: 2600:1f18:56c:200a:48c5:ffc1:9e69:b18a
Name:   api-sse.cisco.com.akadns.net
Address: 2600:1f18:56c:200b:d1e:17aa:513b:e947

It can ping IP addresses in the Internet:

> ping 8.8.8.8
Please use 'CTRL+C' to cancel/abort...
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/10 ms

But when I try to ping FQDNs in the Internet the ping responds with "U" (unreachable):

> ping intelligence.sourcefire.com
Please use 'CTRL+C' to cancel/abort...
Sending 5, 100-byte ICMP Echos to 2620:28:c000:0:aba:ca:daba:58, timeout is 2 seconds:
UUUUU
Success rate is 0 percent (0/5)

> ping www.google.com
Please use 'CTRL+C' to cancel/abort...
Sending 5, 100-byte ICMP Echos to 2a00:1450:4016:80c::2004, timeout is 2 seconds:
UUUUU
Success rate is 0 percent (0/5)

What is going wrong here?

Every hint is welcome.

Thanks a lot!

 

Bye
Rene