Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
972
Views
0
Helpful
1
Replies

How to rebuild the /etc/sf/sftunnel.conf

Go to solution
rosarra
Level 1
Level 1

‎06-25-2023 10:27 PM

Hello,

I have a problem with the HA configuration of two FMCs. In the standby appliance in the sftunnel configuration file I found an ip address which does not exist and which the process keeps trying to reach. After some investigation I found that the wrong address actually existed in the db. Using the tool OmniQuery.pl I removed the orphan ip:
OmniQuery.pl -db mdb -e "select name,ip,uuid,role from EM_peers where role !=0;"
OmniQuery.pl -db mdb -e "delete from EM_peers where name = 'xx.xx.xx';"
But now I need to rebuild the sfconfig file to align it with the one on the master machine.

Any ideas other than breaking HA and rebuilding it?

Thx

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
shariri
Cisco Employee
Cisco Employee

‎09-30-2024 02:44 PM

Please make sure that you are following the correct procedure for troubleshooting, please review this public article:
https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/215540-configure-verify-and-troubleshoot-firep.html#toc-hId-36994364
On the other hand, if you want to rebuild the [sftunnel.conf] If the config file is empty please reach out to TAC in advance to figure out the root cause.
If you reach out to TAC engineers they can provide you with the procedure for corrupting the sftunnel file.
> Take a backup of existing files> Paste the content of fresh new Sftunnel.conf > Change the permissions > Update and fetch data with perl > Restart the process with pmtool.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
shariri
Cisco Employee
Cisco Employee

‎09-30-2024 02:44 PM

Please make sure that you are following the correct procedure for troubleshooting, please review this public article:
https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/215540-configure-verify-and-troubleshoot-firep.html#toc-hId-36994364
On the other hand, if you want to rebuild the [sftunnel.conf] If the config file is empty please reach out to TAC in advance to figure out the root cause.
If you reach out to TAC engineers they can provide you with the procedure for corrupting the sftunnel file.
> Take a backup of existing files> Paste the content of fresh new Sftunnel.conf > Change the permissions > Update and fetch data with perl > Restart the process with pmtool.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card