Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
11032
Views
15
Helpful
6
Replies

Interface 'DataplaneInterface0' is not receiving any packets error in FMC

Go to solution
anousakisioannis
Level 1
Level 1

‎08-30-2019 06:23 AM - edited ‎02-21-2020 09:26 AM

Hi all,

 

I have a HA pair of ASA 5525 configured as active/standby and installed FirePower on each device.

In FMC, i get the error "Interface 'DataplaneInterface0' is not receiving any packets" for the standby device which is normal as it does not receive any packets.

I created a second Health Policy, i turned off the check for "Interface Status" and i assigned the standby device on it.

 

Unfortunately, nothing changed and now I see the below message in the newly created policy (Health_Policy_for_HA)

 

HA.PNG

 

What does it mean out-of-date ?

 

Also, when i click on the green "tick" symbol, I see the below for the standby FP.

 

HA1.PNG

 

Do you know what are these 2 exclamations marks? 

 

Finally, if you have any other approach/ideas to resolve the issue with the initial error i get are more than welcome.

 

Thank you

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎08-30-2019 07:33 PM - edited ‎08-30-2019 07:34 PM

After you create and assign the new Health Policy you have to apply it in FMC. Failure to do so will result in the "Out of Date" warning. Click the check box to the right of the policy to apply the policy and remedy that error:

 

FMC Health Policy.PNG

To see what's the issue being reported by a given policy, go into System > Health > Monitor and click the small arrow next to the error status in question. That will expand the target devices in the lower section of the screen and show you the status of each monitored object.

View solution in original post

6 Replies 6

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎08-30-2019 07:33 PM - edited ‎08-30-2019 07:34 PM

After you create and assign the new Health Policy you have to apply it in FMC. Failure to do so will result in the "Out of Date" warning. Click the check box to the right of the policy to apply the policy and remedy that error:

 

FMC Health Policy.PNG

To see what's the issue being reported by a given policy, go into System > Health > Monitor and click the small arrow next to the error status in question. That will expand the target devices in the lower section of the screen and show you the status of each monitored object.

Go to solution
anousakisioannis
Level 1
Level 1
In response to Marvin Rhoads

‎09-02-2019 12:46 AM

Hello Marvin,

 

Thank you for your reply. I had applied the changes but maybe i got a failure and i didn't notice it.

After re-apply it everything works as expected.

 

Let me ask something more. I have seen the below updates in the Updates tab

Update.PNG

I don't understand what it should be installed. Should i install all of them? 

 

Thanks

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to anousakisioannis

‎09-02-2019 03:46 AM

You can safely delete all of the VDB updates #323 and earlier as well as the Defense Center (FMC) and sensor patches 6.2.3.13 and earlier.

Then install VDB 327 and redeploy your policies.

If you haven't been installing the patches as they become available, I'd first go into the Rule Updates tab and make sure you download and install the latest (Snort) rules. Redeploy once more.

Finally install the patches - first on FMC and then on your sensors. Redeploy once more time to sync everything.

6.2.3.14 is a good release but I'd watch on cisco.com for 6.4.0.x to get a gold star. When it does, you will then have to download the 6.4 upgrade (for both FMC and your sensors) manually to your computer and then upload them to FMC. Install them (and ...redeploy!) and then the latest patches will appear for you after you select "Download updates".

Go to solution
anousakisioannis
Level 1
Level 1
In response to Marvin Rhoads

‎09-02-2019 04:06 AM

Regarding "Sourcefire 3D Defense Center S3 Patch" and "Cisco Network Sensor Patch" updates, which is the difference between them and should i install them in a specific order (1st the Sourcefire 3D ... and 2nd Cisco Network Sensor Patch) ?

 

1 final question: from sh service-policy sfr  i see that i have 500 drops. Where can i see these 500 drops in FMC ? 

 

ASA#sh service-policy sfr

 

Global policy:
Service-policy: global_policy
Class-map: FIREPOWER-Class
SFR: card status Up, mode fail-open
packet input 8044854, packet output 8044913, drop 500, reset-drop 40

 

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to anousakisioannis

‎09-02-2019 04:44 AM

Sourcefire 3D Defense Center is the old name for Firepower Management Center (FMC). When upgrading or patching , FMC upgrades should always be done first since it must always have a release equal to or greater than the managed sensors.

 

I'm not positive on how the ASA service-policy counts drops. If they are drops due to the packets not being forwarded to the sfr module then FMC would never see them. If they are drops due to a Firepower policy then you would see them in Analysis > Connection Events and then exclude Allow events by right-clicking on any Allow action. Note that FMC only stores so many events (~10,000,000 for an FMCv) so older blocks may have rolled over in the database. You can also check some of the other Event Types with Security Intelligence or Intrusion events for drops/blocks. They are the same as the ones in the Connection Events but stored in separate tables for longer retention.

Go to solution
anousakisioannis
Level 1
Level 1
In response to Marvin Rhoads

‎09-02-2019 04:56 AM

Thank you very much Marvin for all the valuable information!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card