Solved: Link FirePower with FireSight.

woori-bank · ‎12-18-2015

We bought FirePOWER Appliance 7010.
What was done:FireSight ( Firepower Management Center) was deployed.And now we try to link FirePower with FireSight.
Both equipment pigout each other.(versions:FireSight 5.4.0 , FirePower 5.3.0.3)
I use documentation, but have some problems.
When I try to link FirePower and FireSight, I use command "configure manager add <FireSIGHT IP> <Registration Key>"
But I have error: "getPeersByRole:unabletoconnecttodbat/usr/local/sf/lib/perl/5.10.1/SF/PeerManager/Peers.pmline102."
Thank you!

Aastha Bhardwaj · ‎12-22-2015

Hi,

That looks good , though i do see the below message :

Error in requiring SF::SystemSettings:
Can't call method "prepare" on an undefined value at /usr/local/sf/lib/perl/5.1 0.1/SF/SystemSettings.pm line 338.
Compilation failed in require at (eval 944) line 1

Can you try restarting the network services and see if that helps . SSH on the Firepower , escalate the privilege to root by the command : sudo su

/etc/rc.d/init.d/network restart

That should restart the network services , and there may be slight disruption as well. once done try to check : show network and see do you still see the above error.

Moreover are you able to : telnet on port 8305 from Defense center to Firepower,

telnet <Firepower ip> 8305

If the connectivity between Firepower and defense center is fine then this should work.

Also from root on both defense center and Firepower execute the below command:

manage_procs.pl

Option 3 to restart communication between them.

Regards,

Aastha Bhardwaj

Rate if that helps!!!

View solution in original post

Aastha Bhardwaj · ‎12-18-2015

Hi,

You need to do some initial checks to see if the connectivity is fine or not :

++Try to ping from the Firepower to Firesight manager.

++Try to ssh from Firesight to Firepower on port 8305 and see if that works.

++Do a "show network" on firepower and see if the management port is 8305.

++Escalate the privilege to root on both Firepower and firesight and check :

netstat -tan |grep 8305

++Check : pmtool status |grep sftunnel , on both ends and see if the sftunnel is up and running.

Regards,

Aastha Bhardwaj

Rate if that helps!!!

woori-bank · ‎12-22-2015

Thank you! Ido what you say to me! And now I have:

FireSight:

Ping - OK!
SHH - OK!

netstat -tan |grep 8305
tcp 0 0 192.168.1.100:8305 172.1.1.100:34730 ESTABLISHED

pmtool status |grep sftunnel
sftunnel (system) - Running 3964
Command: /usr/local/sf/bin/sftunnel -d -f /etc/sf/sftunnel.conf
PID File: /var/sf/run/sftunnel.pid
Enable File: /etc/sf/sftunnel.conf
Command: /usr/local/sf/bin/sfmgr -d -f /etc/sf/sftunnel.conf
Enable File: /etc/sf/sftunnel.conf
Command: /usr/local/sf/bin/sfmbservice -d -f /etc/sf/sftunnel.conf
Enable File: /etc/sf/sftunnel.conf
estreamer-sftunnel (normal) - Running 3986
Command: /usr/local/sf/bin/sfestreamer --nodaemon --sftunnel
PID File: /var/sf/run/estreamer-sftunnel.pid

FirepOWER:
Ping - OK!
> show network
Error in requiring SF::SystemSettings:
Can't call method "prepare" on an undefined value at /usr/local/sf/lib/perl/5.1 0.1/SF/SystemSettings.pm line 338.
Compilation failed in require at (eval 944) line 1.
----------------------------------------------------
IPv4
Configuration : manual
Address : 172.1.1.100
Netmask : 255.255.255.0
Gateway : 172.1.1.1
MAC Address : 74:XX:XX:F4:E9:XX
Management port : 8305
----------------------------------------------------
IPv6
Configuration : disabled
Management port : 8305

admin@Sourcefire3D:~$ netstat -tan |grep 8305
tcp 0 0 172.1.1.100:34730 192.168.1.100:8305 ESTABLISHED

Aastha Bhardwaj · ‎12-22-2015

Hi,

That looks good , though i do see the below message :

Error in requiring SF::SystemSettings:
Can't call method "prepare" on an undefined value at /usr/local/sf/lib/perl/5.1 0.1/SF/SystemSettings.pm line 338.
Compilation failed in require at (eval 944) line 1

Can you try restarting the network services and see if that helps . SSH on the Firepower , escalate the privilege to root by the command : sudo su

/etc/rc.d/init.d/network restart

That should restart the network services , and there may be slight disruption as well. once done try to check : show network and see do you still see the above error.

Moreover are you able to : telnet on port 8305 from Defense center to Firepower,

telnet <Firepower ip> 8305

If the connectivity between Firepower and defense center is fine then this should work.

Also from root on both defense center and Firepower execute the below command:

manage_procs.pl

Option 3 to restart communication between them.

Regards,

Aastha Bhardwaj

Rate if that helps!!!

woori-bank · ‎12-23-2015

Thank you for help!!! I do what you say!But have problems!

But I check ports on both devices,and what i have:

Thank you!!!

FireSight

admin@Sourcefire3D:~$ netstat -at
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:47816 *:* LISTEN
tcp 0 0 *:32137 *:* LISTEN
tcp 0 0 *:8301 *:* LISTEN
tcp 0 0 *:sunrpc *:* LISTEN
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 *:https *:* LISTEN
tcp 0 0 Sourcefire3D.XXX:8305 sourcefire3d.xxx:34730 ESTABLISHED
tcp 0 720 Sourcefire3D.XXX.:ssh comp.XXX.:56276 ESTABLISHED
tcp 0 0 Sourcefire3D.XXX:8301 comp.XXX.:59806 ESTABLISHED
tcp 0 0 *:3306 *:* LISTEN
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 *:https *:* LISTEN

FirePower

admin@Sourcefire3D:~$ netstat -at
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:57518 *:* LISTEN
tcp 0 0 *:sunrpc *:* LISTEN
tcp 0 0 localhost:660 *:* LISTEN
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 Sourcefire3D:ssh comp.xxx.:51619 ESTABLISHED
tcp 0 0 Sourcefire3D:34730 192.168.1.100:8305 ESTABLISHED
tcp 0 0 *:ssh *:* LISTEN

ABOUT SSH:when I try to connect from one device to another use SSH,when entering the password, the system does not accept it.Try as root.

EEE!!!!!!!!!!!!!!!!! WOOOOOOOOOOOO!!!! IT IS WORK!!!!!!! FireSight see FirePower now!!! It was a long way for me!!!!!!! THANK You!

But now another problem(((

Another error "Time Synchronization Status" 172.1.1.100 is out-of-sync .

Firesight:Wed Dec 23 11:42:48 UTC 2015

FirePower: Wed Dec 23 06:41:07 UTC 2015

mr.parth1 · ‎11-01-2017

I am also facing the same issue, even while Restart communication channel also I am getting error.

admin@firepower:~$ sudo su
root@firepower:/Volume/home/admin# manage_procs.pl

**************** Configuration Utility **************

1 Reconfigure Correlator
2 Reconfigure and flush Correlator
3 Restart Comm. channel
4 Update routes
5 Reset all routes
6 Validate Network
0 Exit

**************************************************************
Enter choice: 3
Unable to connect to database: at /usr/local/sf/lib/perl/5.10.1/SF/PeerManager/PeerInfo.pm line 184.
1
**************** Configuration Utility **************

1 Reconfigure Correlator
2 Reconfigure and flush Correlator
3 Restart Comm. channel
4 Update routes
5 Reset all routes
6 Validate Network
0 Exit

**************************************************************

mr.parth1 · ‎11-01-2017

hi...

while configuring in firepower

> configure manager add 10.239.0.132 cisco123
getPeersByRole: unable to connect to db at /usr/local/sf/lib/perl/5.10.1/SF/PeerManager/Peers.pm line 180.

while Restart communication channel also I am getting error.

admin@firepower:~$ sudo su
root@firepower:/Volume/home/admin# manage_procs.pl

**************** Configuration Utility **************

1 Reconfigure Correlator
2 Reconfigure and flush Correlator
3 Restart Comm. channel
4 Update routes
5 Reset all routes
6 Validate Network
0 Exit

**************************************************************
Enter choice: 3
Unable to connect to database: at /usr/local/sf/lib/perl/5.10.1/SF/PeerManager/PeerInfo.pm line 184.
1
**************** Configuration Utility **************

1 Reconfigure Correlator
2 Reconfigure and flush Correlator
3 Restart Comm. channel
4 Update routes
5 Reset all routes
6 Validate Network
0 Exit

**************************************************************

chanzh810 · ‎04-23-2018

Hi, I got same issue as you, did you endup reimage? or that is solution?