09-27-2024 10:41 AM - edited 09-27-2024 04:34 PM
Is there a way to reset the data inside interface? After a reimage to "Cisco-ftd-fp1k.7.2.8-25.SPA" the setup wizard was bypassed (not by me) and the 1010 got configured to use "Use Unique Gateways for the Management Interface". This was an incorrect configuration, and I couldn't stop the process in time. The network is private and does not have an outside management network. It should have been setup to use DHCP on Ethernet 1/1 routed from the outside. To make a long story short the Cisco Firepower 1010 Threat Defense now receives a bogus ip address on the management interface when trying to switch from "Use Unique Gateways for the Management Interface" to "Use the Data Interfaces as the Gateway". And you lose access to the FDM along with no way to reregister and connect to cloud services. I'm pretty certain the configurations are setup correctly now. Here is the failure message received in task list.
The device was unable to connect to the Smart Licensing server. This might indic ate a gateway problem for the management interface. Please select Evaluation Mode for now. Then, after completing setup, go to Device > System Settings > Management Interface and verify the management address and gateway configuration. There must be a path from the management IP address to the Internet to complete Smart License registration. You can then go to Device > Smart License and try registering again. |
Current configuration...........
Model
Cisco Firepower 1010 Threat Defense
VDB
353.0 Intrusion Rule Update
20220511-1540
=============[ System Information ]===============
Hostname : FPR1010-NGFW-K9-00
DNS Servers : 208.67.222.222
208.67.220.220
DNS from router : enabled
Management port : 8305
IPv4 Default route
Gateway : 192.168.1.1
Netmask : 0.0.0.0
==================[ management0 ]===================Admin State : enabled
Admin Speed : 1gbps
Operation Speed : indeterminate
Link : link-down
Channels : Management & Events
Mode : Non-Autonegotiation
MDI/MDIX : Auto/MDIX
MTU : 1500
MAC Address : 8X:XX:5X:XX:78:XX
----------------------[ IPv4 ]----------------------
Configuration : Manual
Address : 192.168.1.2
Netmask : 255.255.255.0
Gateway : 192.168.1.1
----------------------[ IPv6 ]----------------------
Configuration : Disabled
===============[ Proxy Information ]================
State : Disabled
Authentication : Disabled
Ethernet1/1 Ethernet1/2 Ethernet1/3 Ethernet1/4 Ethernet1/5 Ethernet1/6 Ethernet1/7 Ethernet1/8 Management1/1
outside | Routed | 208.7.228.85 DHCP | Enabled | ||||
Switch Port | |||||||
Switch Port | |||||||
Switch Port | |||||||
Switch Port | |||||||
Switch Port | |||||||
Switch Port | |||||||
Switch Port | |||||||
diagnostic | Routed | Enabled |
Solved! Go to Solution.
09-27-2024 11:54 AM - edited 09-27-2024 02:06 PM
no reply
09-27-2024 12:00 PM - edited 09-27-2024 02:07 PM
No Reply
09-27-2024 12:01 PM - edited 09-27-2024 02:34 PM
No Reply
09-30-2024 06:05 AM
It would seem like the patch release fixed it.
09-27-2024 11:06 AM
Is there a way to reset the data inside interface having a communication connection problem with the management interface using FDM for a Cisco FPR1010?
not sure we got this, can you more elaborate this question to address correctly ?
09-27-2024 02:34 PM - edited 09-27-2024 04:33 PM
After a reimage to "Cisco-ftd-fp1k.7.2.8-25.SPA" the setup wizard was bypassed (not by me) and the 1010 got configured to use "Use Unique Gateways for the Management Interface". This was an incorrect configuration, and I couldn't stop the process in time. The network is private and does not have an outside management network. It should have been setup to use DHCP on Ethernet 1/1 routed from the outside. To make a long story short the Cisco Firepower 1010 Threat Defense now receives a bogus ip address on the management interface when trying to switch from "Use Unique Gateways for the Management Interface" to "Use the Data Interfaces as the Gateway". And you lose access to the FDM along with no way to reregister and connect to cloud services. I'm pretty certain the configurations are setup correctly now. Here is the failure message received in task list.
The device was unable to connect to the Smart Licensing server. This might indicate a gateway problem for the management interface. Please select Evaluation Mode for now. Then, after completing setup, go to Device > System Settings > Management Interface and verify the management address and gateway configuration. There must be a path from the management IP address to the Internet to complete Smart License registration. You can then go to Device > Smart License and try registering again. |
Current configuration...........
Model
Cisco Firepower 1010 Threat Defense
VDB
353.0 Intrusion Rule Update
20220511-1540
=============[ System Information ]===============
Hostname : FPR1010-NGFW-K9-00
DNS Servers : 208.67.222.222
208.67.220.220
DNS from router : enabled
Management port : 8305
IPv4 Default route
Gateway : 192.168.1.1
Netmask : 0.0.0.0
==================[ management0 ]===================
Admin State : enabled
Admin Speed : 1gbps
Operation Speed : indeterminate
Link : link-down
Channels : Management & Events
Mode : Non-Autonegotiation
MDI/MDIX : Auto/MDIX
MTU : 1500
MAC Address : 88:XX:5D:XX:78:XX
----------------------[ IPv4 ]----------------------
Configuration : Manual
Address : 192.168.1.2
Netmask : 255.255.255.0
Gateway : 192.168.1.1
----------------------[ IPv6 ]----------------------
Configuration : Disabled
===============[ Proxy Information ]================
State : Disabled
Authentication : Disabled
Ethernet1/1 Ethernet1/2 Ethernet1/3 Ethernet1/4 Ethernet1/5 Ethernet1/6 Ethernet1/7 Ethernet1/8 Management1/1
outside | Routed | 208.7.228.85 DHCP | Enabled | ||||
Switch Port | |||||||
Switch Port | |||||||
Switch Port | |||||||
Switch Port | |||||||
Switch Port | |||||||
Switch Port | |||||||
Switch Port | |||||||
diagnostic | Routed | Enabled |
09-27-2024 06:05 PM - edited 09-27-2024 06:09 PM
Hi balaji.bandi, I have been doing some thinking. Maybe you can check my thoughts? In the FDM In order to switch from "Use Unique Gateways for the Management Interface". to "Use the Data Interfaces as the Gateway without returning a bad address". Would the Management Web Server Certificate need to be changed from DefaultWebserverCertificate to the DefaultInternalCertificate in Management Access to correlate with the "Data Interfaces as the Gateway"? And does management0 IPv4 Gateway address remain as 192.168.1.2 as in the show network I uploaded? Thank you for any help. Michael : )
09-27-2024 11:54 AM - edited 09-27-2024 02:06 PM
no reply
09-27-2024 12:00 PM - edited 09-27-2024 02:07 PM
No Reply
09-27-2024 12:01 PM - edited 09-27-2024 02:34 PM
No Reply
09-30-2024 06:05 AM
It would seem like the patch release fixed it.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide