cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
490
Views
0
Helpful
7
Replies

Management interface will not connect to the data inside interface.

michael
Level 1
Level 1

Is there a way to reset the data inside interface? After a reimage to "Cisco-ftd-fp1k.7.2.8-25.SPA" the setup wizard was bypassed (not by me) and the 1010 got configured to use "Use Unique Gateways for the Management Interface". This was an incorrect configuration, and I couldn't stop the process in time. The network is private and does not have an outside management network. It should have been setup to use DHCP on Ethernet 1/1 routed from the outside. To make a long story short the Cisco Firepower 1010 Threat Defense now receives a bogus ip address on the management interface when trying to switch from "Use Unique Gateways for the Management Interface" to "Use the Data Interfaces as the Gateway". And you lose access to the FDM along with no way to reregister and connect to cloud services. I'm pretty certain the configurations are setup correctly now. Here is the failure message received in task list.

The device was unable to connect to the Smart Licensing server. This might indic
ate a gateway problem for the management interface. Please select Evaluation Mode for now. Then, after completing setup, go to Device > System Settings > Management Interface and verify the management address and gateway configuration. There must be a path from the management IP address to the Internet to complete Smart License registration. You can then go to Device > Smart License and try registering again.
 

 Current configuration...........

Model
Cisco Firepower 1010 Threat Defense
 

Software
7.2.8.1-17

 VDB
353.0
 Intrusion Rule Update
20220511-1540

=============[ System Information ]===============

Hostname : FPR1010-NGFW-K9-00
DNS Servers : 208.67.222.222
208.67.220.220
DNS from router : enabled
Management port : 8305
IPv4 Default route
Gateway : 192.168.1.1
Netmask : 0.0.0.0


==================[ management0 ]===================Admin State : enabled
Admin Speed : 1gbps
Operation Speed : indeterminate
Link : link-down
Channels : Management & Events
Mode : Non-Autonegotiation
MDI/MDIX : Auto/MDIX
MTU : 1500
MAC Address : 8X:XX:5X:XX:78:XX
----------------------[ IPv4 ]----------------------
Configuration : Manual
Address : 192.168.1.2
Netmask : 255.255.255.0
Gateway : 192.168.1.1
----------------------[ IPv6 ]----------------------
Configuration : Disabled

===============[ Proxy Information ]================
State : Disabled
Authentication : Disabled

 

 Ethernet1/1  Ethernet1/2  Ethernet1/3  Ethernet1/4  Ethernet1/5  Ethernet1/6  Ethernet1/7  Ethernet1/8  Management1/1

 

outside
 
Routed
208.7.228.85 DHCP
 
Enabled
  
 
 
Switch Port
 
 
 
  
 
 
Switch Port
 
 
 
  
 
 
Switch Port
 
 
 
  
 
 
Switch Port
 
 
 
  
 
 
Switch Port
 
 
 
  
 
 
Switch Port
 
 
 
  
 
 
Switch Port
 
 
 
  
diagnostic
 
Routed
 
 
Enabled
4 Accepted Solutions

Accepted Solutions

michael
Level 1
Level 1

michael
Level 1
Level 1

It would seem like the patch release fixed it. 

View solution in original post

7 Replies 7

balaji.bandi
Hall of Fame
Hall of Fame
Is there a way to reset the data inside interface having a communication connection problem with the management interface using FDM for a Cisco FPR1010?

not sure we got this, can you more elaborate this question to address correctly ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

After a reimage to "Cisco-ftd-fp1k.7.2.8-25.SPA" the setup wizard was bypassed (not by me) and the 1010 got configured to use "Use Unique Gateways for the Management Interface". This was an incorrect configuration, and I couldn't stop the process in time. The network is private and does not have an outside management network. It should have been setup to use DHCP on Ethernet 1/1 routed from the outside. To make a long story short the Cisco Firepower 1010 Threat Defense now receives a bogus ip address on the management interface when trying to switch from "Use Unique Gateways for the Management Interface" to "Use the Data Interfaces as the Gateway". And you lose access to the FDM along with no way to reregister and connect to cloud services. I'm pretty certain the configurations are setup correctly now. Here is the failure message received in task list.

The device was unable to connect to the Smart Licensing server. This might indicate a gateway problem for the management interface. Please select Evaluation Mode for now. Then, after completing setup, go to Device > System Settings > Management Interface and verify the management address and gateway configuration. There must be a path from the management IP address to the Internet to complete Smart License registration. You can then go to Device > Smart License and try registering again.
 

 Current configuration...........

Model
Cisco Firepower 1010 Threat Defense
 

Software
7.2.8.1-17

 VDB
353.0
 Intrusion Rule Update
20220511-1540

=============[ System Information ]===============
Hostname : FPR1010-NGFW-K9-00
DNS Servers : 208.67.222.222
208.67.220.220
DNS from router : enabled
Management port : 8305
IPv4 Default route
Gateway : 192.168.1.1
Netmask : 0.0.0.0


==================[ management0 ]===================


Admin State : enabled
Admin Speed : 1gbps
Operation Speed : indeterminate
Link : link-down
Channels : Management & Events
Mode : Non-Autonegotiation
MDI/MDIX : Auto/MDIX
MTU : 1500
MAC Address : 88:XX:5D:XX:78:XX
----------------------[ IPv4 ]----------------------
Configuration : Manual
Address : 192.168.1.2
Netmask : 255.255.255.0
Gateway : 192.168.1.1
----------------------[ IPv6 ]----------------------
Configuration : Disabled

===============[ Proxy Information ]================
State : Disabled
Authentication : Disabled

 

 

 Ethernet1/1  Ethernet1/2  Ethernet1/3  Ethernet1/4  Ethernet1/5  Ethernet1/6  Ethernet1/7  Ethernet1/8  Management1/1

outside
 
Routed
208.7.228.85 DHCP
 
Enabled
  
 
 
Switch Port
 
 
 
  
 
 
Switch Port
 
 
 
  
 
 
Switch Port
 
 
 
  
 
 
Switch Port
 
 
 
  
 
 
Switch Port
 
 
 
  
 
 
Switch Port
 
 
 
  
 
 
Switch Port
 
 
 
  
diagnostic
 
Routed
 
 
Enabled

 

Hi balaji.bandi, I have been doing some thinking. Maybe you can check my thoughts? In the FDM In order to switch from "Use Unique Gateways for the Management Interface". to "Use the Data Interfaces as the Gateway without returning a bad address". Would the Management Web Server Certificate need to be changed from DefaultWebserverCertificate to the DefaultInternalCertificate in Management Access to correlate with the "Data Interfaces as the Gateway"? And does management0 IPv4 Gateway address remain as 192.168.1.2 as in the show network I uploaded? Thank you for any help. Michael : )

michael
Level 1
Level 1

no reply

No Reply

No Reply

michael
Level 1
Level 1

It would seem like the patch release fixed it. 

Review Cisco Networking for a $25 gift card