02-26-2017 02:54 PM - edited 03-10-2019 06:46 AM
Hello,
i´m testing the new Cisco Firepower Thread Defense virtual Firewall with the Firepower Management Center.
Everything seems fine, i registered the virtual FWL with the FMC and sucessfully deployed my Access Control Policy which permits all Traffic, logging to Event Viewer is enabled at Begin of the Connection.
My Problem now is, that i don`t see any Events/Connections in the Dashboard, the Client behind the Firewall has Internet Access and when i set up Blocks (Urls, Ports) this does work.
I have searched for help online, but all suggested Solutions diddn`t work for me.
Can anybody please help me out?
02-27-2017 01:01 AM
Hi
You can try to run firewall debug on FTD to know which snort rule the traffic hits.
Login to FTD CLI
>system support firewall-engine-debug
Enter the source IP of client and have it generate some traffic. Watch the output to determine which rule traffic is hitting and check if that rule has logging enabled.
If all that is correct, it could be something between FMC and FTD connectivity. Do you see any health alerts on FMC ?
Thanks
Yogesh
02-27-2017 10:39 AM
Hello,
thanks for your answer, i set up the debug command with the following parameters
here`s the command:
> system support firewall-engine-debug
Please specify an IP protocol: tcp
Please specify a client IP address: 192.168.10.1
Please specify a client port:
Please specify a server IP address: 0.0.0.0
Please specify a server port: 80
and here´s the output
http://pastebin.com/6CBCxTgy
Seems like the traffic falls into the Default Allow Rule on which is Logging enabled.
I had Some problems with ntp, health monitor displays this message:
The Time Synchronization Status 2017-02-27 21:25:30 192.168.2.252 (FTDv Device )is out-of-sync
The device has now his own NTP-Server (same as the FMC), it does not request the time from the FMC, because i´ve read that there is a bug with FMC virtual as timeserver. Now there no Health Monitoring warnings, but the problem that no data is shown in the Dashboard persists.
Thanks for your help
10-15-2017 07:26 AM
This is a real pain, I have FMC 6.2.2 with two FTD 4110 appliances. In prestage event analisys worked fine - when I went live with an identical config on the FTD and FMC devices and an identical build it completely failed to work. The only difference is the hardware the virtual FMC resides on.
This should not be acceptable from Cisco as my FTDs were installed in a very complex environment. I had to proceed with the implementation with no logging which hampered our install in respect of troubleshooting - and who foots the bill for the additional time it takes to deliver to our customer.
I am awaiting a TAC response but I am not happy as this was so unexpected when going to implementation and did not impress our customer.
Whatever happened to proper UAT Cisco?
12-18-2017 02:33 AM
I am facing the same problem with FMC 6.2
Were you able to get any clue from TAC? Please let us know.
12-20-2017 01:51 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide