cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
13919
Views
30
Helpful
12
Replies

Not able to access FMC console

umeshunited
Level 1
Level 1

I am not able to login to FMC GUI. It is showing "System processes are starting, please wait."

The screenshot is attached.

What could stop the process? 

 

 

12 Replies 12

nspasov
Cisco Employee
Cisco Employee

Hi there! A couple of questions:

  • What version of the software and patch level are you running?
  • Are you able to access the CLI?

Thank you for rating helpful posts!

I am on 6.1.0.1 patch 6.

I do have access to cli.

The restarting of the box did the trick for me. The other day I was reading community forum to see If anyone faced this kind of issue earlier. There I saw they checked " pmtool status | grep -i gui ". To see if any process is stuck or not?

Unfortunately, I already reloaded so nothing to check here. But now I see that output is as 

root@firepower:/# pmtool status | grep -i gui
mysqld (system,gui,mysql) - Running 7958
httpsd (system,gui) - Running 7961
sybase_arbiter (system,gui) - Waiting
vmsDbEngine (system,gui) - Running 7962
ESS (system,gui) - Running 7990
DCCSM (system,gui) - Running 8535
Tomcat (system,gui) - Running 8615
VmsBackendServer (system,gui) - Running 8616
mojo_server (system,gui) - Running 8041

Also I came across a command that restart FMC console services. " /etc/rc.d/init.d/console restart".

Is the above-mentioned command enough to start all (disabled/stuck) services?

Yes the console restart script will restart all necessary processes associated with the Firepower Management Center server application.

In one sense this is true, but if you rely heavily on AD integration and passive authentication a FMC outage can becomes a serious problem.  Your AD agents or ISE is relaying all your user to IP mapping through the FMC back to the individual firewalls.

efghifari
Level 1
Level 1

if I do /etc/rc.d/init.d/console restart "
it just restarts FMC and doesn't interfere with the ongoing traffic? or how ?

Marvin Rhoads
Hall of Fame
Hall of Fame

Restarting FMC does not interrupt traffic flow through managed devices.

In some small percentage of cases it may result in URL lookups not being successful (where there is a URL filtering policy and the target URL is not already cached and categorized on the managed device).

Another thing that can be affected would be the user-to-IP mapping. During the FMC restart, any new mapping could not be created, and that would cause the old mapping to be used instead which would allow limited users to have full access, or vice-versa, depending on the last connected user from that IP.

alintadimitri
Level 1
Level 1

Firewall Management Center (FMC) provides extensive intelligence about the users, applications, devices, threats, and vulnerabilities that exist in your network. It unifies all these capabilities in a single management interface.

Chekol Retta
Level 1
Level 1

My problem is a little different. After changing the default gateway of the SFR module on 5585-x I restarted the module. The module is not keeping the change. What is the proper command to change the default gateway of the module? It let me delete and add the default gateway with the generic Linux command. 

You should use the "configure network" subcommands on a Firepower service module vs. the Linux shell commands.

Marvin. Thanks you, My issue is now resolved. I was getting an error each time I attempt to modify the default GW with the "config network" command. I had to delete IP, subnet and default GW from the NIC. I was then able to add them back with the new default GW.   

Review Cisco Networking for a $25 gift card