Re: Not able to access FMC console

umeshunited · ‎12-24-2019

I am not able to login to FMC GUI. It is showing "System processes are starting, please wait."

The screenshot is attached.

What could stop the process?

nspasov · ‎12-24-2019

Hi there! A couple of questions:

What version of the software and patch level are you running?
Are you able to access the CLI?

Thank you for rating helpful posts!

umeshunited · ‎12-24-2019

I am on 6.1.0.1 patch 6.

I do have access to cli.

umeshunited · ‎12-28-2019

The restarting of the box did the trick for me. The other day I was reading community forum to see If anyone faced this kind of issue earlier. There I saw they checked " pmtool status | grep -i gui ". To see if any process is stuck or not?

Unfortunately, I already reloaded so nothing to check here. But now I see that output is as

root@firepower:/# pmtool status | grep -i gui
mysqld (system,gui,mysql) - Running 7958
httpsd (system,gui) - Running 7961
sybase_arbiter (system,gui) - Waiting
vmsDbEngine (system,gui) - Running 7962
ESS (system,gui) - Running 7990
DCCSM (system,gui) - Running 8535
Tomcat (system,gui) - Running 8615
VmsBackendServer (system,gui) - Running 8616
mojo_server (system,gui) - Running 8041

Also I came across a command that restart FMC console services. " /etc/rc.d/init.d/console restart".

Is the above-mentioned command enough to start all (disabled/stuck) services?

Marvin Rhoads · ‎12-30-2019

Yes the console restart script will restart all necessary processes associated with the Firepower Management Center server application.

Casey Roettger · ‎09-02-2021

In one sense this is true, but if you rely heavily on AD integration and passive authentication a FMC outage can becomes a serious problem. Your AD agents or ISE is relaying all your user to IP mapping through the FMC back to the individual firewalls.

efghifari · ‎11-25-2020

if I do /etc/rc.d/init.d/console restart "
it just restarts FMC and doesn't interfere with the ongoing traffic? or how ?

Marvin Rhoads · ‎11-26-2020

Restarting FMC does not interrupt traffic flow through managed devices.

In some small percentage of cases it may result in URL lookups not being successful (where there is a URL filtering policy and the target URL is not already cached and categorized on the managed device).

Aref Alsouqi · ‎11-29-2020

Another thing that can be affected would be the user-to-IP mapping. During the FMC restart, any new mapping could not be created, and that would cause the old mapping to be used instead which would allow limited users to have full access, or vice-versa, depending on the last connected user from that IP.

alintadimitri · ‎09-03-2021

Firewall Management Center (FMC) provides extensive intelligence about the users, applications, devices, threats, and vulnerabilities that exist in your network. It unifies all these capabilities in a single management interface.

Chekol Retta · ‎10-01-2021

My problem is a little different. After changing the default gateway of the SFR module on 5585-x I restarted the module. The module is not keeping the change. What is the proper command to change the default gateway of the module? It let me delete and add the default gateway with the generic Linux command.

Marvin Rhoads · ‎10-01-2021

You should use the "configure network" subcommands on a Firepower service module vs. the Linux shell commands.

Chekol Retta · ‎10-04-2021

Marvin. Thanks you, My issue is now resolved. I was getting an error each time I attempt to modify the default GW with the "config network" command. I had to delete IP, subnet and default GW from the NIC. I was then able to add them back with the new default GW.