cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6563
Views
15
Helpful
8
Replies

Ping hostname failed in Firepower Module

Kurt Lei
Level 1
Level 1

Dear All,

I have perform Schedule Rule Updates in FMC but I can't update now. I found I can't ping or traceroute the hostname. I can nslookup the domain but can't ping. Is there any setting missing now ? Thanks All.

System Support> ping www.yahoo.com
ping: unknown host www.yahoo.com

System Support> nslookup www.yahoo.com
Server: 10.0.232.20
Address: 10.0.232.20#53

Non-authoritative answer:
www.yahoo.com canonical name = fd-fp3.wg1.b.yahoo.com.
Name: fd-fp3.wg1.b.yahoo.com
Address: 116.214.12.74

Kurt

1 Accepted Solution

Accepted Solutions

On the FMC console, see whether you have the correct nameservers. For this, run:

cat /etc/resolv.conf

You should have an least one entry, like:

nameserver your_dns_server_ip

View solution in original post

8 Replies 8

Marvin Rhoads
Hall of Fame
Hall of Fame

That prompt looks like if might be from an FTD sensor's clish interface.

The FMC command line should look more a straight Linux bash shell.

Sorry Marvin. I mixed up FMC and firepower module. My problem is FirePower Module.

Actually, I can't in Linux mode and system support mode. I confirmed I have configured correct DNS and nslookup works fine. Really can't figure out what's the actual problem.

admin@firepower:~$ ping www.yahoo.com
ping: unknown host www.yahoo.com

System Support> ping www.yahoo.com
ping: unknown host www.yahoo.com
System Support>

Are you running an FTD image? If so, try using "ping system <hostname>". 

On the FMC console, see whether you have the correct nameservers. For this, run:

cat /etc/resolv.conf

You should have an least one entry, like:

nameserver your_dns_server_ip

Kurt Lei
Level 1
Level 1

Finally, the problem solved by "Waiting". It is strange that the ping works after days.

I thought I got sthg wrong but I try in another Firepower module is the same symptom. I configured same DNS server but didn't work at that moment. However, it works suddenly on the next day. 

Kurt,

I asked about the correct nameserver as there's a Linux behavior that you encountered.

First you started with no nameservers or nameservers that didn't answer for your requests.

Then, you added the correct nameservers. However, there's a Linux process which helps glibc and caches the requests. This process is nscd (name service caching daemon).

Even if you add the correct nameservers, negative caches are still in memory and they are returned to the glibc uses those values.

The best thing to do, when you change the nameservers is to, in case of the Firepower gear and the issue occurs, restart the nscd daemon with:

/etc/rc.d/init.d/nscd restart

thanks a lot, it works.

Thanks Kurt

 

I added the nameservers in FMC but I still couldnt ping the hostname. After I followed your advice and restarted the DNS services it worked for me like magic 

/etc/rc.d/init.d/nscd restart

 Thanks Again

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: