Solved: Problem with Firepower FTD and Smart License registration

skrzyszkowski · ‎09-29-2025

Hello All,

I have problem with Firepower 1010 FTD ver. 7.6.2.1-3 and Smart License registration.
The device is managed locally by FDM.
I generated a token on my Smart Account and copied it to FTD Smart License Registration.
When I try to register the device I get an error: "Invalid response form licensing cloud"
Internet connection to tools.cisco.com and smartreceiver.cisco.com, DNS and NTP are correct.
What could be causing this problem?
Please help me.

balaji.bandi · ‎09-30-2025

i am sure FTD 1010 have expert mode, go to expert mode and test

# telnet tools.cisco.com 443
# curl -vvk https://tools.cisco.com

also check the logs /var/logs/

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

skrzyszkowski · ‎09-30-2025

After connecting the interface management0 the device was successfully registered.
The diagram on the main FTD dashboard showing that the Smart License server is accessed via interface outside is incorrect and misleading.
Case closed.
Thank you for your help.

View solution in original post

balaji.bandi · ‎09-29-2025

Since you are usinng outgoing interface to connect smart License and you mentioned reachable, then you need to run

show tech-support license (check what is wrong).

generally its straight forward :

https://www.youtube.com/watch?v=2Cive4_GN1M

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

skrzyszkowski · ‎09-30-2025

Yes, it's straightforward.
I do everything like in this video, but it doesn't work.

There is no command show tech-support license.
There is command show tech-support but it does not have any license information.

Cisco Firepower Extensible Operating System (FX-OS) v2.16.0 (build 4006)
Cisco Firepower 1010 Threat Defense v7.6.2.1 (build 3)

> show tech-support
<cr>

balaji.bandi · ‎09-30-2025

i am sure FTD 1010 have expert mode, go to expert mode and test

# telnet tools.cisco.com 443
# curl -vvk https://tools.cisco.com

also check the logs /var/logs/

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

skrzyszkowski · ‎09-30-2025

On FTD CLI tools.cisco.com is reachable via outside interface:

> ping tools.cisco.com
Please use 'CTRL+C' to cancel/abort...
Sending 5, 100-byte ICMP Echos to 72.163.4.38, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 150/150/150 ms

> show route

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, V - VPN
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
SI - Static InterVRF, BI - BGP InterVRF
Gateway of last resort is 192.168.18.1 to network 0.0.0.0

S* 0.0.0.0 0.0.0.0 [1/0] via 192.168.18.1, outside
C 192.168.18.0 255.255.255.0 is directly connected, outside
L 192.168.18.52 255.255.255.255 is directly connected, outside
C 192.168.118.0 255.255.255.0 is directly connected, inside
L 192.168.118.1 255.255.255.255 is directly connected, inside

The diagram on the main FTD dashboard shows that access to the Smart License server is via interface outside (see attached screenshot).

On Expert Mode tools.cisco.com is not reachable via interface management0 becouse interface management0 is down:

> expert
admin@firepower:~$ telnet tools.cisco.com 443
telnet: could not resolve tools.cisco.com/443: Temporary failure in name resolution

admin@firepower:~$ ping tools.cisco.com
ping: tools.cisco.com: Name or service not known

admin@firepower:~$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.218.1 0.0.0.0 UG 0 0 0 management0
127.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 tap0
127.128.254.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.129.1.0 0.0.0.0 255.255.255.0 U 0 0 0 ccs0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 tun1
169.254.1.0 0.0.0.0 255.255.255.248 U 0 0 0 tap_nlp
192.168.218.0 0.0.0.0 255.255.255.0 U 0 0 0 management0
203.0.113.128 0.0.0.0 255.255.255.248 U 0 0 0 tap_M0

skrzyszkowski · ‎09-30-2025

After connecting the interface management0 the device was successfully registered.
The diagram on the main FTD dashboard showing that the Smart License server is accessed via interface outside is incorrect and misleading.
Case closed.
Thank you for your help.