Re: Question about debugging Access Control Policy deployment errors

owensr_cisco · ‎04-29-2019

Hello,

We have a number of version 6.1.0.5 IPS devices and a virtual FMC at same. The devices are various types, but the one having the issue is a FirePower model 7030 device. Just recently, access control policy pushes to this device from the FMC have begun to consistently fail (the other devices getting same policy have no issue, and this one worked fine until last few days). After 45 minutes or so of deployment the error displayed in FMC is "Deployment failed due to timeout communicating with device". Looking for any ideas or the location of the relevant logs in the FMC and/or device itself, which I can check out. Thanks.

balaji.bandi · ‎04-29-2019

how is your network rechability between FMC and IPS Device? they are in same network ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

owensr_cisco · ‎04-29-2019

Hello,

The IPS is not in same network as the FMC but it has worked fine for over a year. Also on the same network as the IPS that the FMC is unable to push the policy to there is another IPS (the first's failover) that the FMC at present has no such difficulty with.

balaji.bandi · ‎04-29-2019

So this proves that something have changed recently in the network level or some reachability issue i see here ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

owensr_cisco · ‎04-29-2019

No, I think network is fine since able to deploy to other IPS on same subnet. Trying to determine where relevant logs are in FMC and IPS to determine more specifics of error