Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2380
Views
11
Helpful
8
Replies

Smart Registration licensing URL(s)

Go to solution
NeerajS
Level 1
Level 1

‎11-20-2018 12:43 PM - edited ‎03-12-2019 07:06 AM

Hello All,

We have a ASA 5512 running Firepower 6.2.3.6-37 software. We recently reimaged our ASA from the old ASA software to this new FTD software 6.2.3.6-37.   Our internet access is controlled by another higher dept and restricted to a few specific websites.

 

Can someone please send me a list of URL(s) required for  smart licenses Registration, VRT rules and VDB, database updates ? I can follow up with my dept to whitelist these urls . I have looked at the firepower documentation and it just says the "management interface" needs to have internet access for smart license registration etc..

I am currently using FDM to manage this ASA.

 

Thanks in advance.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎11-20-2018 07:28 PM

There are several locations. The following articles highlight some of them but I am not aware of a consolidated listing.

 

Updates:

 

https://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118791-technote-firesight-00.html

 

Security Intelligence feeds:

 

https://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/117997-technote-firesight-00.html

 

URL Filtering database:

 

https://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118852-technote-firesight-00.html#anc8

 

I'd check with your higher department and ask them to pull the logs of what's being blocked from your FMC. That's the most definitive source as it is based on current observed behavior, not a listing from possibly dated support articles.

View solution in original post

8 Replies 8

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎11-20-2018 07:28 PM

There are several locations. The following articles highlight some of them but I am not aware of a consolidated listing.

 

Updates:

 

https://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118791-technote-firesight-00.html

 

Security Intelligence feeds:

 

https://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/117997-technote-firesight-00.html

 

URL Filtering database:

 

https://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118852-technote-firesight-00.html#anc8

 

I'd check with your higher department and ask them to pull the logs of what's being blocked from your FMC. That's the most definitive source as it is based on current observed behavior, not a listing from possibly dated support articles.

Go to solution
NeerajS
Level 1
Level 1
In response to Marvin Rhoads

‎11-21-2018 07:00 AM

Thanks Marvin. That was very helpul.  I was able to register but now when i do a VRT rule update or VDB update i get an error message in my FDM Web UI saying "Peer certificate cannot be authenticated with known CA certificates"  .  

Any advice on this one ? i am about to reach out cisco tac.  

 

Thanks again

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to NeerajS

‎11-21-2018 09:11 AM

There was a recently fixed bug that affected some users in this way.

 

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm03931

 

The fix is in 6.2.3.7.

Go to solution
NeerajS
Level 1
Level 1
In response to Marvin Rhoads

‎11-21-2018 12:47 PM

Hi Marvin, Even on 6.2.37 i am still getting that error.  Upon further troubleshooting, i see my ASA running Firepower doesn't have any ciphers available .  Please see below output.  Anything that you can recommend ?

 

root@ciscoasa:~# sudo openssl s_client -connect support.sourcefire.com:443
CONNECTED(00000003)
write:errno=104

CONNECTED(00000003)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 242 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1542828379
Timeout : 300 (sec)
Verify return code: 0 (ok)

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to NeerajS

‎11-21-2018 08:08 PM

Is there a proxy server in the path between your FMC and the Internet? If so, you need to configure FMC to use it.

0 Helpful

Go to solution
Shazz
Level 1
Level 1
In response to Marvin Rhoads

‎04-13-2023 04:41 AM

Hi Marvin,

I am seeing the same issue on 7.0.1 (FTD managed via FDM). The workaround for the bug says manually update VDB/GeoDB. Is there a permanent fix for this?

Cheers.

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Shazz

‎04-13-2023 05:24 AM

The ability to download updates from cisco.com to 7.0.1 is affected by this field notice:

https://www.cisco.com/c/en/us/support/docs/field-notices/723/fn72332.html

Upgrade to 7.0.5 and it will be fixed.

Go to solution
Shazz
Level 1
Level 1
In response to Marvin Rhoads

‎04-13-2023 09:37 AM

Hi Marvin,

Thank you. Much appreciated

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card