SourceFire communication failure

denilson.mota · ‎01-08-2018

Hi all,

I configured the Sourcefire Management Center in VMWare, from my local machine I can ping to FMC and SFR module, but both FMC and SFR can't communicate each other so i can't able to insert the device into the FMC.

Anyone has same problem or no how to solve this, I tried to add a static route on both but nothing, now I have all in the same network but still not communicate, only from my local PC i can reach.

Thank you,

er.shivamdubey31190 · ‎01-08-2018

Hi Denilson,

Hope you are doing good.

Please let me know whether you are using the the VMWARE workstation or Esxi.

Esxi is recommended , it causes issue with VMware workstation.

Secondly Please reboot the module and try. Before rebooting please ensure Module is in "fail-open" mode. Many a times certain services on Module are not started correctly so after restart it fix the issue.

If it does not resolve the issue please keep me posted with update.

Please mark this post as post as helpful and accept it as solution if it resolves your concern.

BR

shivdube

EX-CISCO TAC Engg

denilson.mota · ‎01-08-2018

Hi,

Thank you for replying, I am using VMWare Workstation and i did all this but problem persist.

From Sourcefire CLI I only ping the VM NIC card IP even default gateway I can't ping.

From SFR CLI I able to ping all except Sourcefire IP.

Thank you once again

Marvin Rhoads · ‎01-08-2018

Are your FMC and workstation both on the same ESXi host? If so, there may be a problem with the vSwitch setup in ESXi.

When you try to ping the default gateway from FMC, do you see any arp cache entry created for it?

denilson.mota · ‎01-08-2018

Hi Marvin,

Im not using ESXi, I am using VMWare Workstation 12, I configured both Sourcefire, VM NIC and SFR on the same subnet.

No, when I ping default gateway I can't see entry entry.

root@Sourcefire3D:/# ping 10.0.1.1
PING 10.0.1.1 (10.0.1.1) 56(84) bytes of data.
From 10.0.1.3 icmp_seq=2 Destination Host Unreachable
From 10.0.1.3 icmp_seq=3 Destination Host Unreachable
From 10.0.1.3 icmp_seq=4 Destination Host Unreachable

Marvin Rhoads · ‎01-08-2018

The FMC quick start guide notes that "VMware Workstation, Player, Server, and Fusion do not recognize OVF packaging and are not supported."

https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/vmware/fmcv/FMCv-quick/intro-virtual.html

shivdube also mentioned in his reply that VMware workstation causes problems.

denilson.mota · ‎01-09-2018

Hi Marvin,

Thanks to your input but now I able to communicate via VMware Workstation Player 12, the same I have used earlier with no success. The problem is the VM doesn't have all the necessary tools to bring all the network capabilities, after I install all the VM update tools and start again the FMC them start to communicate with all my network include the Firepower IP.

Thanks once again,

Cheers

er.shivamdubey31190 · ‎01-09-2018

Hi Denilson,

I suggest you to try with Esxi and let us know if you face any issues, We would be glad to assist.

Br

Shivdube

denilson.mota · ‎01-09-2018

Hi Shiv,

Thanks to your input but now I able to communicate via VMware Workstation Player 12, the same I have used earlier with no success. The problem is the VM doesen't have all the necessary tools to bring all the network capabilities, after I instal all the VM update tools and start again the FMC them start to communicate with all my network include the Firepower IP.

Thanks once again,

Cheers