Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
418
Views
0
Helpful
1
Replies

Troubleshooting FMC Connection Issue for Log Pulling to Sentinel

zrahim
Level 1
Level 1

‎10-29-2024 07:36 AM

Hi all,

I’m working on integrating Cisco Firepower Management Center (FMC) with Microsoft Sentinel. We’ve set up a VM to pull logs from FMC and send them to Sentinel, but we're hitting a connection error that says:

  1. The server is shutting down.

  2. There has been a client authentication failure (please check that your outbound IP address matches that associated with your certificate - note that if your device is subject to NAT then the certificate IP must match the upstream NAT IP).

  3. There is a problem with the server. If you are running FMC v6.0, you may need to install 'Sourcefire 3D Defense Center S3 Hotfix AZ 6.1.0.3-1'."

Our setup has an Azure firewall with NAT, and we suspect this error could be related to IP address mismatches between the public IP of the VM and the NAT IP as it reaches FMC.

Does anyone know how to confirm whether FMC is seeing requests from the VM’s public IP or the NAT-translated firewall IP? Any tips on specific logs or commands on FMC to check this would be incredibly helpful.

Thanks in advance for any advice or pointers!

0 Helpful
1 Reply 1

ahollifield
VIP
VIP

‎10-30-2024 04:08 AM

Not really sure what you are asking here?  What server is shutting down?  Does Sentinel not just use syslogs?  Are you running FMC 6.0?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card