cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
8301
Views
5
Helpful
6
Replies

Unable to register FTD to FMC

songwh911
Level 1
Level 1

I'm having trouble adding FTD to FMC. Originally I was managing FTD locally with FDM, but lack of features got me moving to FMC. 

I ssh'd to FTD, and issues the command configure manager add <FMC IP> <Reg Key> and now it says 'pending'

I went on to FMC and added my FTD device with IP address and same reg key but it times out with error message "could not establish a connection with sensor. Make sure the registration keys match, that the software versions are compatible, and that the network is not blocking the connection".

I know reg keys are the same, there is no block in the firewall (can ping each other) and versions are compatible; FMC 6.2.0, FTD 6.2.0

I'm using one of the inside interfaces on the FTD to register, and management port is empty at the moment. There is no NAT device in-between, so not sure what I'm doing wrong. Does anyone have any idea what might be the cause?

Thanks in advance!

1 Accepted Solution

Accepted Solutions

Marvin Rhoads
Hall of Fame
Hall of Fame

You must configure and use the management interface on your FTD sensor to register to the FMC.

View solution in original post

6 Replies 6

Marvin Rhoads
Hall of Fame
Hall of Fame

You must configure and use the management interface on your FTD sensor to register to the FMC.

Thanks for the quick reply Marvin. so, I guess that was the reason..

To assign an IP on management port, should I just do it through FDM on Management1/1 (diagnostic) interface? I saw somewhere in the guide that says don't configure diagnostic interface.

You're welcome.

Physically it's the management interface. Logically it's the one known as "br1" for FTD cli shell (clish).

A very detailed explanation can be found here:

https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/200868-Configuring-Firepower-Threat-Defense-FT.html

I'm still not sure what I should do in my scenario. I have 2 interfaces facing towards FMC server. 

One is p2p interface which forwards all traffic to the other 'site', and the other is br1(management) interface that I just added in the same subnet.(diagram attached)

For br1 to communicate to FMC in the other subnet, should I create a static route from br1 interface to FMC server? (eg. configure network static-routes ipv4 add br1 10.5.225.75 255.255.255.255 192.168.100.1)

Nvm.  called TAC and figured it out.

 Basically, br1 interface didn't have a static route to FMC.

abdul ilyas
Level 1
Level 1

You can run configure-network command from expert mode to configure management IP-address and gateway.
> expert
> sudo su
password:
#configure-network

Review Cisco Networking for a $25 gift card