Solved: Using ASDM to update Firepower Rules | ASA 5506-x

errMsg · ‎04-28-2020

On my 5506-x I manage firepower with the ASDM. Im trying to update the rules because they have never been updated. when i navigate to Configuration>ASA firepower Configuration>Updates and click Download Updates it says "Download updates failed: Unable to connect to update server". I have the firepower management port cabled to a switch that has an internet connection, checked the DNS server and tried adding NAT to the interface but it still wont connect. Can anyone point me in the right direction?

Marvin Rhoads · ‎04-29-2020

So internet is confirmed reachable and the configured resolver isn't resolving an FQDN into an IP address.

Check the configured resolver and change/fix it as necessary. Instructions in the article I linked earlier.

View solution in original post

Francesco Molino · ‎04-28-2020

Hi
What version do you run?
When you checked dns, you checked the file /etc/resolv.conf?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

errMsg · ‎04-28-2020

Firepower 6.2.2

Here is the results from my resolv.conf

admin@firepower:~$ cat /etc/resolv.conf
# automatically generated by /etc/sysconfig/configure-network ; do not edit
# Mon Apr 27 22:07:32 UTC 2020
search example.net
nameserver 208.67.222.123
nameserver 208.67.220.123

Marvin Rhoads · ‎04-28-2020

Is there any proxy server in your network?

From the module cli are you able to ping a public address using its name (e.g., "ping www.cisco.com")?

errMsg · ‎04-29-2020

I dont have a proxy

admin@firepower:~$ ping cisco.com
ping: unknown host cisco.com

admin@firepower:~$ ping 8.8.8.8
ping: icmp open socket: Operation not permitted

Marvin Rhoads · ‎04-29-2020

It appears there's not a valid name server (DNS) configured.

See this article for details on updating it:

https://www.petenetlive.com/KB/Article/0001173

The ping command requires you to switch to root superuser first:

sudo su -

errMsg · ‎04-29-2020

Sudo doesent return anything either...

admin@firepower:~$ sudo ping cisco.com
ping: unknown host cisco.com
admin@firepower:~$ sudo pint 8.8.8.8
sudo: pint: command not found
admin@firepower:~$ sudo ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
30326

30326 30326

Marvin Rhoads · ‎04-29-2020

So internet is confirmed reachable and the configured resolver isn't resolving an FQDN into an IP address.

Check the configured resolver and change/fix it as necessary. Instructions in the article I linked earlier.

errMsg · ‎04-29-2020

Thanks for the link Marvin. Turns out that restarting the service allowed Firepower to connect.

sudo /etc/rc.d/init.d/nscd restart

I did change the dns but it was restarting the nscd that got me in.

Thanks for pointing me in the right direction!

Marvin Rhoads · ‎04-29-2020

You're welcome. Thanks for letting us know it's resolved.