Solved: 1. DNS is configured properly

sulaiman.agaba1 · ‎07-18-2016

We just renewed our botnet filter license, but when trying to update the dynamic filter database, we recieve an error. Any ideas???

Firewall# sho dynamic-filter updater-client
Dynamic Filter updater client is enabled
Updater server URL is https://update-manifests.ironport.com
Application name: threatcast, version: 1.0
Encrypted UDI: 0bb93985f42d941e50dc8f022350d1a86b2dd34ec6bd041c06191df7f18f936c729210ac9fe39013f58f3edcdb53a36f
Last update attempted at 14:31:31 EAT Jul 18 2016,
with result: Failed to connect to updater server
Next update is in 00:43:25
No database file

nspasov · ‎07-18-2016

Hi there, I have a couple of questions:

1. Is DNS configured on your ASA

2. Do you have another Firewall and/or router that could be filtering the connection

3. Can you post the output from "show activation-key"

Thank you for rating helpful posts!

View solution in original post

nspasov · ‎07-20-2016

Take a look at the following links and make sure that your Firewalls are configured correctly:

https://supportforums.cisco.com/document/33011/asa-botnet-configuration

http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/conns_botnet.html

I hope this helps!

Thank you for rating helpful posts!

View solution in original post

nspasov · ‎07-18-2016

Hi there, I have a couple of questions:

1. Is DNS configured on your ASA

2. Do you have another Firewall and/or router that could be filtering the connection

3. Can you post the output from "show activation-key"

Thank you for rating helpful posts!

sulaiman.agaba1 · ‎07-19-2016

Thanks so much Neno Spasov

1. DNS is configured properly

Firewall#
Firewall# ping update-manifests.ironport.com
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 208.90.58.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 280/286/290 ms
Firewall#
Firewall#

2. Do you have another Firewall and/or router that could be filtering the connection NO

3. show activation-key

Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 100 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 2 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 250 perpetual
Total VPN Peers : 250 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Enabled 107 days
Intercompany Media Engine : Disabled perpetual
Cluster : Disabled perpetual

This platform has an ASA 5510 Security Plus license.

The flash permanent activation key is the SAME as the running permanent key.

Active Timebased Activation Key:
0xc92049f4 0xe1dfaca1 0######c023 0xe34b3####3 0x09#######
Botnet Traffic Filter : Enabled 107 days

sulaiman.agaba1 · ‎07-20-2016

any ideas ??

this problem is happening on my three firewalls asa 5510 and asa 5512-x next generation firewall.

nspasov · ‎07-20-2016

Take a look at the following links and make sure that your Firewalls are configured correctly:

https://supportforums.cisco.com/document/33011/asa-botnet-configuration

http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/conns_botnet.html

I hope this helps!

Thank you for rating helpful posts!

sulaiman.agaba1 · ‎07-21-2016

thanks Neno Spasov.

i have done through all that but still not picking updates from update server

sulaiman.agaba1 · ‎07-21-2016

i have changed the ssl cyphers and it has finally worked

Botnet traffic filter