Hi - Page 2

Peter Long · ‎03-04-2016

I've got, two 5515-X firewalls (in Active/Standby) and two remote sites with ASA5506-X firewalls (connected via site to site IPSEC VPN).

I've deployed the FirePOWER Management Appliance (VMware) version 6.0.0.1 Build 26, I've updated the SFR modules in all the firewalls to 6.0.0.1 build 26, I've tried to register them with and without a NAT ID, (the management appliance is on the same LAN at the 5515-X pair).

This Is all I get

Could not establish connection with sensor. Make sure the registration keys match, that the software versions are compatible, and that the network is not blocking the connection.

They keys match I've tried with simple passwords complex passwords and 1234

The software version is the same

Comms is OK, i.e from the network the Management appliance is on, I can browse to https for all the SFR modules.

It would seen that the problem is on the Management Center but as all the licences are tied to its MAC address I don't want to blow it away and rebuild it?

Anyone have a clue?

Pete

Peter Long · ‎08-31-2016

Firesight is a Linux distribution log onto the CONSOLE

SFR is also a Linux distribution log onto the SESSION

Cisco FirePOWER – Adding a Static Route

Cisco FirePOWER SFR Module Cannot Ping

Pete

Dennis Perto · ‎09-06-2016

Hi Peter

Please do not make other people change the access permissions for any files.
Not recommended:

sudo chmod u+s /bin/ping

Instead elevate your rights like this:

sudo su -
[ENTER PASSWORD]

Then you can ping, as intended.

Ali Abbaszadeh · ‎09-06-2016

Hi

Still I have that error when I want to add firepower in firesight and firepower ip is 10.4.30.240 and firesight ip is 192.168.30.105. it means they are not at same network. I want to know they should be in same network or not??

Dennis Perto · ‎09-06-2016

It should work, if you have the routing setup correctly.

Ali Abbaszadeh · ‎09-06-2016

Okay . they can ping each other but I can not add ?? What's your opinion?

Marvin Rhoads · ‎09-06-2016

Make sure that each can reach the other on tcp/8305.

If they cannot, verify each is listening on that port.

If either is not, it's usually easiest to open a TAC case to investigate the cause of the process (sftunnel) that is responsible for the communications between sensor and management center.

You can check on the process with the instructions in this thread:

https://supportforums.cisco.com/discussion/13009051/firesight-process-status-stunnel

I have found a restart of FirePOWER Management Center can sometimes restart the sftunnel process.

Ali Abbaszadeh · ‎09-06-2016

Thanks Marvin

i checked them and both of them work with tcp\5305. but still i have that problem.

Could not establish connection with sensor. Make sure the registration keys match, that the software versions are compatible, and that the network is not blocking the connection.

ping is okay/ firepower of version is okay but they are not at same network and routing is okay .

I'm sick no one knows what's problem ?

Thanks

Marvin Rhoads · ‎09-06-2016

I'd have TAC check your sftunnel.

I don't remember the exact syntax but I had one where the registration was mis-entered on the sensor. That was causing the manager to not register.

Once the TAC was looking at in in real time we had it figured out in 10 minutes. The team who handle the FirePOWER issues are quite good.

Ali Abbaszadeh · ‎09-06-2016

i'm waiting

.

Cannot Register any SFR Modules in the FirePOWER Management Console