Solved: Re: Cisco FTDv -- How configure NTP via CLI

lizuo.yue1 · ‎10-06-2022

Hi Team:

I am lab with FMC & FTD, I have FTDv installed in Esxi and chosed to use FMC, and also configured manager with registration key

but when I tried to add the FTD on FMC and failed, recommand error could be the time not syching with the same NTP server

I have FMC configured with our NTP server, but unable to configure the NTP server on FTDv via CLI

and because I chosed to use FMC on FTDv and Gui access is unavailable

did a bit search but unable to find any answer, could anyone please share how to configure NTP server on FTDv via CLI?

lizuo.yue1 · ‎10-10-2022

Hi

I got it fixed, the problem was my FTDv version is newer than FMC

Thank you for your reply

View solution in original post

lizuo.yue1 · ‎10-10-2022

Hi

I got it fixed, the problem was my FTDv version is newer than FMC, and after I upgrade the version of my FMC and FTD could registered now

Thank you for your reply

View solution in original post

balaji.bandi · ‎10-08-2022

If you installed both FMC and FTD, is the FTD registered with FMC with registration?

If the FTD register on FMC, you can change the NTP in Platform settings.

check adding FTD to FMC :

https://www.balajibandi.com/?p=310

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

lizuo.yue1 · ‎10-09-2022

Hi

I am having difficulty to register FTDv to FMC, they are under different subnets

1. I run ping test from CLI on both FTDv and FMC, ping to each others are fine

2. registration key and manager add configure are confirmed working

I am not sure what is the problem now

balaji.bandi · ‎10-10-2022

Different subnet is ok,. still they can regiter. please confirm do you have any other FW or ACL in the parth ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

lizuo.yue1 · ‎10-10-2022

Hi

I got it fixed, the problem was my FTDv version is newer than FMC

Thank you for your reply

Aref Alsouqi · ‎10-09-2022

Are both the FMC and the FTD on the same hyperv? if so, I would check the "Synchronize Time with Host" option on the FTD VM. Try to set the same setting as the FMC, if the time sync is disabled on the FMC try to turn it off on the FTD as well, and if it is enabled try to turn it on please. In VMware world you can find that option in the "VM Options > VMware Tools" section.

lizuo.yue1 · ‎10-09-2022

Hi, FMC and FTDv are host on the same vCentre, but different subnet for management Interface

Time Sync with Host is ticked under the VM Options

tvotna · ‎10-09-2022

Or you can enable backdoor access to FTD "conf t" mode and configure "ntp server <ip>" there:

https://www.ipmechanic.net/2022/01/a-backdoor-access-to-cisco-ftd-lina.html

Aref Alsouqi · ‎10-10-2022

Could you please share the screenshot of the error you get? The ports that will be used to exchange data between the FTD and FMC is 8305/tcp. That port should be opened on any firewall in the between the FTD and FMC.

lizuo.yue1 · ‎10-10-2022

Hi

I got it fixed, the problem was my FTDv version is newer than FMC, and after I upgrade the version of my FMC and FTD could registered now

Thank you for your reply

Aref Alsouqi · ‎10-11-2022

It is really interesting that the FTD was not returning a clearer error message referring to the version mismatch. Every day I learn something new, thanks for sharing.

glsparks · ‎02-06-2024

So the question is via the CLI.

No one seems to have actually answered this question. How do you set the NTP servers via the CLI on a FTD.????

Marvin Rhoads · ‎02-06-2024

You cannot do this from FTD cli shell (clish). If your FTD is running on a 4100/4200/4300 you configure the NTP server in FXOS (or the Chasis Manager GUI) and it will propagate to the firewall instance. For all other FTD models and management types (on-prem FMC, cdFMC, FDM) you must use the manager to configure NTP server(s).