Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
995
Views
0
Helpful
6
Replies

Firepower management center compatibility

Mohammed De
Level 1
Level 1

‎10-18-2017 06:05 PM - edited ‎02-21-2020 06:32 AM

Hello

 

I just would like to know if there is a compatibility between my firepower management center and my ASA with FirePOWER device, because currently I cannot add the device to the FMC, and there is an error coming up saying " error in communication or the versions are not compatible"

 

ASA 9.6(1)

ASDM 7.6(1)

FirePOWER module 5.4.1.10

Firepower management center 6.1.0

 

Thanks

Labels:
0 Helpful
6 Replies 6

Marvin Rhoads
Hall of Fame
Hall of Fame

‎10-18-2017 10:22 PM

FMC 6.1 should be able to manage your Firepower module with 5.4.1.10. If the module was previously locally managed (with ASDM) you need to change it from the cli there with the "configure managers add.." command.

 

FMC 6.2 and later can only manage sensors (Classic Firepower, ASA with Firepower service module or anything with FTD) that are at 6.1.

 

Please refer to the release notes for confirmation, e.g:

 

https://www.cisco.com/c/en/us/td/docs/security/firepower/610/relnotes/Firepower_System_Release_Notes_Version_610.html#pgfId-127803

 

0 Helpful

Mohammed De
Level 1
Level 1
In response to Marvin Rhoads

‎10-19-2017 04:38 AM

Thank you Marvin for your response.

 

Actually, I did that, but unfortunately, still not working.

 

I added the FMC IP to the session sfr console > configure manager add X.X.X.X cisco

there is a ping between them, but still it cannot be added.

 

I run Wireshark to check if there was any problem, but I saw there was a communication between them, then my ASA FirePOWER module sent FIN/Ack to my Firepower management center, and closed the connection.

 

any ideas?

 

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Mohammed De

‎10-19-2017 04:51 AM

Can you confirm they are both listening on tcp/8305? (That's the port they use to register and communicate.)

 

A working setup looks like this from the FMC:

 

root@fmc:/Volume/home/admin# netstat -a | grep 8305
tcp 0 0 fmc.ccielab.mrnete:8305 172.31.1.24:37057 ESTABLISHED
tcp 0 0 fmc.ccielab.mrnet:48195 172.31.1.24:8305 ESTABLISHED
root@fmc:/Volume/home/admin#

 

There are a few other tips you can check in the following threads:

 

https://supportforums.cisco.com/t5/firesight-system-3d-system/link-firepower-with-firesight/td-p/2805182

 

https://supportforums.cisco.com/t5/sourcefire-api/fail-to-register-sfr-module/td-p/2540275

 

 

0 Helpful

Mohammed De
Level 1
Level 1
In response to Marvin Rhoads

‎10-20-2017 08:51 AM

Hello

 

I did what you have said, and I got the following results:

 

Screen Shot 2017-10-20 at 6.42.56 PM.png

 

It seems that there are no connection back from the sfr module to the firepower management center.

 

I checked the other threads, and one of them realated to change the file sftunnel.conf, but it's asking for the root password.

 

do you have any idea about the problem?

 

Thanks

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Mohammed De

‎10-20-2017 08:55 AM

If you need help working with the system files on your FMC, I'd recommend opening a TAC case.

 

If it's not something you're comfortable with it's not too hard to really break things. :)

0 Helpful

Mohammed De
Level 1
Level 1
In response to Marvin Rhoads

‎10-20-2017 08:58 AM

I'll do that.

 

Thanks

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card