10-18-2017 06:05 PM - edited 02-21-2020 06:32 AM
Hello
I just would like to know if there is a compatibility between my firepower management center and my ASA with FirePOWER device, because currently I cannot add the device to the FMC, and there is an error coming up saying " error in communication or the versions are not compatible"
ASA 9.6(1)
ASDM 7.6(1)
FirePOWER module 5.4.1.10
Firepower management center 6.1.0
Thanks
10-18-2017 10:22 PM
FMC 6.1 should be able to manage your Firepower module with 5.4.1.10. If the module was previously locally managed (with ASDM) you need to change it from the cli there with the "configure managers add.." command.
FMC 6.2 and later can only manage sensors (Classic Firepower, ASA with Firepower service module or anything with FTD) that are at 6.1.
Please refer to the release notes for confirmation, e.g:
10-19-2017 04:38 AM
Thank you Marvin for your response.
Actually, I did that, but unfortunately, still not working.
I added the FMC IP to the session sfr console > configure manager add X.X.X.X cisco
there is a ping between them, but still it cannot be added.
I run Wireshark to check if there was any problem, but I saw there was a communication between them, then my ASA FirePOWER module sent FIN/Ack to my Firepower management center, and closed the connection.
any ideas?
10-19-2017 04:51 AM
Can you confirm they are both listening on tcp/8305? (That's the port they use to register and communicate.)
A working setup looks like this from the FMC:
root@fmc:/Volume/home/admin# netstat -a | grep 8305
tcp 0 0 fmc.ccielab.mrnete:8305 172.31.1.24:37057 ESTABLISHED
tcp 0 0 fmc.ccielab.mrnet:48195 172.31.1.24:8305 ESTABLISHED
root@fmc:/Volume/home/admin#
There are a few other tips you can check in the following threads:
https://supportforums.cisco.com/t5/sourcefire-api/fail-to-register-sfr-module/td-p/2540275
10-20-2017 08:51 AM
Hello
I did what you have said, and I got the following results:
It seems that there are no connection back from the sfr module to the firepower management center.
I checked the other threads, and one of them realated to change the file sftunnel.conf, but it's asking for the root password.
do you have any idea about the problem?
Thanks
10-20-2017 08:55 AM
If you need help working with the system files on your FMC, I'd recommend opening a TAC case.
If it's not something you're comfortable with it's not too hard to really break things. :)
10-20-2017 08:58 AM
I'll do that.
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide