Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Firepower management center compatibility

Hello

 

I just would like to know if there is a compatibility between my firepower management center and my ASA with FirePOWER device, because currently I cannot add the device to the FMC, and there is an error coming up saying " error in communication or the versions are not compatible"

 

ASA 9.6(1)

ASDM 7.6(1)

FirePOWER module 5.4.1.10

Firepower management center 6.1.0

 

Thanks

6 REPLIES
Hall of Fame Super Silver

Re: Firepower management center compatibility

FMC 6.1 should be able to manage your Firepower module with 5.4.1.10. If the module was previously locally managed (with ASDM) you need to change it from the cli there with the "configure managers add.." command.

 

FMC 6.2 and later can only manage sensors (Classic Firepower, ASA with Firepower service module or anything with FTD) that are at 6.1.

 

Please refer to the release notes for confirmation, e.g:

 

https://www.cisco.com/c/en/us/td/docs/security/firepower/610/relnotes/Firepower_System_Release_Notes_Version_610.html#pgfId-127803

 

New Member

Re: Firepower management center compatibility

Thank you Marvin for your response.

 

Actually, I did that, but unfortunately, still not working.

 

I added the FMC IP to the session sfr console > configure manager add X.X.X.X cisco

there is a ping between them, but still it cannot be added.

 

I run Wireshark to check if there was any problem, but I saw there was a communication between them, then my ASA FirePOWER module sent FIN/Ack to my Firepower management center, and closed the connection.

 

any ideas?

 

Hall of Fame Super Silver

Re: Firepower management center compatibility

Can you confirm they are both listening on tcp/8305? (That's the port they use to register and communicate.)

 

A working setup looks like this from the FMC:

 

root@fmc:/Volume/home/admin# netstat -a | grep 8305
tcp 0 0 fmc.ccielab.mrnete:8305 172.31.1.24:37057 ESTABLISHED
tcp 0 0 fmc.ccielab.mrnet:48195 172.31.1.24:8305 ESTABLISHED
root@fmc:/Volume/home/admin#

 

There are a few other tips you can check in the following threads:

 

https://supportforums.cisco.com/t5/firesight-system-3d-system/link-firepower-with-firesight/td-p/2805182

 

https://supportforums.cisco.com/t5/sourcefire-api/fail-to-register-sfr-module/td-p/2540275

 

 

New Member

Re: Firepower management center compatibility

Hello

 

I did what you have said, and I got the following results:

 

Screen Shot 2017-10-20 at 6.42.56 PM.png

 

It seems that there are no connection back from the sfr module to the firepower management center.

 

I checked the other threads, and one of them realated to change the file sftunnel.conf, but it's asking for the root password.

 

do you have any idea about the problem?

 

Thanks

Hall of Fame Super Silver

Re: Firepower management center compatibility

If you need help working with the system files on your FMC, I'd recommend opening a TAC case.

 

If it's not something you're comfortable with it's not too hard to really break things. :)

New Member

Re: Firepower management center compatibility

I'll do that.

 

Thanks

218
Views
0
Helpful
6
Replies
CreatePlease login to create content