Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)

CSA: 5.2 agent reports but doesn't poll?

So I'm running into an issue with a 5.2 agent install (r245). The agent install and registers to the MC without an issue. The issue is that the agent is not polling every 10 minutes like it is supposed to. I placed the same policy on my workstation and I can poll without a problem. The system will still report back to the MC if necessary (if an event logs), and once it does the host shows as active again. But then goes inactive as the polling is failing. I'm looking for details on how the agent should be polling (I think it's UDP, but what port?) and if there's any debugs I can do on the client side to find the issue. We've removed the XP SP2 firewall so it should not be blocked on the workstation. Thanks in advance!



Re: CSA: 5.2 agent reports but doesn't poll?

Hi Mike, a couple of questions (pardon me if they sound dumb):

Is this just a single host and is the 10 minute polling interval listed under host settings?

Is it in multiple groups? Groups are what set polling intervals.

You can run diags locally on the host using "C:\Program Files\Cisco Systems\CSAgent\bin\diag.exe collect"

Also look at C:\Program Files\Cisco Systems\CSAgent\log\csalog.txt for polling errors.

You can also run diags from the MC.

It talks to the MC on 5401. It uses 443 if 5401 fails.


CreatePlease to create content