Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

fail to register SFR module

I am failing to register my ASA with Sourcefire module. I see in the V DC that the syslog says it connected to the module successfully, but fails to authenticate

“sftunneld:sf_ssl [WARN] VerifyConnect:Failed to authenticate or to be authenticated by peer”

Everyone's tags (1)
15 REPLIES
Community Member

Verify that the key being

Verify that the key being used to configure the manager on the SFR module and the key entered when registering the SFR Module as a Device in Defense Center are the same.

Community Member

Dear all, I had to open a TAC

Dear all,

 

I had to open a TAC about this. The problem was that, after a forced power reload of the ASAs, a file "sftunnel.conf" got corrupted. It seems that this file is responsible for the the communication service between the Manager and the SFR. If the service is down then the SFR does not listen on TCP/8305. So the TAC engineer stopped the service, deleted the corrupted file, recreated it and restarted the service. All these from the expert CLI mode of the SFR.

 

 

Community Member

Thanks a lot for information

Thanks a lot for information Michael.

Do you remember the process to recreate that file? 

Community Member

Hello Oleg, I logged the TAC

Hello Oleg,

 

I logged the TAC engineer's session so here it is (see attached tac_session_log.txt). Though, you will need the root password to be able to perform what he did.

He sent me the text file sftunnel.conf (included in sftunnel.zip), browsed in /etc/sf/ and created the file named sftunnel.conf with vi editor, where he copy-pasted the text from the file he had sent me.

 

I hope that helps.

Community Member

Great. It's working!)I had

Great. 

It's working!)

I had exactly the same issue.

Thanks a lot. 

 

Community Member

It did not worked for me. I

It did not worked for me. I get access denied at on one point of the process. If i reimage the module, will that help? Or i will have yhe same issue?

Community Member

I re-imaged my module after

I re-imaged my module after suffering this problem and afterwards it worked perfectly.

Community Member

I will do that as well, on

I will do that as well, on Monday and let you know of the results!

Community Member

Hello.Can anyone try to deny

Hello.

Can anyone try to deny youtube.com by using sfr? 

I did such test that fail for me because it's not blocking when I try to access site using Internet Explorer. 

 

Community Member

You are rigth!!!!it is

You are rigth!!!!

it is working now as well!!!

Community Member

This fixed my problem.

This fixed my problem.  Straight up awesome!  Thanks!

Community Member

Had the same issue. Followed

Had the same issue. Followed the instructions on how to edit in VI then pasted the attached sftunnel.conf and saved. Module registered instantly.

 

Thanks

Community Member

When I try to configure the

When I try to configure the manager on the ASA SFR, it returns the following error:

"Communication channel for management interface is not configured!"

Community Member

Hi Michael, Did you figure

Hi Michael,

 

Did you figure this one out?

 

I get exactly the same on my ASA SFR.

 

"Communication channel for management interface is not configured!"

 

Thanks

 

John

 

 

Community Member

Hello Jonh,Did you resolve

Hello Jonh,

Did you resolve that problem? 
I have the same syslog message.

5739
Views
10
Helpful
15
Replies
CreatePlease to create content