Net Worker World

 1. verify snort instance > show snort instance Total number of instances available - 2 +----------+---------+ | INSTANCE |   PID   | +----------+---------+ |    1     |   649 | |    2     |   650 | +----------+---------+ > > show asp inspect-dp snort SNORT Inspect Instance Status Info Id Pid       Cpu-Usage    Conns      Segs/Pkts  Status           tot (usr | sys) -- ----- ---------------- ---------- ---------- ---------- 0  650     0% (  0%|  0%)   1          0        READY 1  649     0% (  0%|  0%)   1          0        READY > or admin@FTD67:~$ top  PID USER      PR  NI    VIRT    RES    SHR S  %CPU  %MEM     TIME+ COMMAND  2562 root      25   5  425648   5156   3888 S  10.5   0.1   2866:36 loggerd  5270 admin     20   0    3560   2388   1860 R   5.3   0.0   0:01.08 top  650 root       1 -19 1981788 482316  35912 S   6.7   5.9  48:57.83 snort  649 root       1 -19 1981740 485880  36100 S   0.3   5.9  49:07.12 snort 2. Lina CPU usage In the 'system support utilizatio

 Issue: FMC and FTD were on 6.4.4, FMC upgrade to 6.6.5 no issue, after FPR1120 upgraded to 6.6.5, FMC lost FTD, user reported: "FPR 1120 not sending Heartbeats after upgrade to 6.6.5. Shows failure in UI but no details." TS: from FTD cli ping FMC works. in expert mode, ran "sftunnel_status.pl", show error "certificate is not valid yet", sftunnel is down, verified FMC certificate is valid from 2019 to 2025, check FTD time using Linux command "date", shows current time is 2015, also check hardware time using " hwclock -r ", shows year 2015 too, ran the command " date -s "18 OCT 2021 18:00:00 "  to set the UTC time.  ran "sftunnel.status.pl" showing sfttunel up, FMC shows devices green. ================== Error: active peer already exists Reason: A device can be un-cleanly de-registered and still exists in the database Fix:  /usr/local/sf/bin/remove_peer.pl "IP or NAME or UUID" FORCE ==== Error: deployme

 1. Firepower 2110 with FTD image console in FPR2110:       2100# connect local-mgmt       2100(local0mgmt)# erase configuration       FOXS and FTD both get reset and reinstalled, may take up to 20 minutes to be able to connect FTD again. 2. Soft reset FTD     2.1 verify IP addresses are configured     >show interface ip brief     2.2 delete manager     >configure manager delete     2.3  change firepower mode to transparent then back to routed      >configure firewall transparent      >configure firewall routed     2.4 verify IP addresses are gone.     >show interface ip brief           ====ASA system recovery===== https://www.cisco.com/c/en/us/td/docs/security/asa/fxos/troubleshoot/asa-fxos-troubleshoot/system_recovery.html

 1. Use FTD outside data interface Note: This feature requires Firepower version 6.7 or later, doesn't support HA.  FMC needs a public IP, firewall rules are need for bidirectional TCP/8305, no IPS inspection, on PA, it is identified as ssl application, so should use service any instead of Application Default. 1.1 boot FTD, configure management interface IP  1.2 configure network management-data-interface > configure network management-data-interface Data interface to use for management: ethernet1/1 Specify a name for the interface [outside]: internet IP address (manual / dhcp) [dhcp]: manual IPv4/IPv6 address: 10.10.6.7 Netmask/IPv6 Prefix: 255.255.255.0 Default Gateway: 10.10.6.1 Comma-separated list of DNS servers [none]: 208.67.222.222,208.67.220.220 DDNS server update URL [none]: ........... 2. Use FTD OOB management interface, configure public IP on interface, consider to add a  router or L3 switch in front of it to protect management IP. 3.  Configure private IP o

  FMC and FTD Management Network Administration https://www.cisco.com/c/en/us/td/docs/security/firepower/misc/fmc-ftd-mgmt-nw/fmc-ftd-mgmt-nw.html#Cisco_Concept.dita_a3adf1ee-a270-4ff4-8b7b-3f9a3f4f1636