Issue:
FMC and FTD were on 6.4.4, FMC upgrade to 6.6.5 no issue, after FPR1120 upgraded to 6.6.5, FMC lost FTD, user reported: "FPR 1120 not sending Heartbeats after upgrade to 6.6.5. Shows failure in UI but no details."
TS:
from FTD cli ping FMC works. in expert mode, ran "sftunnel_status.pl", show error "certificate is not valid yet", sftunnel is down, verified FMC certificate is valid from 2019 to 2025, check FTD time using Linux command "date", shows current time is 2015, also check hardware time using "hwclock -r", shows year 2015 too, ran the command "date -s "18 OCT 2021 18:00:00" to set the UTC time. ran "sftunnel.status.pl" showing sfttunel up, FMC shows devices green.
==================
Error:
active peer already exists
Reason:
A device can be un-cleanly de-registered and still exists in the database
Fix:
/usr/local/sf/bin/remove_peer.pl "IP or NAME or UUID" FORCE
====
Error:
deployment stuck in GUI, but may actually deployed.
TS:
Verify if rules actually deployed:
FTD LINA engine: A global ACL named as CSM_FW_ACL_
FTD Snort engine: Access Control (AC) rules in the /var/sf/detection_engines/UUID/ngfw.rules
Use the following command in expert mode to delete the stucked notification.
OmniQuery.pl -db mdb -e "select status,category,hex(uuid),body from notification;" | grep "\ 7\ "
or OmniQuery.pl -db mdb -e "select status,category,hex(uuid),body from notification where status=7;"
OmniQuery.pl -db mdb -e 'delete from notification where uuid=unhex("AB2E4574EBB9349A90ECE4EC2520AEB8");'
====
For https traffic, the SNI extension in client hello has URL info.
Comments
Post a Comment