After an attempt to upgrade our backup FMC from 6.6.1 (build 91) to the latest 7.0.4-55, the GUI does not allow login and gives the "The server response was not understood. To see if any process is stuck or not? if I do /etc/rc.d/init.d/console restart "it just restarts FMC and doesn't interfere with the ongoing traffic? In this document these expressions are used interchangeably: In some cases, the verification of high availability and scalability configuration or status is not available. mojo_server is down. We are using FMC 2500 ( bare metal server USC model ). Metalowa 5, 60-118 Pozna, Poland Use a REST-API client. Starting Cisco Firepower Management Center 2500, please waitstarted. It is a script that shows all details related to the communication between the sensor and the FMC. In order to verify the FTD cluster configuration, check the value of the Mode attribute value under the specific slot in the`show logical-device detail expand` section: 4. Firewall Management Center (FMC) provides extensive intelligence about the users, applications, devices, threats, and vulnerabilities that exist in your network. STORED MESSAGES for UE Channel service (service 0/peer 0) ipv6 => IPv6 is not configured for management, Marvin. 0 Helpful Share Reply Chekol Retta Beginner 10-01-2021 04:22 AM My problem is a little different. MSGS: 04-09 07:48:48 FTDv SF-IMS[9200]: [13243] sfmgr:sfmanager [INFO] Stop child thread for peer 192.168.0.200 STORED MESSAGES for CSM_CCM (service 0/peer 0) /etc/rc.d/init.d/console restart". REQUESTED FOR REMOTE for UE Channel service I have the same down services askostasthedelegate, 02-24-2022 The most important are the outputs showing the status of the Channel A and Channel B. SEND MESSAGES <7> for IDS Events service *************************RUN STATUS****192.168.0.200************* mojo_server is down . I was then able to add them back with the new default GW. Use the token in this query to find the UUID of the global domain: Note: The part | python -m json.tool of the command string is used to format the output in JSON-style and is optional. Run the show fxos mode command on the CLI: Note: In multi-context mode, theshow fxos mode command is available in the system or the admin context. Standalone, failover, and cluster configuration modes are mutually exclusive. What version of the software and patch level are you running. In order to verify the FTD cluster status, use this query: The FTD high availability and scalability configuration and status can be verified in the Firepower 4100/9300 chassis show-tech file. Thank you very much! MSGS: 04-09 07:48:48 FTDv SF-IMS[9200]: [13243] sfmgr:sfmanager [INFO] free_peer 192.168.0.200.MSGS: 04-09 07:48:50 FTDv SF-IMS[9201]: [13428] sfmbservice:sfmb_service [INFO] TERM:Peer 192.168.0.200 removed REQUESTED FROM REMOTE for UE Channel service, TOTAL TRANSMITTED MESSAGES <0> for FSTREAM service Again, this would result in lost transactions and incompatible databases. It let me delete and add the default gateway with the generic Linux command. **************** Configuration Utility ************** MSGS: 04-09 07:49:00 FTDv SF-IMS[14541]: [14551] sftunneld:sf_peers [INFO] Peer 192.168.0.200 needs a single connection. just a white screen, login page is not coming UP, we have accessed CLI to check and tried few things. Follow these steps to verify the FTD firewall mode on the FTD CLI: connect module [console|telnet], where x is the slot ID, and then. 02-21-2020 REQUESTED FOR REMOTE for IP(NTP) service Cipher used = AES256-GCM-SHA384 (strength:256 bits) Use a REST-API client. MSGS: 04-09 07:48:58 FTDv SF-IMS[14541]: [14552] sftunneld:sf_ssl[INFO] Connect to 192.168.0.200 failed on port 8305 socket 11 (Connection refused)MSGS: 04-09 07:48:58 FTDv SF-IMS[14541]: [14552] sftunneld:sf_ssl[INFO] No IPv4 connection to 192.168.0.200 In order to verify the FTD high availability and scalability configuration, check the labels High Availability or Cluster. The documentation set for this product strives to use bias-free language. Trying to run a "pmtool EnableByID vmsDbEngine" and "pmtool EnableByID DCCSM" or reboot of the appliance does not work. HALT REQUEST SEND COUNTER <0> for Malware Lookup Service service If the cluster is configured, but not enabled, this output is shown: If the cluster is configured, enabled and operationally up, this output is shown: For more information about the OID descriptions refer to the CISCO-UNIFIED-FIREWALL-MIB. Another great tool inherited by Sourcefire is sftunnel_status.pl. If you run it from the FTD then only the particular sensor FMC communication will be affected. Use the global domain UUID in this query: If high availability is not configured, this output is shown: Follow these steps to verify the FMC high availability configuration and status in the FMC troubleshoot file: 1. Use these options to access the FTD CLI in accordance with the platform and deployment mode: Open the troubleshoot file and navigate to the folder. In this example, curl is used: 4. MSGS: 04-09 07:48:58 FTDv SF-IMS[14541]: [14541] sftunneld:sf_peers [INFO] Using a 20 entry queue for 192.168.0.200 - 8121 The verification steps for the high availability and scalability configuration, firewall mode, and instance deployment type are shown on the user interface (UI), the command-line interface (CLI), via REST-API queries, SNMP, and in the troubleshoot file. RECEIVED MESSAGES <7> for service IDS Events service TOTAL TRANSMITTED MESSAGES <14> for IDS Events service Please contact support." at the GUI login. RECEIVED MESSAGES <3> for UE Channel service Follow these steps to verify the ASA high availability and scalability configuration via SNMP: 3. New here? STORED MESSAGES for IP(NTP) service (service 0/peer 0) STATE for UE Channel service So lets execute manage_procs.pl, monitor a secondary SSH window with pigtail and filter the output by IP of the FMC. STATE for IDS Events service I have also rebooted the FMC.==== UPDATE - SOLVED ====My issue was that /dev/root was full. In order to verify the FTD firewall mode, check the show firewall section: Follow these steps to verify the FTD firewall mode on the FMC UI: 2. STORED MESSAGES for UE Channel service (service 0/peer 0) It can also act as a database server for other 2. New here? Find answers to your questions by entering keywords or phrases in the Search bar above. Native instance - A native instance uses all the resources (CPU, RAM, and disk space) of the security module/engine, so you can only install one native instance. But GUI is not coming UP. MSGS: 04-09 07:48:58 FTDv SF-IMS[14541]: [14541] sftunneld:sf_peers [INFO] Using a 20 entry queue for 192.168.0.200 - 8104 Yes I'm looking to upgrade to 7.0. Last Modified. FMC repairing Sybase/MySQL for_policy mismatch too slow, doesn't issue corrections to sensor . No change./etc/rc.d/init.d/console restart has not helped. 2. The information in this document is based on these software and hardware versions: High availability refers to the failover configuration. z o.o. Use the logical device identifier in this query and check the value of theFIREWALL_MODE key: The firewall mode for FTD can be verified in the show-tech file of Firepower 4100/9300. but both of those servers are still running. Follow these steps to verify the FTD high availability and scalability configuration and status via FMC REST-API. If high availability is not configured, this output is shown: If high availability is configured, this output is shown: Note: In a high availability configuration, the FMC role can have a primary or secondary role, and active or standby status. sybase_arbiter (system,gui) - Waiting vmsDbEngine (system,gui) - Running 24408 ESS (system,gui) - Running 24437 DCCSM (system,gui) - Running 25652 . 06:58 AM. If the value is not empty, then the FTD runs in container mode: Follow these steps to verify the FTD instance deployment type on the FXOS CLI: Follow these steps to verify the FTD instance deployment type via an FXOS REST-API request. Our junior engineer have restarted quite a few times today and have observerd this problem. Companies on hackers' radar. 12-16-2017 I had to delete IP, subnet and default GW from the NIC. > expert REQUESTED FROM REMOTE for Health Events service, TOTAL TRANSMITTED MESSAGES <3> for Identity service SFTUNNEL Start Time: Mon Apr 9 07:48:59 2018 In this example, curl is used: 2. STORED MESSAGES for Health service (service 0/peer 0) What else could I see in order to solve the issue? In order to verify the ASA failover configuration and status, run the show running-config failover and show failover state commands on the ASA CLI. Is the above-mentioned command enough to start all (disabled/stuck) services? I have came across an issue which is a bit different from this scenarion. Without an arbiter, both servers could assume that they should take ownership This restarts the services and processes. ", root@vm4110:/Volume/home/admin# pmtool status | grep -i guimysqld (system,gui,mysql) - Running 4908httpsd (system,gui) - Running 4913sybase_arbiter (system,gui) - WaitingvmsDbEngine (system,gui) - DownESS (system,gui) - Running 4949DCCSM (system,gui) - DownTomcat (system,gui) - DownVmsBackendServer (system,gui) - Downmojo_server (system,gui) - Running 5114, I have checked the certificate is the default one and I changed the cipher suites, but no luck. pmtool status | grep -E "Waiting|Down|Disable", pmtool status | grep -E "Waiting|Down|Disable|Running". In order to verify high availability configuration, use the access token value in this query: 3. 2. REQUESTED FROM REMOTE for Malware Lookup Service service, TOTAL TRANSMITTED MESSAGES <6> for service 7000 STATE for IP(NTP) service Keep in mind that you may use the pigtail command during the registration process and monitor where the registration is failing. In these outputs, ftd_ha_1, ftd_ha_2, ftd_standalone, ftd_ha, ftc_cluster1 are user-configurable device names. In order to troubleshoot an issue, you canrestart the processes and services that run on the FireSIGHT Management Center appliance. I had this issue, I fixed it by restarting the console from expert mode. No this particular IP is not being used anywhere else in the network. Container instance - A container instance uses a subset of resources of the security module/engine. Peer channel Channel-B is valid type (EVENT), using 'br1', connected to '192.168.0.200' via '192.168.0.201', TOTAL TRANSMITTED MESSAGES <16> for IP(NTP) service REQUESTED FROM REMOTE for CSM_CCM service, TOTAL TRANSMITTED MESSAGES <228> for UE Channel service In some small percentage of cases it may result in URL lookups not being successful (where there is a URL filtering policy and the target URL is not already cached and categorized on the managed device).