FMC, Firepower - yar145/mytestrepo1 GitHub Wiki

Use FMC and FTD Smart License Registration and Common Issues to Troubleshoot

VXLAN VXLAN and GENEVE Support

VxLAN configuration on FTD

EIGRP Chapter: Enhanced Interior Gateway Routing Protocol (EIGRP)

Troubleshooting FMC and Cisco Firepower

Truobleshut as TAC

https://www.grandmetric.com/troubleshoot-fmc-firepower-sensor-communication/

**manage_procs.pl **

expert admin@FTDv:~$ sudo su Password: root@FTDv:/home/admin# manage_procs.pl

**pigtail **

sftunnel_status.pl

Another great tool inherited by Sourcefire is sftunnel_status.pl. It is a script that shows all details related to the communication between the sensor and the FMC. The most important are the outputs showing the status of the Channel A and Channel B. These are the management and the eventing channels. In more complex Cisco Firepower designs these are two separate physical connections which enhance the policy push time and the logging features.

FTD registration with FMC

Is your Cisco FTD’s Sending IPS Events to your FMC? Are you receiving them all?

ls -lha /var/sf/detection_engines/221a35a4-6b7d-11eb-a196-4feda4364b2c/instance-1|grep bookmark

and now we see the current events which should correlate with your FMC…if not, restart your “sftunnel” with the following command from expert mode:

pmtool restartbyid sftunnel

Then check again, and if you still don’t have events, restart the sfdatacorrelator with the following commands:

root@todd\-Sourcefire3D:/var/sf/user_enforcement#

OmniQuery.pl -db mdb -e “select count(*) from rna_client_app_map;”

Cisco Secure Firewall 7.1 Release - Deployment with AWS Gateway Load Balancer

Deploy a Cluster for Threat Defense Virtual in a Public Cloud

FTDv Integration with AWS Transit Gateway

pmtool

Managing Firepower processes with pmtool

---

pmtool disablebyid SFDataCorrelator

SFDataCorrelator	Processes various (event) data streams and correlates received data with other datasets. SFDC stitchestogether sensor events with vulnerability data available on FMC to enrich events but also processes things like user identity mappings and a lot of data correlation related tasks.

Database Integrity Check Failed on FirePOWER

Repair Database Integrity pmtool disablebyid SFDataCorrelator pmtool status | grep -i SFD

repair_table.pl -farms rna_flow_stats

mysql -padmin sfsnort -e "DROP TABLE rna_flow_stats_1455819600"