Menu Close

Can an FMC register an FTD that is already registered with another FMC?

Aref Alsouqi 1 Comment

In this post I am going to share with you how an FMC can register an FTD that was already registered with another FMC. In my lab I had two FMCs, and one FTD. The FTD was already registered with an FMC, and it had another FMC registration in pending state. What I have tried to do was to register this FTD with the other FMC that was in pending state.

Guess what?!, the result surprisingly was successful. In the end the FTD was unregistered from the original FMC and registered to the other one. At that point the original FMC was showing the FTD as disabled.

Topology

Current Situation on all the three devices

FMCv-02

As you can see, the FTDv-01 health status is good on FMCv-02.

FMCv-01

On FMCv-01 we don't see the FTDv-01 because it is currently registered with FMCv-02.

FTDv-01

> show managers 
Host                      : 172.16.1.240
Registration Key          : ****
Registration              : pending
RPC Status                : 
Type                      : Manager
Host                      : 172.16.1.240
Registration              : Pending

Type                      : Manager
Host                      : 172.16.1.246
Registration              : Completed

FTDv-01 registration with FMCv-02 is successfully completed. However, the registration with FMCv-01 is still in pending state.

Now let's try to register the FTDv-01 from FMCv-01

Here is the dump of the /var/log/messages capture on the FTDv-01. The output is filtered out per the two FMCs IP addresses. This was taken during the registration process with FMCv-01

root@ftd-01:~# tail -f /var/log/messages | grep '172.16.1.240\|172.16.1.246'
ftd-01 SF-IMS[18826]: [20431] sftunneld:sf_ssl [INFO] Connect to 172.16.1.240 on port 8305 - eth0
ftd-01 SF-IMS[18826]: [20431] sftunneld:sf_ssl [INFO] Initiate IPv4 connection to 172.16.1.240 (via eth0)
ftd-01 SF-IMS[18826]: [20431] sftunneld:sf_ssl [INFO] Initiating IPv4 connection to 172.16.1.240:8305/tcp
ftd-01 SF-IMS[18826]: [20431] sftunneld:sf_ssl [INFO] Wait to connect to 8305 (IPv6): 172.16.1.240
ftd-01 SF-IMS[18826]: [20431] sftunneld:sf_ssl [INFO] Connect to 172.16.1.240 failed on port 8305 socket 26 (Connection refused)
ftd-01 SF-IMS[18826]: [20431] sftunneld:sf_ssl [INFO] No IPv4 connection to 172.16.1.240
ftd-01 SF-IMS[18826]: [20431] sftunneld:sf_ssl [WARN] Unable to connect to peer '172.16.1.240'
ftd-01 SF-IMS[18826]: [20431] sftunneld:sf_ssl [INFO] reconnect to peer '172.16.1.240' in 44 seconds
ftd-01 SF-IMS[18826]: [18836] sftunneld:sf_peers [INFO] Peer 172.16.1.240 needs a single connection
ftd-01 SF-IMS[18826]: [18836] sftunneld:sf_connections [INFO] Start connection to : 172.16.1.240 (wait 44 seconds is up)
ftd-01 SF-IMS[18826]: [20463] sftunneld:sf_peers [INFO] Peer 172.16.1.240 needs a single connection
ftd-01 SF-IMS[18826]: [20463] sftunneld:sf_ssl [INFO] Connect to 172.16.1.240 on port 8305 - eth0
ftd-01 SF-IMS[18826]: [20463] sftunneld:sf_ssl [INFO] Initiate IPv4 connection to 172.16.1.240 (via eth0)
ftd-01 SF-IMS[18826]: [20463] sftunneld:sf_ssl [INFO] Initiating IPv4 connection to 172.16.1.240:8305/tcp
ftd-01 SF-IMS[18826]: [20463] sftunneld:sf_ssl [INFO] Wait to connect to 8305 (IPv6): 172.16.1.240
ftd-01 SF-IMS[18826]: [20463] sftunneld:sf_ssl [INFO] Connect to 172.16.1.240 failed on port 8305 socket 26 (Connection refused)
ftd-01 SF-IMS[18826]: [20463] sftunneld:sf_ssl [INFO] No IPv4 connection to 172.16.1.240
ftd-01 SF-IMS[18826]: [20463] sftunneld:sf_ssl [WARN] Unable to connect to peer '172.16.1.240'
ftd-01 SF-IMS[18826]: [20463] sftunneld:sf_ssl [INFO] reconnect to peer '172.16.1.240' in 44 seconds
ftd-01 SF-IMS[18826]: [18835] sftunneld:tunnsockets [INFO] Accepted IPv4 connection from 172.16.1.240:35759/tcp
ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_ssl [INFO] Processing connection from 172.16.1.240:35759/tcp (socket 26)
ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_ssl [INFO] Accepted SSL connection from: 172.16.1.240:35759/tcp
ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_peers [INFO] Peer 172.16.1.240 needs a single connection
ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_ssl [INFO] Verify accepted: Need a new connection for peer 172.16.1.240 (1)
ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_ssl [INFO] Peer 172.16.1.240 supports separate events connection
ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_ssl [INFO] Peer 172.16.1.240 registration is complete remotely
ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_peers [INFO] Peer 172.16.1.240 needs a single connection
ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_ssl [INFO] Accept: Will start a child thread for peer '172.16.1.240'
ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_ssl [INFO] Accept: Start child thread for peer '172.16.1.240'
ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_channel [INFO] >>>>>>> initChannels peer: 172.16.1.240 <<<<<< ftd-01 SF-IMS[18826]: [20467] sftunneld:stream_file [INFO] Stream CTX destroyed for 172.16.1.240 ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_connections [INFO] Socket '/ngfw/var/sf/peers/172.16.1.240/conn.sox': 27 is accepting services. ftd-01 SF-IMS[18826]: [20467] sftunneld:stream_file [INFO] Stream CTX initialized for 172.16.1.240 ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_connections [INFO] Peer 172.16.1.240 main thread started ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_connections [INFO] Need to send SW version and Published Services to 172.16.1.240 ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_channel [INFO] >> ChannelState do_dataio_for_heartbeat peer 172.16.1.240 / channelA / CONTROL [ msgSock & ssl_context ] << ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_heartbeat [INFO] Saved SW VERSION from peer 172.16.1.240 (6.5.0.4) ftd-01 SF-IMS[18827]: [18832] sfmgr:sfmanager [INFO] Established connection to sftunnel for peer 172.16.1.240 (fd 8) ftd-01 SF-IMS[18827]: [20470] sfmgr:sfmanager [INFO] Writing out service number - SFMGR for peer 172.16.1.240 ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_heartbeat [INFO] RPC Service is published for peer 172.16.1.240. ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_peers [INFO] Using a 20 entry queue for 172.16.1.240 - 6666 ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_connections [INFO] Need to send SW version and Published Services to 172.16.1.240 ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_channel [INFO] >> ChannelState do_dataio_for_heartbeat peer 172.16.1.240 / channelA / CONTROL [ msgSock & ssl_context ] << ftd-01 SF-IMS[18827]: [20469] sfmgr:sfmanager [INFO] Waiting for RPC service to be published on peer 172.16.1.240 ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_heartbeat [INFO] Saved SW VERSION from peer 172.16.1.240 (6.5.0.4) ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_heartbeat [INFO] (2)FORWARDED Product Info received from peer 172.16.1.240 to SFMGR ftd-01 SF-IMS[18827]: [20469] sfmgr:sfmanager [INFO] SFMGR is published on peer 172.16.1.240 ftd-01 SF-IMS[18827]: [20469] sfmgr:sfmanager [INFO] SFMGR: UNIX socket '/ngfw/var/sf/peers/172.16.1.240/mgr.sox': 9 is listening... ftd-01 SF-IMS[18826]: [18826] sftunneld:sftunnel_status [INFO] IPv4 Connection to peer '172.16.1.246' Start Time: Sun Apr 26 03:25:11 2020 ftd-01 SF-IMS[18826]: [18826] sftunneld:sftunnel_status [INFO] IPv4 Connection to peer '172.16.1.240' Start Time: Thu Apr 30 20:38:43 2020 ftd-01 SF-IMS[18826]: [20467] sftunneld:control_services [INFO] Interface eth0 from 172.16.1.240 supports 'control events' ftd-01 SF-IMS[18826]: [20467] sftunneld:control_services [INFO] Interface eth0 from 172.16.1.240 supports events ftd-01 SF-IMS[18826]: [20467] sftunneld:control_services [INFO] Interface eth0 (172.16.1.240) from 172.16.1.240 is up ftd-01 SF-IMS[18826]: [20467] sftunneld:control_services [INFO] Peer 172.16.1.240 Notified that it is NOT configured for dedicated events interface ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_connections [INFO] Need to send SW version and Published Services to 172.16.1.240 ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_channel [INFO] >> ChannelState do_dataio_for_heartbeat peer 172.16.1.240 / channelA / CONTROL [ msgSock & ssl_context ] << ftd-01 SF-IMS[14234]: [14494] SFDataCorrelator:EventStreamHandler [INFO] Signal:Closing estreamer connection to 172.16.1.246 ftd-01 SF-IMS[18826]: [18837] sftunneld:sf_connections [INFO] DISCONNECTED:do_services_read_write: Broken connection to service 6667 (FD 25), peer 172.16.1.246 ftd-01 SF-IMS[14234]: [20772] SFDataCorrelator:EventStreamHandler [INFO] Creating thread for peer 172.16.1.246 ftd-01 SF-IMS[14234]: [20775] SFDataCorrelator:EventStreamHandler [INFO] Starting Event Stream Handler for 172.16.1.246 ftd-01 SF-IMS[14234]: [20775] SFDataCorrelator:EventStreamHandler [INFO] Established estreamer connection to 172.16.1.246 ftd-01 SF-IMS[18826]: [18837] sftunneld:sf_heartbeat [INFO] Estreamer Events Service is published for peer 172.16.1.246 ftd-01 SF-IMS[18826]: [18837] sftunneld:sf_peers [INFO] Using a 750 entry queue for 172.16.1.246 - 6667 ftd-01 SF-IMS[18826]: [18837] sftunneld:sf_channel [INFO] Peer 172.16.1.246. SWITCH SERVICE 6667 CHANNEL 2 ftd-01 SF-IMS[14234]: [20775] SFDataCorrelator:EventStreamHandler [INFO] Signal:Closing estreamer connection to 172.16.1.246 ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_heartbeat [INFO] Saved SW VERSION from peer 172.16.1.240 (6.5.0.4) ftd-01 SF-IMS[18826]: [20467] sftunneld:control_services [INFO] Interface eth0 from 172.16.1.240 supports 'control events' ftd-01 SF-IMS[18826]: [20467] sftunneld:control_services [INFO] Interface eth0 from 172.16.1.240 supports events ftd-01 SF-IMS[18826]: [20467] sftunneld:control_services [INFO] Interface eth0 (172.16.1.240) from 172.16.1.240 is up ftd-01 SF-IMS[18826]: [20467] sftunneld:control_services [INFO] Peer 172.16.1.240 Notified that it is NOT configured for dedicated events interface ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_connections [INFO] Need to send SW version and Published Services to 172.16.1.240 ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_channel [INFO] >> ChannelState do_dataio_for_heartbeat peer 172.16.1.240 / channelA / CONTROL [ msgSock & ssl_context ] << ftd-01 SF-IMS[18826]: [18837] sftunneld:sf_connections [INFO] DISCONNECTED:do_services_read_write: Broken connection to service 7700 (FD 12), peer 172.16.1.246 ftd-01 SF-IMS[18826]: [18837] sftunneld:sf_connections [INFO] DISCONNECTED:do_services_read_write: Broken connection to service 7000 (FD 21), peer 172.16.1.246 ftd-01 SF-IMS[18826]: [18837] sftunneld:sf_connections [INFO] DISCONNECTED:do_services_read_write: Broken connection to service 7770 (FD 13), peer 172.16.1.246 ftd-01 SF-IMS[18826]: [18837] sftunneld:sf_heartbeat [INFO] Malware Lookup Service is published for peer 172.16.1.246. ftd-01 SF-IMS[18826]: [18837] sftunneld:sf_peers [INFO] Using a 750 entry queue for 172.16.1.246 - 7700 ftd-01 SF-IMS[18826]: [18837] sftunneld:sf_channel [INFO] Peer 172.16.1.246. SWITCH SERVICE 7700 CHANNEL 2 ftd-01 SF-IMS[18826]: [18837] sftunneld:sf_heartbeat [INFO] Identity Service is published for peer 172.16.1.246 ftd-01 SF-IMS[18826]: [18837] sftunneld:sf_peers [INFO] Using a 20 entry queue for 172.16.1.246 - 7770 ftd-01 SF-IMS[18826]: [18837] sftunneld:tunnsockets [WARN] Disconnected service 7770 for peer 172.16.1.246 ftd-01 SF-IMS[18826]: [18837] sftunneld:sf_heartbeat [INFO] Identity Service is published for peer 172.16.1.246 ftd-01 SF-IMS[18826]: [18837] sftunneld:sf_peers [INFO] Using a 20 entry queue for 172.16.1.246 - 7770 ftd-01 SF-IMS[18826]: [18837] sftunneld:sf_connections [INFO] DISCONNECTED:do_services_read_write: Broken connection to service 9009 (FD 19), peer 172.16.1.246 ftd-01 SF-IMS[18827]: [18827] sfmgr:sfmanager [INFO] set peer PEER_REMOVED registered 172.16.1.246 ftd-01 SF-IMS[18827]: [18827] sfmgr:sfmanager [INFO] MARK TO FREE peer 172.16.1.246 ftd-01 SF-IMS[18826]: [18826] sftunneld:sftunnel [INFO] set peer PEER_REMOVED 172.16.1.246 registered ftd-01 SF-IMS[18826]: [18837] sftunneld:sf_connections [INFO] Peer 172.16.1.246 is removed...Exiting child thread ftd-01 SF-IMS[18826]: [18837] sftunneld:TunnelService [INFO] UEC service 9101 is signaled to exit for peer 172.16.1.246 ftd-01 SF-IMS[18826]: [18837] sftunneld:TunnelService [INFO] UEC service 9100 is signaled to exit for peer 172.16.1.246 ftd-01 SF-IMS[18827]: [18854] sfmgr:sfmanager [INFO] WRITE_THREAD:Terminated sftunnel write thread for peer 172.16.1.246 ftd-01 SF-IMS[18827]: [18853] sfmgr:sfmanager [INFO] Stop child thread for peer 172.16.1.246 ftd-01 SF-IMS[18827]: [18853] sfmgr:sfmanager [INFO] Exiting child thread for peer 172.16.1.246 ftd-01 SF-IMS[18827]: [18853] sfmgr:sfmanager [INFO] free_peer 172.16.1.246. ftd-01 SF-IMS[18826]: [18837] sftunneld:TunnelService [WARN] UEC service 9101 exited for peer 172.16.1.246 ftd-01 SF-IMS[18826]: [18837] sftunneld:TunnelService [WARN] UEC service 9100 exited for peer 172.16.1.246 ftd-01 SF-IMS[18826]: [18837] sftunneld:stream_file [INFO] Stream CTX destroyed for 172.16.1.246 ftd-01 SF-IMS[18826]: [18837] sftunneld:sf_channel [INFO] >> ChannelState ShutDownPeer peer 172.16.1.246 / channelA / CONTROL [ msgSock & ssl_context ] << ftd-01 SF-IMS[18826]: [18837] sftunneld:sf_channel [INFO] >> ChannelState freeChannel peer 172.16.1.246 / channelA / DROPPED [ msgSock & ssl_context ] << ftd-01 SF-IMS[18826]: [18837] sftunneld:sf_channel [INFO] >> ChannelState ShutDownPeer peer 172.16.1.246 / channelB / EVENT [ msgSock2 & ssl_context2 ] << ftd-01 SF-IMS[18826]: [18837] sftunneld:sf_channel [INFO] >> ChannelState freeChannel peer 172.16.1.246 / channelB / DROPPED [ msgSock2 & ssl_context2 ] << ftd-01 SF-IMS[18826]: [18837] sftunneld:sf_connections [INFO] Peer 172.16.1.246 is not configured...Exiting ftd-01 SF-IMS[18826]: [18837] sftunneld:sf_peers [INFO] Free peer 172.16.1.246 ftd-01 SF-IMS[18826]: [18837] sftunneld:sf_channel [INFO] >> ChannelState free_peer peer 172.16.1.246 / channelA / NONE [ msgSock & ssl_context ] << ftd-01 SF-IMS[18826]: [18837] sftunneld:sf_channel [INFO] >> ChannelState free_peer peer 172.16.1.246 / channelB / NONE [ msgSock & ssl_context ] << ftd-01 SF-IMS[18826]: [18837] sftunneld:stream_file [INFO] Stream CTX destroyed for 172.16.1.246 ftd-01 SF-IMS[18826]: [18837] sftunneld:sf_peers [INFO] Free peer 172.16.1.246 on exit ftd-01 SF-IMS[18826]: [18837] sftunneld:stream_file [INFO] Stream CTX destroyed for 172.16.1.246 ftd-01 SF-IMS[18826]: [18826] sftunneld:sftunnel [INFO] set updated peer PEER_CONFIGURED 172.16.1.240 ftd-01 SF-IMS[18827]: [18827] sfmgr:sfmanager [INFO] set peer PEER_REMOVED pending 172.16.1.240 ftd-01 SF-IMS[18827]: [18827] sfmgr:sfmanager [INFO] MARK TO FREE peer 172.16.1.240 ftd-01 SF-IMS[18827]: [18827] sfmgr:sfmanager [INFO] set peer PEER_ADD registered 172.16.1.240 ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_connections [INFO] Reset communications for peer 172.16.1.240 ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_connections [INFO] Keep sftunnel connection for peer 172.16.1.240 ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_heartbeat [INFO] UE Priority Event Channel 0 Service is published for peer 172.16.1.240 ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_peers [INFO] Using a 750 entry queue for 172.16.1.240 - 9100 ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_channel [INFO] Peer 172.16.1.240. SWITCH SERVICE 9100 CHANNEL 2 ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_heartbeat [INFO] UE Priority Event Channel 1 Service is published for peer 172.16.1.240 ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_peers [INFO] Using a 750 entry queue for 172.16.1.240 - 9101 ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_channel [INFO] Peer 172.16.1.240. SWITCH SERVICE 9101 CHANNEL 2 ftd-01 SF-IMS[18826]: [20467] sftunneld:stream_file [INFO] Stream CTX initialized for 172.16.1.240 ftd-01 SF-IMS[18826]: [20467] sftunneld:control_services [INFO] Successfully Send Interfaces info to peer 172.16.1.240 over eth0 ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_heartbeat [INFO] Saved SW VERSION from peer 172.16.1.240 (6.5.0.4) ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_heartbeat [INFO] IP(NTP) Service is published for peer 172.16.1.240. ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_peers [INFO] Using a 750 entry queue for 172.16.1.240 - 8400 ftd-01 SF-IMS[18827]: [20469] sfmgr:sfmanager [INFO] Stop child thread for peer 172.16.1.240 ftd-01 SF-IMS[18827]: [20469] sfmgr:sfmanager [INFO] Exiting child thread for peer 172.16.1.240 ftd-01 SF-IMS[18827]: [20470] sfmgr:sfmanager [INFO] WRITE_THREAD:Terminated sftunnel write thread for peer 172.16.1.240 ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_connections [INFO] DISCONNECTED:do_services_read_write: Broken connection to service 6666 (FD 10), peer 172.16.1.240 ftd-01 SF-IMS[18827]: [20469] sfmgr:sfmanager [INFO] free_peer 172.16.1.240. ftd-01 SF-IMS[18827]: [18832] sfmgr:sfmanager [INFO] Established connection to sftunnel for peer 172.16.1.240 (fd 6) ftd-01 SF-IMS[18827]: [22901] sfmgr:sfmanager [INFO] Writing out service number - SFMGR for peer 172.16.1.240 ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_heartbeat [INFO] RPC Service is published for peer 172.16.1.240. ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_peers [INFO] Using a 20 entry queue for 172.16.1.240 - 6666 ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_connections [INFO] Need to send SW version and Published Services to 172.16.1.240 ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_channel [INFO] >> ChannelState do_dataio_for_heartbeat peer 172.16.1.240 / channelA / CONTROL [ msgSock & ssl_context ] << ftd-01 SF-IMS[18827]: [22900] sfmgr:sfmanager [INFO] SFMGR is published on peer 172.16.1.240 ftd-01 SF-IMS[18828]: [18831] sfmbservice:sfmb_service [INFO] Start getting MB messages for 172.16.1.240 ftd-01 SF-IMS[18828]: [18831] sfmbservice:sfmb_service [INFO] Established connection to peer 172.16.1.240 ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_heartbeat [INFO] Message Broker Service is published for peer 172.16.1.240 ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_peers [INFO] Using a 20 entry queue for 172.16.1.240 - 8306 ftd-01 SF-IMS[18826]: [18836] sftunneld:sf_connections [INFO] Start connection to : 172.16.1.240 (wait 10 seconds is up) ftd-01 SF-IMS[18826]: [22962] sftunneld:sf_peers [INFO] Peer 172.16.1.240 needs the second connection ftd-01 SF-IMS[18826]: [22962] sftunneld:sf_ssl [INFO] Connect to 172.16.1.240 on port 8305 - eth0 ftd-01 SF-IMS[18826]: [22962] sftunneld:sf_ssl [INFO] Initiate IPv4 connection to 172.16.1.240 (via eth0) ftd-01 SF-IMS[18826]: [22962] sftunneld:sf_ssl [INFO] Initiating IPv4 connection to 172.16.1.240:8305/tcp ftd-01 SF-IMS[18826]: [22962] sftunneld:sf_ssl [INFO] Wait to connect to 8305 (IPv6): 172.16.1.240 ftd-01 SF-IMS[18826]: [22962] sftunneld:sf_ssl [INFO] Connected to 172.16.1.240:8305 (IPv4) ftd-01 SF-IMS[18826]: [22962] sftunneld:sf_ssl [INFO] Successfully connected using SSL to: '172.16.1.240' ftd-01 SF-IMS[18826]: [22962] sftunneld:sf_ssl [INFO] Peer 172.16.1.240 supports multiple ports ftd-01 SF-IMS[18826]: [22962] sftunneld:sf_ssl [INFO] Peer 172.16.1.240 supports separate events connection ftd-01 SF-IMS[18826]: [22962] sftunneld:sf_ssl [INFO] Peer 172.16.1.240 registration is complete remotely ftd-01 SF-IMS[18826]: [22962] sftunneld:sf_ssl [INFO] Connect: AUTHENTICATED peer '172.16.1.240' ftd-01 SF-IMS[18826]: [22962] sftunneld:sf_ssl [INFO] Connect: Second SSL_CTX for peer '172.16.1.240' ftd-01 SF-IMS[18826]: [22962] sftunneld:sf_ssl [INFO] Connect: Add second connection to peer '172.16.1.240' ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_connections [INFO] Need to send SW version and Published Services to 172.16.1.240 ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_channel [INFO] >> ChannelState do_dataio_for_heartbeat peer 172.16.1.240 / channelA / CONTROL [ msgSock & ssl_context ] << ftd-01 SF-IMS[18826]: [20467] sftunneld:control_services [INFO] Successfully Send Interfaces info to peer 172.16.1.240 over eth0 ftd-01 SF-IMS[18826]: [20467] sftunneld:control_services [INFO] Interface eth0 from 172.16.1.240 supports 'control events' ftd-01 SF-IMS[18826]: [20467] sftunneld:control_services [INFO] Interface eth0 from 172.16.1.240 supports events ftd-01 SF-IMS[18826]: [20467] sftunneld:control_services [INFO] Interface eth0 (172.16.1.240) from 172.16.1.240 is up ftd-01 SF-IMS[18826]: [20467] sftunneld:control_services [INFO] Peer 172.16.1.240 Notified that it is NOT configured for dedicated events interface ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_connections [INFO] Need to send SW version and Published Services to 172.16.1.240 ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_channel [INFO] >> ChannelState do_dataio_for_heartbeat peer 172.16.1.240 / channelA / CONTROL [ msgSock & ssl_context ] << ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_heartbeat [INFO] Saved SW VERSION from peer 172.16.1.240 (6.5.0.4) ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_heartbeat [INFO] Saved SW VERSION from peer 172.16.1.240 (6.5.0.4) ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_heartbeat [INFO] Malware Lookup Service is published for peer 172.16.1.240. ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_peers [INFO] Using a 750 entry queue for 172.16.1.240 - 7700 ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_channel [INFO] Peer 172.16.1.240. SWITCH SERVICE 7700 CHANNEL 2 ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_heartbeat [INFO] Service 7000 is published for peer 172.16.1.240 ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_peers [INFO] Using a 750 entry queue for 172.16.1.240 - 7000 ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_channel [INFO] Peer 172.16.1.240. SWITCH SERVICE 7000 CHANNEL 2 ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_heartbeat [INFO] Identity Service is published for peer 172.16.1.240 ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_peers [INFO] Using a 20 entry queue for 172.16.1.240 - 7770 ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_heartbeat [INFO] CSM_CCM service is published for peer 172.16.1.240 ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_peers [INFO] Using a 750 entry queue for 172.16.1.240 - 9009 ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_channel [INFO] Peer 172.16.1.240. SWITCH SERVICE 9009 CHANNEL 2 ftd-01 SF-IMS[18826]: [18826] sftunneld:sftunnel_status [INFO] IPv4 Connection to peer '172.16.1.240' Start Time: Thu Apr 30 20:38:43 2020 ftd-01 SF-IMS[20806]: [23183] SFDataCorrelator:EventStreamHandler [INFO] Creating thread for peer 172.16.1.240 ftd-01 SF-IMS[20806]: [23184] SFDataCorrelator:EventStreamHandler [INFO] Starting Event Stream Handler for 172.16.1.240 ftd-01 SF-IMS[18826]: [20467] sftunneld:control_services [INFO] Interface eth0 from 172.16.1.240 supports 'control events' ftd-01 SF-IMS[18826]: [20467] sftunneld:control_services [INFO] Interface eth0 from 172.16.1.240 supports events ftd-01 SF-IMS[18826]: [20467] sftunneld:control_services [INFO] Interface eth0 (172.16.1.240) from 172.16.1.240 is up ftd-01 SF-IMS[18826]: [20467] sftunneld:control_services [INFO] Peer 172.16.1.240 Notified that it is NOT configured for dedicated events interface ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_connections [INFO] Need to send SW version and Published Services to 172.16.1.240 ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_channel [INFO] >> ChannelState do_dataio_for_heartbeat peer 172.16.1.240 / channelA / CONTROL [ msgSock & ssl_context ] <<
ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_heartbeat [INFO] IDS Events Service is published for peer 172.16.1.240
ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_peers [INFO] Using a 750 entry queue for 172.16.1.240 - 9001
ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_channel [INFO] Peer 172.16.1.240. SWITCH SERVICE 9001 CHANNEL 2
ftd-01 SF-IMS[20806]: [23184] SFDataCorrelator:EventStreamHandler [INFO] Established estreamer connection to 172.16.1.240
ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_heartbeat [INFO] Estreamer Events Service is published for peer 172.16.1.240
ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_peers [INFO] Using a 750 entry queue for 172.16.1.240 - 6667
ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_channel [INFO] Peer 172.16.1.240. SWITCH SERVICE 6667 CHANNEL 2
ftd-01 SF-IMS[18826]: [20467] sftunneld:control_services [INFO] Successfully Send Interfaces info to peer 172.16.1.240 over eth0
ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_heartbeat [INFO] Saved SW VERSION from peer 172.16.1.240 (6.5.0.4)
ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_connections [INFO] DISCONNECTED:do_services_read_write: Broken connection to service 9001 (FD 22), peer 172.16.1.240
ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_heartbeat [INFO] IDS Events Service is published for peer 172.16.1.240
ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_peers [INFO] Using a 750 entry queue for 172.16.1.240 - 9001
ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_channel [INFO] Peer 172.16.1.240. SWITCH SERVICE 9001 CHANNEL 2
ftd-01 SF-IMS[18826]: [20467] sftunneld:control_services [INFO] Successfully Send Interfaces info to peer 172.16.1.240 over eth0
ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_heartbeat [INFO] Saved SW VERSION from peer 172.16.1.240 (6.5.0.4)
ftd-01 SF-IMS[18826]: [20467] sftunneld:control_services [INFO] Successfully Send Interfaces info to peer 172.16.1.240 over eth0
ftd-01 SF-IMS[18826]: [20467] sftunneld:sf_heartbeat [INFO] Saved SW VERSION from peer 172.16.1.240 (6.5.0.4)
^C
root@ftd-01:~#

From the above dump, we can see that the registration with FMCv-01 was successfully completed.

Now let's take a look at FMCv-01 again and see how the FTDv-01 looks like

Finally let's take a look at FMCv-02 again and check the FTDv-01 health status

From the above screen we can see that now FTDv-01 health status is showing with the exclamation mark on FMCv-02.

As we can see, the FTDv-01 is now showing as disabled on FMCv-02. That's because no hear beats were received from FTDv-01 since it was registered with FMCv-01.

This wraps up this post about this hypothetical scenario we have seen together.

Thank you for reading!

Posted in Blog, Firepower, FMC, FTD, Security
Tagged , , ,

About the Author: Aref Alsouqi

I work as a security technical architect with exposure to different environments and different technologies. I love exploring the new technologies and going the extra mile to understand how they work behind the scenes. My main BAU focus areas are Cisco ISE, Firepower and AnyConnect.

View all post by Aref Alsouqi

Related Posts

    • >
    Scroll To Top
    Share via
    Facebook
    Twitter
    LinkedIn
    Mix
    Email
    Print
    Copy Link
    Powered by Social Snap
    Copy link
    CopyCopied
    Powered by Social Snap