Verify Threat Defense Connectivity with Cloud-delivered Firewall Management Center

This section provides the commands to determine the threat defense connectivity with the cloud-delivered Firewall Management Center.

Check internet connectivity on the device

Execute the ping system <any OpenDNS server address> command to check whether the device can reach the internet.

  1. Connect to the CLI of the device, either from the console port or using SSH.

  2. Log in with the Admin username and password.

  3. Enter ping system <OpenDNS IPAddress>.

ping system 208.67.222.222
PING 208.67.222.222 (208.67.222.222) 56(84) bytes of data.
64 bytes from 208.67.222.222: icmp_seq=1 ttl=48 time=22.10 ms
64 bytes from 208.67.222.222: icmp_seq=2 ttl=48 time=22.10 ms
64 bytes from 208.67.222.222: icmp_seq=3 ttl=48 time=22.8 ms
64 bytes from 208.67.222.222: icmp_seq=4 ttl=48 time=22.6 ms
^C
--- 208.67.222.222 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 7ms
rtt min/avg/max/mdev = 22.588/22.841/22.995/0.223 ms

The above example shows that the device can connect to the internet using the OpenDNS Server IP address. Also, the number of packets transmitted is the same as received, indicating that internet connectivity is available on the device. This shows that the device can reach the internet.

Note

If your results don't match, check the internet connection manually.

Check device connectivity with Cloud-delivered Firewall Management Center

  1. Obtain the host name of the cloud-delivered Firewall Management Center.

    1. In the Security Cloud Control left pane, click Administration > Firewall Management Center.

    2. Choose Cloud-Delivered FMC to see the cloud-delivered Firewall Management Center details on the right pane.

    3. In the Hostname field, copy only the hostname shown in the following example image.

      In the above figure, the highlighted text is the hostname (Security Cloud Control-acc10.app.us.Security Cloud Control.cisco.com) of the FMC to be copied.

  2. Connect to the CLI of the device, either from the console port or using SSH.

  3. Enter ping system <hostname of the FMC>.

ping system cdo-acc10.app.us.cdo.cisco.com
PING cdo-acc10.app.us.cdo.cisco.com (54.187.125.161) 56(84) bytes of data.
^C
--- cdo-acc10.app.us.cdo.cisco.com ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 64ms

In the above example, the hostname is resolved with the IP address, indicating your connection is successful. Ignore the "100% packet loss" message shown in the response.

Note

If you can't connect to the host, you can rectify the DNS configuration in the CLI using configure network dns <address>.