Troubleshoot FDM-Managed Device Onboarding
Connectivity
-
Check device connectivity with a ping. Try to ping FP management IP address from ASA directly. If the ICMP blocks communication from outside, you will not be able to ping FP management interface from the Internet. cUrl / wget helps to check if FP management interface is accessible on configured IP/Port.
-
Check ASA and/or ASDM software versions for compatibility. See Hardware and Software Supported by Security Cloud Control for more information.
-
Use the ASA logs to identify if Security Cloud Control traffic is blocked by the ASA. Through SSH, attempts to connect to FP HTTP management interface are logged in /var/log/httpd/httpsd_access_log.
Module Misconfiguration
-
Unsupported configuration. Security Cloud Control may not be able to support the device's configuration if the module does not meet specific requirements. See ASA prerequisites in Onboard ASA Device to Security Cloud Control for more information about configuration requirements and certificate support.
HTTP Authentication
-
Security Cloud Control issues an token-based SSO to authenticate an ASA device during the onboarding process. A token issue may be caused by attempt to onboard FP module from non-admin context in case of ASA in multi-context mode. Invalid tokens are identified as ASDM SSO logins in /var/log/mojo/mojo.log a