Troubleshoot Cloud-Delivered Firewall Management Center Connectivity with TCP

Use the following procedure to troubleshoot connectivity between the Cloud-Delivered Firewall Management Center and a Firewall Threat Defense device with TCP port 8305.

Procedure


Step 1

Log into Security Cloud Control.

Step 2

Navigate to Tools & Services in the left panel and select Firewall Management Center to open the Services page. Choose Cloud-Delivered FMC and locate the Cloud-Delivered Firewall Management Center's FQDN in the top righthand corner.

Step 3

Make sure the Firewall Threat Defense device's state in Security Cloud Control is currently Onboarding. Cloud-Delivered Firewall Management Center will not respond if the device is not in an onboarding state. If onboarding has failed, click Retry Onboarding.

Step 4

Log into the Firewall Threat Defense device with SSH.

Step 5

Enter into Expert mode with the following command:

> expert
admin@devicename:~$

Step 6

Execute a TCP handshake:

admin@devicename:~$ nc -v xxxxxx.cdo.cisco.com 8305 
Connection to xxxxxx.cdo.cisco.com 8305 port [tcp/*] succeeded! 
^C (CTRL-C to exit netcat) 
admin@devicename:~$. 

What to do next

If there is still no response from the Cloud-Delivered Firewall Management Center, then there is a chance that outbound port TCP 8305 may be blocked upstream from your Firewall Threat Defense device and that network path will need to be assured before your Firewall Threat Defense will be able to connect to Cloud-Delivered Firewall Management Center.