FMC & FTD Communication/Registration Tidbit

In this tidbit I want to cover the basics in regard to FTD & FMC registration. I also intend on covering how the two communicate with each other as this can be helpful when having registration issues.

The connection between a managed FTD and the managing Firepower FMC is an encrypted tunnel known as the sftunnel. This sftunnel uses TLS as its backend & communicates via TCP port 8305 by default. As a quick reference you can modify the port used, but the modification must be made on both sides of the house (FTD & FMC). Changing the default port on the FTD side:

> configure network management-port 8306

In FMC you can modify the management port via: System->Configuration > Management Interfaces > Shared Settings

The sftunnel establishes two tunnels, the Control & Event channel. The following list contains most of the information that is carried through the sftunnel:

  • Appliance Heartbeat (keepalives)

  • Time Synchronization (NTP)

  • Events (Connection, Intrusion/IPS, File, SSL etc)

  • Malware Lookups

  • Health Events/Alerts

  • User and Group info (for Identity Policies)

  • FTD HA state info

  • FTD Cluster state info

  • Security Intelligent (SI) info/events

  • Threat Intelligence Director (TID) info/events

  • Captured files

  • Network Discovery Events

  • Policy bundle (policy deployment)

  • Software upgrade bundles

  • Software patch bundles

  • VDBs

  • SRUs

Brief example of registering FTD with FMC:

> configure manager add cifelli

Brief example of registering FMC with FTD (Devices->Device Management->Add Device):

Registration Troubleshooting/Verification tips:

  • View sftunnel on FMC side: $ netstat -na | grep 8305

  • View sftunnel-status on FTD side: >sftunnel-status

  • Verify successful registration on FTD side: > show managers

  • Troubleshoot registration issues from FTD cli: # sudo tail -f /ngfw/var/log/messages

  • Verify config manager registration key is correct: cat /etc/sf/sftunnel.conf | grep reg_key

That wraps up this tidbit on FMC/FTD Communication & registration, Cheers!


Recent Posts

See All

In this tidbit I want to cover some high level notes on general trustsec items as well as some good-to-knows. A brief overview of what trustsec is: TrustSec provides scalable access controls by uniqu

In this tidbit I will cover some ESA nice-to-know CLI commands & their purposes: > status = view counters/gauges; counters are a total of various events in the system; gauges show current utilization