FMC & FTD Communication/Registration Tidbit

In this tidbit I want to cover the basics in regard to FTD & FMC registration. I also intend on covering how the two communicate with each other as this can be helpful when having registration issues.

The connection between a managed FTD and the managing Firepower FMC is an encrypted tunnel known as the sftunnel. This sftunnel uses TLS as its backend & communicates via TCP port 8305 by default. As a quick reference you can modify the port used, but the modification must be made on both sides of the house (FTD & FMC). Changing the default port on the FTD side:

> configure network management-port 8306

In FMC you can modify the management port via: System->Configuration > Management Interfaces > Shared Settings

The sftunnel establishes two tunnels, the Control & Event channel. The following list contains most of the information that is carried through the sftunnel:

  • Appliance Heartbeat (keepalives)

  • Time Synchronization (NTP)

  • Events (Connection, Intrusion/IPS, File, SSL etc)

  • Malware Lookups

  • Health Events/Alerts

  • User and Group info (for Identity Policies)

  • FTD HA state info

  • FTD Cluster state info

  • Security Intelligent (SI) info/events

  • Threat Intelligence Director (TID) info/events

  • Captured files

  • Network Discovery Events

  • Policy bundle (policy deployment)

  • Software upgrade bundles

  • Software patch bundles

  • VDBs

  • SRUs

Brief example of registering FTD with FMC:

> configure manager add cifelli

Brief example of registering FMC with FTD (Devices->Device Management->Add Device):

Registration Troubleshooting/Verification tips:

  • View sftunnel on FMC side: $ netstat -na | grep 8305

  • View sftunnel-status on FTD side: >sftunnel-status

  • Verify successful registration on FTD side: > show managers

  • Troubleshoot registration issues from FTD cli: # sudo tail -f /ngfw/var/log/messages

  • Verify config manager registration key is correct: cat /etc/sf/sftunnel.conf | grep reg_key

That wraps up this tidbit on FMC/FTD Communication & registration, Cheers!


Recent Posts

See All

Email Security - S/MIME Tidbit

So it has definitely been a minute since I produced a tidbit. Lately I have been investing personal time into email security. The topics that I have covered thus far are in no particular order, but

November 21 Update Tidbit

Sharing some quick personal news as well as an update with where my head is currently at. I recently invested most of my time with VPNs the last couple of months. So I finally decided to take a stab

Personal Tidbit - Oct 2021

Sharing some exciting news. I recently participated in a Cisco Championship Content competition, & actually claimed first place! Pretty excited to receive the news since I frequently spend time on Ci