Troubleshoot Cloud-delivered Firewall Management Center Connectivity with TCP

Use the following procedure to troubleshoot connectivity between the cloud-delivered Firewall Management Center and a threat defense device with TCP port 8305.

Procedure


Step 1

Log into CDO.

Step 2

Navigate to Tools & Services in the left panel and select Firewall Management Center to open the Services page. Choose Cloud-Delivered FMC and locate the cloud-delivered Firewall Management Center's FQDN in the top righthand corner.

Step 3

Make sure the threat defense device's state in CDO is currently Onboarding. Cloud-delivered Firewall Management Center will not respond if the device is not in an onboarding state. If onboarding has failed, click Retry Onboarding.

Step 4

Log into the threat defense device with SSH.

Step 5

Enter into Expert mode with the following command:

> expert
admin@devicename:~$

Step 6

Execute a TCP handshake:

admin@devicename:~$ nc -v xxxxxx.cdo.cisco.com 8305 
Connection to xxxxxx.cdo.cisco.com 8305 port [tcp/*] succeeded! 
^C (CTRL-C to exit netcat) 
admin@devicename:~$. 

What to do next

If there is still no response from the cloud-delivered Firewall Management Center, then there is a chance that outbound port TCP 8305 may be blocked upstream from your threat defense device and that network path will need to be assured before your threat defense will be able to connect to cloud-delivered Firewall Management Center.