Firepower FTD – No Gateway for Management Interface

0
122

I was recently working on a Firepower 5506-X that I pulled off the shelf that had had the configuration wizard ran on it already. The management interface had a configuration but had no gateway assigned to it. This was confirmed with the “show network” command. In my case for this test setup, my FMC and management vlans are not the same, so I needed that gateway for things to work. I tried reconfiguring the management port once more manually with the process:

 

> configure network ipv4 manual 192.168.1.100 255.255.254.0 192.168.1.1 
Setting IPv4 network configuration.

 
When I ran this, I received the following output:

Network config internal route setting is disabled but actual active setting is enabled. Please reconfigure network again to sync settings. at /ngfw/usr/local/sf/lib/perl/5.10.1/SF/NetworkConf.pm line 1011.
Default route settings may not be correctly synced, please reapply management interface settings.

 

I hadn’t seen this error yet and started looking it up and asking around and found the fix to be that I needed to edit a file to disable internal routing. This is in line with what the error above mentioned:

 
1. Log into the firewall via console connection and enter expert mode by simply entering “expert”
2. Edit the required file by entering the command below:

sudo vi /etc/sysconfig/network-scripts/ifcfg-internal-route

3. Once the file is opened, edit the following line by changing the number 1 to a 0:

INTERNAL_ROUTE_ENABLED=1

4. Once complete, exit expert mode and run your command again to manually configure an IP onthe management port:

> configure network ipv4 manual 192.168.1.100 255.255.254.0 192.168.1.1 
Setting IPv4 network configuration.

 

Once that command finished running (it does take a minute), I noticed that it finished successfully with no more error. I wanted to make sure I had a gateway this time, so I ran “show network” again to make sure. Here is the output I received showing the newly configured gateway:

===============[ System Information ]===============
Hostname                  : firepower
DNS Servers               : 208.67.222.222
                            208.67.220.220
Management port           : 8305
IPv4 Default route
Gateway : 192.168.1.1
======================[ br1 ]=======================
State                     : Enabled
Channels                  : Management & Events
Mode                      : Non-Autonegotiation 
MDI/MDIX                  : Auto/MDIX 
MTU                       : 1500
MAC Address               : 00:00:00:AA:AA:AA
----------------------[ IPv4 ]----------------------
Configuration             : Manual
Address                   : 192.168.1.100
Netmask                   : 255.255.255.0
Broadcast                 : 192.168.1.255
----------------------[ IPv6 ]----------------------
Configuration             : Disabled

That was the trick! Worked perfectly and I could now ping the firewall from my Firepower Management Center and add it as a new device to be managed. Hopefully this works for you as well should you have this issue. If so, leave a comment below!

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.