Configuring NTP on Firepower module

Does anyone know how I can configure NTP on a Cisco FirePower module for a ASA5500 series FW?
I did the initial setup, registered the module with my defense center, but now I need to change the NTP settings. Can't seem to figure out where to do this, and if I go through setup again, I am worried it is going to mess up my registration.

The best and recommended way to setup NTP is to make it part of the system policy in the FireSIGHT Management Center (FMC).
System > Local > System Policy. Go under Time synchronization and there in the Supported Platforms section set the NTP to be "Via NTP from Defense Center" (aka FMC). Higher up in that section, point your "Defense Center" to an authoritative NTP server or set of servers. Save policy and Exit and then deploy it.
Otherwise you have to run setup on the module again. It should pre-populate the setup questions with the current system values.

Similar Messages

  • Configuring FT on ACE Modules

    Hi,
    I am trying to configure FT on ACE modules, with the following commands
    ft interface vlan 20
      ip address 172.16.20.1 255.255.255.252
      peer ip address 172.16.20.2 255.255.255.252
      no shutdown
    ft peer 1
      heartbeat interval 300
      heartbeat count 10
      ft-interface vlan 20
    ft group 1
      peer 1
      priority 150
      associate-context Admin
      inservice
    The moment I enter the command 'ft interface vlan 20', it gives a prompt that 'interface vlan20 is not associated with ft', how do I resolve this ? Do I need to enable something ?

    Hi have the following config which seems to be working fine for me...  check your vlan20 interface is up
    ft interface vlan 212
      ip address 172.31.1.221 255.255.255.252
      peer ip address 172.31.1.222 255.255.255.252
      no shutdown
    ft peer 1
      heartbeat interval 300
      heartbeat count 20
      ft-interface vlan 212
    ft group 2
      peer 1
      priority 50
      peer priority 150
      associate-context Admin
      inservice
    HQ-ACE1/Admin# sh int
    vlan212 is up, administratively up
      Hardware type is VLAN
      MAC address is 00:23:5e:25:72:f1
      Mode : routed
      IP address is 172.31.1.221 netmask is 255.255.255.252
      FT status is standby
      Description:not set
      MTU: 1500 bytes
      Last cleared: never
      Last Changed: Tue Sep  6 12:46:06 2011
      No of transitions: 1
      Alias IP address not set
      Peer IP address is 172.31.1.222 Peer IP netmask is 255.255.255.252
      Assigned from the Supervisor, up on Supervisor
         8654909 unicast packets input, 735611030 bytes
         1151150 multicast, 161 broadcast
         0 input errors, 0 unknown, 0 ignored, 0 unicast RPF drops
         13020418 unicast packets output, 1672055521 bytes
         0 multicast, 163 broadcast
         0 output errors, 0 ignored

  • Error "Invalid or Could not find module configuration" and "Required application module HyperionPlanning.planning is not configured

    Dear
      I use version 11.2.1, try to open an application one by planning and workspace is the error below.
      "Invalid or Could not find module configuration" and "Required application module HyperionPlanning.planning is not configured"
    I checked the oracle site, but the suggested solution is not possible because using the OHS and found the file HYSLWorkers.properties.
    Solution
    On the server que hosts the Apache component:
    1. Navigate to HYPERION_HOME%% \ common \ httpServers \ Apache \ 2.0.59 \ conf
    2. Edit the file named HYSLWorkers.properties,
    3. Locate the entry starting with "worker.HP__8300.port"
    4. Set its value to the value of the Planning web application's listening port incremented by two,
    5. Save and close
    6. Restart Apache only
    Anyone have any suggestions?

    If restarting the services does not help, run the EPM configurator again and configure foundation web server again then restart services and try logging into workspace
    Cheers
    John
    http://john-goodwin.blogspot.com/

  • Install and configure Cisco Network Analysis Module NAM-2

    Hi,
    Does anyone have a step-by-step document on how to install and configure Cisco NAM-2 module ?
    Thanks in advance.
    Regards,
    Lamine

    Hi Lamine,
    The official installation guides for NAM software can be found here:
    http://www.cisco.com/en/US/products/sw/cscowork/ps5401/prod_installation_guides_list.html
    Is this what you are looking for?
    Cheers,
    Shane

  • Configuration gruide of hr module

    hi friends,
    can anybody send me thestandard configuration guide of hr module.
    pls help out
    regards,
    narmada.

    Hi Narmada,
    Pls check these out:
    http://help.sap.com/printdocu/core/Print46c/en/data/pdf/PAPA/PAPA.pdf
    http://help.sap.com/printdocu/core/Print46c/en/data/pdf/PAPD/PAPD.pdf
    http://help.sap.com/printdocu/core/Print46c/en/data/pdf/PT/PT.pdf
    http://help.sap.com/printdocu/core/Print46c/en/data/pdf/BCBMTOMOM99/BCBMTOMOM99.pdf
    Regards,
    Dilek

  • "AUTO ARCHIVE LOCATION" of the configuration of the SPM module

    Hello,
    I want to know the option of the "AUTO ARCHIVE LOCATION" of the configuration of the SPM module of the SAP GRC AC 5.3 SP9.
    This option saves the log directly in a server directory? Where does it save the log? And what does it save?
    Thank you in advance.
    Best Regards.
    Pablo Mortera.

    Hi Pablo,
      Please find my response below:
    But when we use it, does it desactivate the log file os the SPM in the Database? No, it won't. There is a setting where you can configure that while archiving delete the logs from SPM. If you turn this on then you won't see the logs until you upload the archived logs into SPM. If you keep this option off, it will keep all the logs in SPM as well.
    Can I choose a shared domain directory instead of a server directory? Yes, you can as long as it is accessible by the server.
    Cheers,
    Alpesh

  • Configuring NTP for Redhat Linux on Vmware

    Hi All,
    I've configured two nodes of Redhat linux on VMWARE.How i can configure NTP server to synchorize time on both nodes.Any help will be highly appreciated.

    run a small cron job every 6 hours to run ntpdate off the domain controller as root
    the windows domain controller is usually running a timesync daemon and it should be set to sync off a few national time sites.

  • Configuring NTP on the nexus 7010

    Hi All,
    I'm a little confused about how to configure NTP on the nexus 7010.  I have an admin VDC and four working VDCs.  I read that you can only configure NTP on the admin VDC but the commands are also available on the other VDCs.  As the admin VDC is setup as an admin VDC it doesn't allow any commands other than those used to configure the other VDCs.  If I configure 'clock protocol ntp vdc X' from the admin vdc conf t cli it doesn't appear to apply that command to the individual VDCs.  If I try that command on each of the VDCs I get an error message.  If I do a 'show ntp peer-status' I get a message stating 'the clock is not controlled by ntp' with an explanation teling me to use the 'clock protocol ntp vdc X' command however as already explained that doesn't appear to work. I'm running nxos 6.2
    Any help, documentation etc would be greatly appreciated.

    An update.
    I have now configured NTP.  The 'clock protocol ntp vdc X' command is accessed from the conf t Cli within the admin VDC. From my reading of the NXOS documentation from 6.2 you should be able to run NTP in multiple VDCs however this does not appear to be the case.  I've configured the admin VDC as the NTP master.

  • Step by Step Configuration of Sales & Distribution Module

    Hi All,
    Does anyone know of a document that explains the step by step process of configuring Sales and Distribution module?
    Any help will be greatly appreciated.
    Regards.

    Hi,
    Check these links.
    http://www.sap-basis-abap.com/sapsd.htm
    http://www.sapgenie.com/abap/tables_sd.htm
    http://help.sap.com/saphelp_46c/helpdata/en/8c/df293581dc1f79e10000009b38f889/frameset.htm
    Reward if useful.
    Thanks
    Aneesh.

  • ASA5506 and FirePower module ADSM

    Got an ASA5506 with FirePower module.  I can only access this via ASDM on the management interface.  I changed the IP so it ran on my "inside" but it can't contact the module on that IP and it takes an age to loads the ADSM without it.  Is this possible?

    The FirePOWER (sfr) module needs to use the physical management interface. The recommended and supported way to manage the combined unit is documented in the ASA 5506 Quick Start Guide.
    Short answer is they recommend the sfr management address is bound to M1/1 and part of the same subnet as the Inside address - and use the Inside interface as its gateway. 

  • Trying to enable/configure an IPS software module on ASA 5545

    I've been trying to get our IPS module working on a pair of ASA 5545-X with nothing but grief.  First we lost our license paks, then I found then and genned the license files  FALCONXXXX.LIC. Cisco told me that I have to config the CX module and use Prime Security Manager to load the *.lic files. 
    Finally get that done but the IPS module is still inactive. Okay missing IPS image on disk0: copy that on to ASA and try loading it using the 
    sw-module cmds and return error is can't load image another service is running
    So do I have to stop the CX after all this Prime Security manager stuff?  I can't use ASDM since it only wants an activation key (hex) which I don't have..
    Ideas? suggestions? 
    od  Card Type                                    Model              Serial No. 
       0 ASA 5545-X with SW, 8 GE Data, 1 GE Mgmt     ASA5545            FCH1831JCXB
     ips Unknown                                      N/A                FCH1831JCXB
    cxsc ASA CX5545 Security Appliance                ASA CX5545         FCH1831JCXB
     sfr Unknown                                      N/A                FCH1831JCXB
    Mod  MAC Address Range                 Hw Version   Fw Version   Sw Version     
       0 7c0e.ceee.d8eb to 7c0e.ceee.d8f4  1.0          2.1(9)8      9.2(2)8
     ips 7c0e.ceee.d8e9 to 7c0e.ceee.d8e9  N/A          N/A          
    cxsc 7c0e.ceee.d8e9 to 7c0e.ceee.d8e9  N/A          N/A          9.2.1.1
     sfr 7c0e.ceee.d8e9 to 7c0e.ceee.d8e9  N/A          N/A          
    Mod  SSM Application Name           Status           SSM Application Version
     ips Unknown                        No Image Present Not Applicable
    cxsc ASA CX                         Up               9.2.1.1
     sfr Unknown                        No Image Present Not Applicable
    Mod  Status             Data Plane Status     Compatibility
       0 Up Sys             Not Applicable        
     ips Unresponsive       Not Applicable        
    cxsc Up                 Up                    
     sfr Unresponsive       Not Applicable        
    Mod  License Name   License Status  Time Remaining
     ips IPS Module     Disabled        perpetual     

    The thing to keep in mind is what IPS you have purchased. There are three distinct types.
    The classic IPS uses the IPS software module. That uses a subscription that is bound to your ASA via your Smartnet support and does not require an license file once the software module is activated using an activation key.
    The CX module also has an IPS license option. That is configured from within the PRSM interface and will only be visible in PRSM - not in the "show module" output. Your output indicates the CX module is installed so if you have that IPS license type for CX (i.e. the FALCONXXXX.LIC) you need to follow the CX quick start guide and apply the license file via the PRSM GUI.
    There's also an IPS license type for the sfr (FirePOWER service module) which is installed via the separate FireSIGHT Management Center and applied to the module remotely.

  • ASA 5500X - firePOWER module

    I cannot find ANY documentation on installing the sourcefire sw-module on an ASA.  I am following the documentation for the CX module and so far I'm making progress.  I'm stuck with a username/password.  When first recovering the sourcefire image - I am able to connect to the boot partition on the sourcefire module with the user/pass of admin/Admin123 similar to the CX module however after installing the package file and reloading the module, this user/pass no longer works.  Anyone happen to know what the login is to the sourcefire module accessed via 'session sfr console'
    Thanks,
    Zach

    I have found this.  user: admin |  pass: Sourcefire.  
    I have a blog here if you're interested in some information regarding configuring the sourcefire module.
    https://supportforums.cisco.com/blog/12294976/asa-5500-x-sourcefire-firepower-configuration
    Zach

  • Accessing dynamically configured filename inside adapter module code.

    Hi,
    I am having a requirement where i have to access the filename configured using Dynamic configuration inside my receiver file adapter MODULE code.  I am having PI7.1.
    For accessing the DC filename i have inserted this piece of code inside my adapter module code:
    MessagePropertyKey MPK =new MessagePropertyKey("FileName","http://sap.com/xi/XI/System/File");
    String filename = msg.getMessageProperty(MPK);
    But when i am tesing this module i am getting: "Message processing failed. exception encrypting session key".
    This module is basically written for encryption.I am referring this blog:
    /people/daniel.graversen/blog/2006/10/05/dynamic-configuration-in-adapter-modules
    Do i  need to do something else for accessing DC filename inside my module??Please help??
    Thanks
    Amit

    Hi,
    My code is something like this:
    public ModuleData process(ModuleContext mc,
                   ModuleData inputModuleData)
                   throws ModuleException {
            Object obj = null;
             Message msg = null;
             MessageKey amk = null;
             String inpKeyLocation = (String) mc.getContextData("inpKeyLocation");
                try {
                  obj = inputModuleData.getPrincipalData();
                     msg = (Message) obj;
                  amk = new MessageKey(msg.getMessageId(),msg.getMessageDirection());
                    XMLPayload xpld = msg.getDocument();
                  MessagePropertyKey mpk = new MessagePropertyKey("FileName","http://sap.com/xi/XI/System/File");
                  String filename = msg.getMessageProperty(mpk);
                  InputStream inps = (InputStream) xpld.getInputStream();
                                        and so on ......
    My encryption method somewhere down the line will use "filename" as one of its input.
    Please help??
    Thanks
    Amit
    Edited by: AmitSri on May 25, 2010 1:43 PM

  • Having problems configuring and testing FieldPoint modules with MAX 3.0.

    I have a FP-1000 and FP-AO-200 connected together. MAX is able to find the FP-1000 and communicate with it. The FP-AO-200 POWER and READY lights are on.
    MAX does not find the FP-AO-200 when I invoke "Find Devices". I can manually define it using "Create New Device". When I attempt to test a FP-AO-200 channel using the Write function in "Items Configuration" I get the following error message: "The module or item addressed does not exist".
    I am also not able to write to any FP-AO-200 channels in LabVIEW 7.0.
    Any ideas what is wrong?

    I would check the pins on the FP-1000, between the modules for bent or pushed in pins. Then, I would make sure the AO module is seated correctly in the Terminal Base.
    If that's not it, try a different AO module and/or a different TB, to see which is the culprit. The AO module should show up when you do "Find Devices".

  • 891W: Configuring NTP for both router and embedded AP?

    Hi all.  I've configured the main router as an NTP client to an external pool of NTP servers and have also entered ntp update-calendar so the hardware clock also syncs to NTP basically, but am wondering do I also need to do any NTP commands on the embedded AP too or does the AP take time from the main router?  If so, what source? (clock, calendar, or other?). 
    Also I'm a bit new to NTP config (just figured it out an hour ago) in the IOS.  I'm wondering, after configuring it, the time is right and reflects my time zone.  How does it know?  Does the NTP server out on the Internet reognize my location by IP or something and sends me UTC offset data?  Otherwise I don't see how my router could know which time zone it is in since I've never set that. 
    Thanks! 
    Update:  Definitely the AP does not get time from the main router, as my AP's time is somewhere in 1993.  It seems the only IOS options (version 15.2) to set for time are #clock set hh:mm:ss . Then in conf t there is a couple of settings for daylight savings and time zone.  But this won't prevent clock drift so I guess I'll just need to set the AP to also talk to NTP servers out on the Internet, seperately from the main router.  I'm trying to think of the IOS firewall implications.....I thinmk I have ip address unnumbered vlan1 set for the AP wlan-ap0 interface, so I suppose any zone firewall settings that apply to the router zone self would also work for the AP.  Ugh, well I guess I'll just give it a whirl. 

    Hi all.  I've configured the main router as an NTP client to an external pool of NTP servers and have also entered ntp update-calendar so the hardware clock also syncs to NTP basically, but am wondering do I also need to do any NTP commands on the embedded AP too or does the AP take time from the main router?  If so, what source? (clock, calendar, or other?). 
    Also I'm a bit new to NTP config (just figured it out an hour ago) in the IOS.  I'm wondering, after configuring it, the time is right and reflects my time zone.  How does it know?  Does the NTP server out on the Internet reognize my location by IP or something and sends me UTC offset data?  Otherwise I don't see how my router could know which time zone it is in since I've never set that. 
    Thanks! 
    Update:  Definitely the AP does not get time from the main router, as my AP's time is somewhere in 1993.  It seems the only IOS options (version 15.2) to set for time are #clock set hh:mm:ss . Then in conf t there is a couple of settings for daylight savings and time zone.  But this won't prevent clock drift so I guess I'll just need to set the AP to also talk to NTP servers out on the Internet, seperately from the main router.  I'm trying to think of the IOS firewall implications.....I thinmk I have ip address unnumbered vlan1 set for the AP wlan-ap0 interface, so I suppose any zone firewall settings that apply to the router zone self would also work for the AP.  Ugh, well I guess I'll just give it a whirl. 

Maybe you are looking for

  • Looking for a changer of job

    Hi All, I am considering a change of job. Here is a brief of my experience. I am an engineering graduate with 5 years of experience in LabView, Data aquasition and control systems, automated test equipment. I have also executed few testing projects a

  • JPS-01050: Opening of wallet based credential store failed in 11g Disc Inst

    Dear Friends, we are in the process of installing Discoverer 11g. we had created schema's using RCU Installed weblogic with sun JDK (64 bit) Installed 11.1.1.2.0 fusion middle ware (discoverer component) Applied 11.1.1.6.0 patchset Now when we are ru

  • UTF8 characters not correctly displayed whilst having encoding set to UTF8

    Although the Encoding in Tools > Preferences > Environment is set to UTF8, SQL Developer is not able to display the UTF characters correctly. I know for sure that I have tested this before using an older version of SQL Developer and then then this wo

  • Reformat from mac to windows?

    i got a 20 gig ipod from a friend who has a mac. i have windows. i want to reformat it but son't know how. also i want to keep the music he put on the ipod. is that posible?

  • Processor speed.

    this may be kind of a silly question but, I have a KT3 Ultra MS-6380E , and on the specs, it say "Support 600MHz up to 2100+ MHz processor and higher". My first question is, how can I tell if my processor is either a standard athlon, rev A, or rev B?