![]() ![]() Now that we are aware of the different important processes running behind the scenes let’s take a look where pmtool is located and how we can use it to troubleshoot communication problems between FMC and FTD. Process that handles traffic destined to captive portal (exposes a UNIX socket which is used by snort to redirect traffic to bltd which in turn translates the source ip to .x and forwards the traffic to idhttpsd) Java Webserver that hosts Firepower Device Manager Do not touch this process or FTD will reboot! Lina stands for Linux over ASA and represents the good ol’ ASA code that still lives on in Firepower Threat Defense. Handles configuration deployment to lina and manages High Availability on FTD devices (responsible for synchronising data between peers) As for Firepower 6.7.0 (managed by FMC) Snort2 is being used which will be replaced with Snort3 soon Snort Detection Engine (NGFW portion of FTD) handling TLS Decryption, AVC, IPS, AMP, URL Filtering, Security Intelligence, etc. Processes UnifiedEvents (Connection/AMP/IPS Events) generated by snort Directly connects to directory servers defined in realm configuration for authenticating captive portal users Java Webserver that hosts FMC REST API and is required by the UI to work The new database backend which slowly but steadily replaces the old mysql database backend The old mysql database backend (which is being replaced by sybase) Monitors the mysql database that the (depcrecated) user agent inserts user:ip mappings into and creates ui.bin files that are then processed by SFDataCorrelatorĪgent that connects to Security Services Exchange for registering devices to SSE and shipping security events to the Cloudīackend for the new Health monitoring dashboard introduced with Firepower 6.7.0 Reaches out to AMP and Talos Cloud for ClamAV, URL Filtering and Security Intelligence updates Together sensor events with vulnerability data available on FMC to enrich events but also processes things like user identity mappings and a lot of data correlation related tasks.Ĭleanup of old files like url databases, user identity dumps and various cache files Processes various (event) data streams and correlates received data with other datasets. Used to push configuration and exchange state information between FMC and FTD Additionally adi is responsible for sending remediation requests to ISEĮncrypted communication tunnel between FMC and FTD. ADI polls Active Directory for user:group mappings and integrates into ISE using pxGRID to download and parse session information (which are then handed over to SFDataCorrelator). Which processes can I manage with pmtool?īefore diving into where we find pmtool and the specific syntax of managing the different firepower components let’s take a look at some important processes on both FMC and FTD Firepower Management Center Process Pmtool can be used to disable, enable, (re-)start services or just check the status of the various services PM is managing. To interact with Process Manager the CLI utiltiy pmtool is available. ![]() It takes care of starting up all components on startup and restart failed processes during runtime. Process Manager (pm) is responsible for managing and monitoring all Firepower related processes on your system. Which processes can I manage with pmtool?. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |