Symptom

- Remote FTD managed via data interface cannot register to secondary FMC - FMC(s) reporting health alert "Peer Management Center has fewer devices registered"

Conditions

- FMC running in HA (primary/secondary) and managing remote deployed FTD(s) - FTD configured to be managed via data-interface - FTD deployed behind 3rd party network device that is performing dynamic NAT/PAT (ex. ISP modem)

Workaround

7.1- Workaround ================== - Configure a twice nat rule on the FTD to have Lina fix up the destination from the internal secondary FMC ip address to external mapped address. Example below: nat (any,outside) 1 source dynamic any interface destination static (Sec_FMC_internal)(Sec_FMC_mapped) 7.2+ Workaround =============== - On FTD edit the secondary FMC Host field via "show managers". Example below: > show managers Type : Manager Host : (Primary_FMC_public_address) Display name : 192.168.100.10 Version : 7.2.0 (Build 82) Identifier : b2d4b9b0-4bb5-11ed-b9b8-43396482ea21 Registration : Completed Management type : Configuration and analytics Type : Manager Host : 192.168.100.11 Display name : 192.168.100.11 Identifier : 2db87a14-4bba-11ed-94b7-db26b08faf40 <<<<<< Registration : Pending > configure manager edit 2db87a14-4bba-11ed-94b7-db26b08faf40 hostname (Sec_FMC_mapped) *** Note: We can apply the 7.1- workaround to the 7.2 version; however, the better solution is to edit the entry directly and not leverage Lina to fix the issue. ***

Further Problem Description