Created on 10-05-2016 01:44 AM Edited on 05-26-2022 09:04 AM By Anonymous
Description
Cisco IPS SDEE server uses subscription IDs to remember connections from remote SDEE clients. The concept is very similar to cookies. By default, Cisco IPS allows max 5 subscription IDs and these IDs may not be deleted by Cisco IPS if the client does not close the connection properly. This may cause the AccelOps SDEE client to get denied.
Solution Steps
1) In Accelops GUI, Test Connectivity or Discover status will indicate a subscription error.
2) Check the current subscriptions in Cisco IPS.
SSH to Cisco IPS
Run "show statistics sdee-server" - it will show Max Available Subscriptions, Open Subscriptions and the list of subscription IDs. If the Open Subscriptions is equal to Max Available Subscriptions, go to Step 3.
Run "show statistics web-server" and check the IP addresses with URI = cgi-bin/sdee-server. If the Accelops IP is not in the list, then Cisco IPS has no free subscription ID to give the Accelops.
3) Solution: free a subscription ID for AccelOps.
a. Open a browser
b. Close an active subscription by submitting the following url after substituting the IPSIPAddress and a proper subscription ID such as "sub-17-21379f11" within the <>.
https://<IPSIPAddress>/cgi-bin/sdee-server?action=close&subscriptionId=<subscriptionID>
Additional Information
Please remember that some SDEE clients, such as Cisco IME, automatically logs back - so IME will get another subscription id immediately if its subscription is deleted. So you have to stop IME first before this step.
Version Application
All
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.