Symptom
FTD high availability randomly getting "strong-encryption-disable" pushed from FMC on deployment, causing dual active state with this error: "The 3DES/AES algorithms require a Encryption-3DES-AES activation key."
Conditions
- FPR4100 FTD high availability pair with IPsec enabled for high availability link
Workaround
In order to recover dual active status, reboot both FTD
Further Problem Description
Can re-create the *symptoms* via a backdoor command on the FTD, but not able re-produce the FMC pushing the wrong option for "strong-encryption-disable" down to the FTD.
