OPERATIONAL DEFECT DATABASE
...
...
Take backup of FTD-HA from FMC. Restore the backup file to a FTD device. After boot, issue "configure high-availability resume" for enabling failover, then snort process on the restore device is still down. [from FTD CLI] > show failover Failover On Failover unit Primary Failover LAN Interface: FO GigabitEthernet0/4 (up) --- snip --- slot 1: snort rev (1.0) status (down) <--- THIS [from expert mode] root@firepower:~# pmtool status | grep -i Down c810308c-7ba4-11e9-a74a-fbecc485cd67-d01 (de,snort) - Down c810308c-7ba4-11e9-a74a-fbecc485cd67-d02 (de,snort) - Down
- FMC is managing FTD High Availability. - Take backup of the FTD-HA, then restore the backup file to a FTD device. - Issue "configure high-availability resume" command after the restore.
Reboot or latest deployment or force deploy will resolve this issue. Case 1: "After restoring standby FTD device in FTD HA pair" - After issuing "configure high-availability resume" and deploy latest configuration from FMC, please reboot the FTD device manually. After boot, the standby device will sync snort full configuration from active device, then this issue will be gone. Case 2: "After restoring both FTD devices (i.e. active and standby) in FTD HA pair at same time" - After issuing "configure high-availability resume" on each device, deploy latest configuration from FMC. After that, active unit may be resolved. If snort of each device are down after latest configuration deployment, please issue "force deploy" from Device Management > (FTD HA pair) > Device > (select Active Device from pull-down on the top right of the screen) > Edit General Setting, then click "force deploy" button. After force deploy, issue of active unit will be gone. - After active unit is recovered, reboot the standby unit manually. After that, the standby unit will sync snort configuration from the active unit when boot. Case 3: "After restoring standalone FTD device" - After issuing "configure high-availability resume", deploy latest configuration or issuing "force deploy" will resolve this issue.
Cisco Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.
