Symptom

Snort3 requires a restart in one particular configuration scenario. However, the UI doesn't show the traffic interruption warning.

Conditions

Firepower Threat Defense managed by Firepower Device Manager In one particular scenario Snort3 restarts. Steps to reproduce: 1. Install the device with a 6.7 image and manage locally using FDM. 2. Create an access control rule with a file policy with 'Inspect Archive set to true' and Deploy, Note Snort3 PID will not change after deployment has finished. 3. Create an SSL policy with single rule any any do not decrypt and deploy. Note that the snort 3 PID has changed 4. No deploy warnings are displayed before deployment 5. After this, adding or removing SSL policies cause snort to restart.

Workaround

No workarounds

Further Problem Description