Symptom
Policy deployment on FTD FMC running 6.6.4 fails with snort validation error,
snort validation failed: intrusion/a04c871c-ee99-11ea-bf4e-dd13b047fcd8/SORules.conf(6) Could not stat dynamic module path "/ngfw/var/cisco/deploy/sandbox/exported-files/var/sf/detection_engines/835db088-338a-11ea-8d28-75ae93c7b7b6/so_rules/default": No such file or directory.
Conditions
FMC FTD running 6.6.4
Workaround
Proper MD5SUM value needs to be updated in "sru_md5sum.conf" file.
Further Problem Description
Error can be found on the FTD in /var/log/sf/policy_deployment.log.
Essentially what is happening is when the FMC bundles the deployment, it pulls the sru md5sum to use as a directory name, but if that value is bad on the FMC(missing or else) then that value is set to default.
Or in some cases the SRU md5sum is incorrect on the FMC and default is replaced with the incorrect UUID causing the same error. This is a different issue, but the issue is still tied to SRU installation issue.
